[Dshield] Simultaneous MSBlaster and ??? attack?

Micheal Patterson micheal at cancercare.net
Wed Aug 13 15:15:16 GMT 2003

Does anyone have any information on any trojans that are utilizing the same
DCOM exploit yet? I've got systems that were patched via the Win2k patch
file, not via windows update, that have an apparent trojan on them. The main
systems that are noticeable is the inability to pull up properties, see
within the winnt folder and the control panel icons are all listed in a
frame on the left, Add / Remove programs is empty with the fonts mangled.
I'd seen mention of kaht2 root kit using the DCOM exploit, but it appears to
have been overshadowed by msblaster.



Micheal Patterson
TSG Network Administration

Confidentiality Notice:  This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original

More information about the list mailing list