[prev in list] [next in list] [prev in thread] [next in thread]
List: nfr-users
Subject: [nfr-users] MSRPC DCOM Worm Advisory from NFR RRT - Instructions for NFR users
From: "Mike Barkett" <mbarkett () nfr ! com>
Date: 2003-08-11 20:46:19
[Download RAW message or body]
NFR Security's Rapid Response Team has become aware of a new worm
exploiting the MSRPC DCOM hole.
This new DCOM worm scans random IP addresses for possible vulnerable
servers, and attempts to infect targets over port 135. It then attempts
to use TFTP to retrieve a copy of the worm to install on the compromised
system.
The RRT is still in the preliminary stages of analyzing this worm, but
there is evidence of increased network activity on port 135 since this
morning. Consequently, we are recommending that ALL NFR USERS should
take the following actions to detect/prevent outbreaks on their networks:
- Ensure that they have the latest version (version 4) of the MSRPC
package from the NFR package server.
- Add the following string :
"msblast.exe"
to the badfiles/BADFILES_FILES variables.
If the badfiles package is either not installed or not available, the
administrator can also add the string above to the tftp/filestowatch
variable.
As we complete our analysis of the worm and how it spreads we will provide
a future update along with any package updates, if necessary.
_______________________________________________
nfr-users mailing list
nfr-users@nfr.com
http://list.nfr.com/mailman/listinfo/nfr-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic