[Full-disclosure] MS DNS worm
ad at heapoverflow.com
ad at heapoverflow.com
Wed Apr 18 14:28:10 BST 2007
http://www.sophos.com/security/analyses/w32delbotak.html
http://www.sophos.com/security/analyses/w32delbotaj.html
http://www.sophos.com/security/analyses/w32delbotai.html
" W32/Delbot-AK is a worm with backdoor functionality for the Windows
platform.
W32/Delbot-AK spreads to other network computers by:
- Scanning network shares for weak passwords
- Exploiting common buffer overflow vulnerabilities
- Symantec (SYM06-010)
- Microsoft Security Advisory (935964): Vulnerability in RPC on Windows
DNS Server Could Allow Remote Code Execution."
Geo. wrote:
> So far this morning we seen 4 customers infected with what appears to be an
> MS DNS RPC based worm.
>
> Anyone seen any news on this yet?
>
> Geo.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> .
>
>
Full-Disclosure is hosted and sponsored by Secunia.