[Dshield] Trojan that exploits MS05-031

Lauro, John jlauro at umflint.edu
Mon Oct 17 23:00:33 GMT 2005

It's about the same as blocking ports on the firewall.  It only delays
an enterprise outbreak if you don't get all of the individual machines

So if one person in the entrise has their 2000 laptop infected and
brings it into the corporate net...  Presto -- the worm gains NTLM
authentication to all other desktops that allow all domain users

So, it need not be a two pronged attack, just simply a try again

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Chris Wright

> They say it effects XP SP2, W2003, W2003 SP1, and then go on 
> to say it requires the remote user to have valid login 
> credentials.  So unless it's a two pronged attack, or issues 
> some sort of "Before this malware can be deemed dangerous, 
> please create the following account and then run me again"
> message.
> I do so hate it when they do that... 

More information about the list mailing list