Johannes B. Ullrich
jullrich at sans.org
Sat Aug 16 22:05:33 GMT 2003
This message was converted from multipart/signed to ascii armored
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, 2003-08-16 at 17:40, Pagarb at aol.com wrote:
> this might be premature, but a system I was working that had msblaster on it
Finding 'blaster' on a system indicates that it had a vulnerable version
of RPC DCOM installed. As a result, any of the auto-rooters in
cirulcation could have infected it. No telling what's on your system.
But I strongly recommend a complete rebuild. If authorities are
interested, you may want to secure the system as evidence.
This makes a point I did bring up a couple of times during the last
If at all possible, rebuild infected systems from scratch after making a
backup. Your system was vulnerable to at least half a dozen of auto
rooters, irc bots and what else you would like to call them.
SANS - Internet Storm Center
PGP Key: http://isc.sans.org/jullrich.txt
-------BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
HuRPjjgWhHrZoQJvUUX/nyk-----END PGP SIGNATURE-----
More information about the list