[Dshield] msblaster

John D. lists at webcrunchers.com
Sun Aug 17 21:16:37 GMT 2003


>This message was converted from multipart/signed to ascii armored
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Content-Type: text/plain
>Content-Transfer-Encoding: quoted-printable
>
>On Sat, 2003-08-16 at 17:40, Pagarb at aol.com wrote:
>> this might be premature, but a system I was working that had msblaster on it
>
>Finding 'blaster' on a system indicates that it had a vulnerable version
>of RPC DCOM installed. As a result, any of the auto-rooters in
>cirulcation could have infected it. No telling what's on your system.
>But I strongly recommend a complete rebuild. If authorities are
>interested, you may want to secure the system as evidence.

I supposed the best thing to do,  is the "freeze" the hard drive on the 
infected machine,  clone it,  and send it to the authorities.

Only problem with that idea is that not everyone can afford to go through hard drives.  Especially when so many are unemployed.

John





More information about the list mailing list