[Dshieldannounce] port 135 / RPC DCOM update]
Johannes B. Ullrich
jullrich at sans.org
Sun Aug 3 15:16:16 UTC 2003
Just a quick update on port 135 data. We do see
a good increase in number of scans and number
of targets scanned, but not much of an increase
when it comes to number of sources that do the
scanning. So far, this suggests that there is no
active worm at this point, but that tools are
defined further to scan faster/more efficiently.
One auto rooter / IRC bot has been captured. This
is an existing set of backdoors enriched by the
capability to attack via the RPC DCOM vulnerability.
--
SANS - Internet Storm Center
http://isc.sans.org
PGP Key: http://isc.sans.org/jullrich.txt
More information about the Dshieldannounce
mailing list