Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

FW: What the heck is this msblast.exe

  • From: Drew Weaver
  • Date: Tue Aug 12 09:50:06 2003



The real injustice is the 15k program someone sent to sec-focus that you
type in an IP address and it returns a command prompt on the target machine
(eek).

-Drew


-----Original Message-----
From: Rod Trent [mailto:rodtrent@yahoo.com] 
Sent: Monday, August 11, 2003 6:45 PM
To: Lee_Fisher@NAI.com; morris_minchu@iwon.com; focus-ms@securityfocus.com
Subject: RE: What the heck is this msblast.exe

Medium????  That's an irresponsible rating, considering that both MS and the
Department of Homeland Security have listed the vulnerability as critical. 

-----Original Message-----
From: Lee_Fisher@NAI.com [mailto:Lee_Fisher@NAI.com] 
Sent: Monday, August 11, 2003 6:27 PM
To: morris_minchu@iwon.com; focus-ms@securityfocus.com
Subject: RE: What the heck is this msblast.exe

>From your description I would imagine it to be the Blaster ( We called it
W32/Lovsan.worm )

Many posts on forums - We list it as a Medium On Watch alert - other AV orgs
have a similar classification.

http://vil.nai.com/vil/content/v_100547.htm

Lee Fisher
Solutions Architect
McAfee Product Management

-----Original Message-----
From: Minchu Mo
To: focus-ms@securityfocus.com
Sent: 11/08/03 15:00
Subject: What the heck is this msblast.exe



The code resides in c:\winnt\system32.



It somehow change my registry and pretend to be Window autoupdate in 

\Localsystem\software\microsoft\window\run, so it can run when I boot the 

machine.  Now it sending out packet to random(?)IP 's endpoint port

------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web application
security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---



---------------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web application
security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------


---------------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web application 
attacks - the most common form of online exploitation- resulting in Web 
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web 
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.