Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


RE: Secure.dcom.exe
.

  • To: <[EMAIL PROTECTED]>
  • Subject: RE: Secure.dcom.exe
  • From: "Lee Evans" <[EMAIL PROTECTED]>
  • Date: Thu, 7 Aug 2003 00:38:28 +0100
  • In-reply-to: <[EMAIL PROTECTED]>
.
 
Hi,

Thanks to all who have replied - I wasn't aware ethereal was available
as a win32 build - that will do perfectly.

Regards
Lee
-- 
Lee Evans

> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
> Sent: 07 August 2003 00:34
> To: Lee Evans
> Subject: Re: Secure.dcom.exe
> 
> 
> Hi Lee,
> 
> this one is great and its free...
> 
> http://www.ethereal.com/
> 
> Let us know what you find... im interested.
> 
> Rocky
> 
> 
>                                                               
>                                                           
>                       "Lee Evans"                             
>                                                           
>                       <[EMAIL PROTECTED]        To:       
> <[EMAIL PROTECTED]>                                  
>                       >                        cc:            
>                                                           
>                                                Subject:  
> Secure.dcom.exe                                                
>                       08/06/2003 03:50                        
>                                                           
>                       AM                                      
>                                                           
>                                                               
>                                                           
>                                                               
>                                                           
> 
> 
> 
> 
> Hi All,
> 
> I have found an executable called secure.dcom.exe when 
> looking around a customers server. They hadnt patched the 
> server above SP4 and I assume it has been exploited using the 
> RPC DCOM vulnerability. A serv-u ftp server has been 
> installed, but im still looking into it to see if I can spot 
> anything else. Netstat shows a bunch of outgoing connections 
> to 6667 - irc.homelien.no. Unfortunately there are no IDS or 
> other systems on this network segment I can use, so im 
> looking for someway to capture this traffic and hopefully 
> track down some more details on the irc traffic - if anyone 
> can recommend a good (preferably free) traffic sniffer I can 
> quickly install on the host locally (win2k sp4) to decode the 
> IRC traffic I would be grateful.
> 
> The exe is available from 
> http://www.leeevans.org/secure.dcom.exe - if > anyone wants a 
> look. I'd be interested to know more about it, if anyone has 
> come across it before or can find out.
> 
> Regards
> Lee
> --
> Lee Evans
> 
> 
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------
> 
> 
> 
> 
> 
> 
> 
> 


---------------------------------------------------------------------------
----------------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.