The real injustice is the 15k program someone sent to sec-focus that you type in an IP address and it returns a command prompt on the target machine (eek). -Drew -----Original Message----- From: Rod Trent [mailto:rodtrent@yahoo.com] Sent: Monday, August 11, 2003 6:45 PM To: Lee_Fisher@NAI.com; morris_minchu@iwon.com; focus-ms@securityfocus.com Subject: RE: What the heck is this msblast.exe Medium???? That's an irresponsible rating, considering that both MS and the Department of Homeland Security have listed the vulnerability as critical. -----Original Message----- From: Lee_Fisher@NAI.com [mailto:Lee_Fisher@NAI.com] Sent: Monday, August 11, 2003 6:27 PM To: morris_minchu@iwon.com; focus-ms@securityfocus.com Subject: RE: What the heck is this msblast.exe
From your description I would imagine it to be the Blaster ( We called it W32/Lovsan.worm )
Many posts on forums - We list it as a Medium On Watch alert - other AV orgs have a similar classification. http://vil.nai.com/vil/content/v_100547.htm Lee Fisher Solutions Architect McAfee Product Management -----Original Message----- From: Minchu Mo To: focus-ms@securityfocus.com Sent: 11/08/03 15:00 Subject: What the heck is this msblast.exe The code resides in c:\winnt\system32. It somehow change my registry and pretend to be Window autoupdate in \Localsystem\software\microsoft\window\run, so it can run when I boot the machine. Now it sending out packet to random(?)IP 's endpoint port ------------------------------------------------------------------------ --- Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products. Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products. Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms --------------------------------------------------------------------------- --------------------------------------------------------------------------- Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products. Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms ---------------------------------------------------------------------------
participants (1)
-
Drew Weaver