Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
New Windows DCOM Worm - msblast.exe (fwd)
From: Dave Ahmad (dasecurityfocus.com)
Date: Mon Aug 11 2003 - 15:49:37 CDT
David Mirza Ahmad
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
The battle for the past is for the future.
We must be the winners of the memory war.
---------- Forwarded message ----------
Received: (qmail 4314 invoked from network); 11 Aug 2003 20:47:49 -0000
Received: from unknown (HELO mail.mightyoaks.com) (126.96.36.199)
by mail.securityfocus.com with SMTP; 11 Aug 2003 20:47:49 -0000
Received: from stork.mightyoaks ([192.168.20.9] unverified) by
mail.mightyoaks.com with Microsoft SMTPSVC(5.0.2195.6713);
Mon, 11 Aug 2003 13:55:33 -0700
Received: by stork.mightyoaks.local with Internet Mail Service (5.5.2656.59)
id <P9FJXTGS>; Mon, 11 Aug 2003 13:55:32 -0700
From: David Vincent <david.vincentmightyoaks.com>
To: 'Dave Ahmad' <dasecurityfocus.com>
Subject: New Windows DCOM Worm - msblast.exe
Date: Mon, 11 Aug 2003 13:55:31 -0700
X-Mailer: Internet Mail Service (5.5.2656.59)
X-OriginalArrivalTime: 11 Aug 2003 20:55:33.0058 (UTC)
dave, can you send this on to the list? my cross-posting ways have left me
wondering which list you're wanting more details for.
i've just got a copy of this Windows DCOM Worm from a nice fellow on another
it matches the MD5 at http://isc.sans.org/diary.html?date=2003-08-11 of
5ae700c1dffb00cef492844a4db6cd69. that's the EXE's MD5, not the unpacked
EXE version or the MD5 of the ZIP i received it in. i have not launched it
yet, but i did note it made its way past three layers of virus protection
without being detected.
yes, we do use the same AV for all parts of our network, but that's 'cause
we're a small company with limited resources. so don't bitch at me about
we've got NAV Corporate 8.00.0.9374 with scan engine 188.8.131.52 and
definitions of 06/08/2003 rev. 4 (the most current at this time) and it is
David Vincent CNA/MCSE
MIGHTY OAKS WIRELESS SOLUTIONS INC.
209-3347 Oak Street
Victoria, B.C. Canada V8X 1R2
Phone: 250.386.9398 Fax: 250.386.9399
Pager: 250.380.4575 Cell: 250.884.3000