[Snort-sigs] CYBERKIT [Full-Disclosure] [UPDATE] ping floods

Hugo van der Kooij hvdkooij at ...481...
Mon Aug 18 15:22:09 EDT 2003


On Mon, 18 Aug 2003, Steve Postma wrote:

> It seems it is a "good " worm to clean msblast:)

Not quite as I quote TrendMicro:

TrendLabs HQ received numerous infection reports of a new malware named
WORM_MSBLAST.D spreading in Japan, Taiwan, and Singapore. It currently has
an infection count of 20,000. A yellow alert has been called at 7:14 AM,
August 18, 2003 (US Pacific Time) to stop the spread of this malware.
                                                                                
It usually arrives as DLLHOST.EXE (~10,240 bytes) and opens port 707, for
its malicious routines. Similar to the earlier MSBLAST worm variants, this
malware also exploits the RPC DCOM Buffer Overflow, and instructs target
systems to download its copy from the affected system using the TFTP
program.

Hugo.

-- 
 All email sent to me is bound to the rules described on my homepage.
    hvdkooij at ...481...		http://hvdkooij.xs4all.nl/
	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.





More information about the Snort-sigs mailing list