[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] Blaster Worm Analysis
Reply-To: "monty solomon" <monty@roscom.com> From: "monty solomon" <monty@roscom.com> To: "list" <list@roscom.com> Subject: Blaster Worm Analysis Date: Tue, 12 Aug 2003 15:02:01 -0400 Blaster Worm Analysis Release Date: 8/11/2003 Severity: High Description: The Blaster worm uses a series of components to successfully infect a host. The first component is a publicly available RPC DCOM exploit that binds a system level shell to port 4444. This exploit is used to initiate a command channel between the infecting agent and the vulnerable target. Once the target is successfully compromised, the worm transmits the msblast.exe executable (the main body of the worm) via TFTP to infect the host. The payload used in the public DCOM exploit, as well as the TFTP functionality, are both encapsulated within msblast.exe. http://www.eeye.com/html/Research/Advisories/AL20030811.html
------------------------------------- To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC