WCM Forum - Einzelnen Beitrag anzeigen

WA5 · 11.08.2003, 23:38

W32/Lovsan.worm Low 8/11/2003

Virus Characteristics

When run, it scans a random IP range to look for vulnerable systems on TCP port 135. The worm attempts to exploit the DCOM RPC vulnerability on the found systems to create a remote shell on TCP port 4444, and then pass a TFTP command to download the worm to the %WinDir%\system32 directory and execute it.

Once run, the worm creates the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\
Run "windows auto update" = msblast.exe I just want to say LOVE YOU SAN!! bill
More information will be posted when it is available.

LÖSUNG:

http://www.microsoft.com/technet/tre...n/MS03-026.asp

11.08.2003, 23:38	#14
WA5 Veteran Registriert seit: 09.10.2000 Beiträge: 442	W32/Lovsan.worm Low 8/11/2003 Virus Characteristics When run, it scans a random IP range to look for vulnerable systems on TCP port 135. The worm attempts to exploit the DCOM RPC vulnerability on the found systems to create a remote shell on TCP port 4444, and then pass a TFTP command to download the worm to the %WinDir%\system32 directory and execute it. Once run, the worm creates the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ Run "windows auto update" = msblast.exe I just want to say LOVE YOU SAN!! bill More information will be posted when it is available. LÖSUNG: http://www.microsoft.com/technet/tre...n/MS03-026.asp