[Dshield] MSblast Version A B and C...
Johannes B. Ullrich
jullrich at sans.org
Thu Aug 14 23:27:34 GMT 2003
This message was converted from multipart/signed to ascii armored
-----BEGIN PGP SIGNED MESSAGE-----
I just posted Chris's very detailed analysis to the
handlers diary. See the link at
On Thu, 2003-08-14 at 16:33, Bakota Peter wrote:
> Can you send me a copy of your analysis of version A.?
> ----- Original Message -----
> From: "Chris Ream" <chrisr at stopthemcold.com>
> To: "'General DShield Discussion List'" <list at dshield.org>
> Sent: Thursday, August 14, 2003 6:18 PM
> Subject: [Dshield] MSblast Version A B and C...
> > Ok, this is a strange request but I have just trapped a new version of
> > msblast in the wild. Looks like a version D! I will be testing this new
> > strain but I have a suspicion that there are others out there as well.
> > This one loaded as msblast.exe but it didn't have the same md5 checksum
> > and appears to install a backdoor on port 31337 (stupid).
> > I am making a group request to send me any and all versions you have. I
> > will provide a web-site for anyone interested in this to download them
> > from. Even if you think I already have a copy of the one you have please
> > send it anyway. I want to be sure.
> > By the way, I also have the completed analysis of version A in pdf
> > format if anyone wants a copy.
> > Take care,
> > Chris.
> > Please send all virus'/worms to chrisr at stopthemcold.com (weird request
> > huh?)
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or unsubscribe), see:
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
SANS - Internet Storm Center
PGP Key: http://isc.sans.org/jullrich.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the list