[Dshield] Win32.Poza.A Mutant

Johannes B. Ullrich jullrich at sans.org
Tue Aug 19 11:07:02 GMT 2003


> What they have just found is a copy of DrWatson in the
> MyDocuments/AllUsers/Apps... which appears to be a copy of mblaster.exe

I don't remember this behavior. However, consider that it may
have been some other attack against the machine prior to Blaster. Maybe
one of the auto-rooters that was circulating before Blaster?

-- 
SANS - Internet Storm Center
http://isc.sans.org
PGP Key: http://isc.sans.org/jullrich.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20030819/1cad7c3e/attachment.bin


More information about the list mailing list