[unisog] Apparent spread of LSASS exploitation

Phillip G Deneault deneault at WPI.EDU
Wed Apr 28 16:59:54 GMT 2004


This is the exploit, not the virus binary.  It probably works just as good 
though. :-)

Phil

On Wed, 28 Apr 2004, Edward W. Ray wrote:

> Here is a copy. 
> 
> -----Original Message-----
> From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
> On Behalf Of Jason Alexander
> Sent: Wednesday, April 28, 2004 8:37 AM
> To: UNIversity System Operators Group Mailing list
> Subject: Re: [unisog] Apparent spread of LSASS exploitation
> 
> Has anyone managed to capture a copy of this variant.  I haven't seen much
> in the way of talk on any other lists about this variant.
> 
> Thanks
> Jason Alexander
> 
> Phil Rodrigues wrote:
> > Hi all,
> > 
> > The Internet Storm Center posted that some .edu's have seen what 
> > appears to be a mass exploitation of their systems with a variant of 
> > the PolyBot worm that uses the LSASS exploit:
> > 
> > http://isc.incidents.org/diary.php?date=2004-04-27
> > 
> 
> 
> ---------
> Jason Alexander
> Sr. Security Analyst
> The University of Iowa
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Phil Deneault     "We work in the dark, We do what we can,
deneault at wpi.edu   We give what we have. Our doubt is our passion,
WPI NetOps         and our passion is our task. The rest is the
InfoSec            madness of art." - Henry James
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-






More information about the unisog mailing list