[Dshield] Simultaneous MSBlaster and ??? attack?
jstewart at lurhq.com
Wed Aug 13 17:13:32 GMT 2003
On Wednesday 13 August 2003 11:53 am, Craig Shaw wrote:
> Not sure if this is your particular problem, but TrendMicro had this
> It started peaking around noon yesterday and tapered off quickly.
It's not really a worm; it is a IRC controlled DDoS zombie with the
capability to infect other systems when given the command to do so
by its controller.
It is based off of the Spybot code but instead of infecting via Kuang2
or Subseven it now uses the RPC exploit. This version also uses
dll injection, which makes it more difficult to find and clean from
This is only one of many trojans we have seen being spread via the
RPC exploit. Up until the worm started, it has been a field day for the
Joe Stewart, GCIH
Senior Security Researcher
More information about the list