[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-virus
Subject:    RE: Opaserv Pains
From:       Roger Thompson <rogert () mindspring ! com>
Date:       2002-10-29 16:31:54
[Download RAW message or body]

At 07:55 PM 10/28/2002 -0800, Martin wrote:
> From Trend
>
>Open the Registry Editor. To do this, click Start>Run, type REGEDIT, then
>hit the Enter key.

Uhhhh... the point is that the Run line has _three_ references to Opaserv 
variants in it. Simply removing the references with Regedit won't help 
unless the hole that is allowing the modification is closed. There will be 
twenty more within another month.

Hence Nick's advice.

<snip>

>From: Nick FitzGerald [mailto:nick@virus-l.demon.co.uk]

<snip>

>You also installed/updated the AV s/w on the targeted machine, right?

<snip>

>What you missed/forgot was that Opaserv exploits a _very old_
>vulnerability in share-level password checking on Win 9x/ME machines.
>
>Go look up MS00-072 and cry...

Roger


Regards

Roger Thompson
Technical Director of Malicious Code Research
TruSecure Corporation
www.trusecure.com
www.wormwatch.org

[prev in list] [next in list] [prev in thread] [next in thread]