[unisog] Blaster DDOS potential

Marty Hoag Marty.Hoag at ndsu.nodak.edu
Thu Aug 14 17:04:56 GMT 2003


Tracey Losco wrote:
> Hey there,
> 
> Does anyone have the actual code where we can see the call for the 
> DDoS?  I haven't been able to get my hands on a copy of the program so 
> that I could run strings against it...
> 
> Thanks in advance,

    I saw the strings output someplace...  Isn't the
exploint on port 80 on the 16th and after (against
windowsupdate.com)?  Others may have more technical
sources but InternetStormCenter has had links to

http://isc.sans.org/diary.html?date=2003-08-14
(that has link to more detailed earlier analysis)

http://www.microsoft.com/security/incident/blast.asp

and someone on the EDUCAUSE Security list pointed to

http://tms.symantec.com/
with a link to their analysis (at Version 9 right now) at
https://tms.symantec.com/members/AnalystReports/030811-Alert-DCOMworm.pdf

    Marty



More information about the unisog mailing list