RE: msblast.exe available

From: David.Pavoneat_private
Date: Tue Aug 12 2003 - 02:00:40 PDT

Next message: Michel Angelo da Silva Pereira: "Connections on ports 2023/tcp and 1803/tcp"

Previous message: Jordan Wiens: "RE: MSBLASTER Infecting despite 03-026 patch?"
Maybe in reply to: Chris McNab: "msblast.exe available"
Next in thread: Jamie Pratt: "Re: msblast.exe available"
Reply: Jamie Pratt: "Re: msblast.exe available"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Symantec has done a pretty good job:

<-Clip->
Symantec has been tracking its activity and is
currently conducting analysis/full disassembly of the malicious code,
which has been named "Blaster".  The results of our analysis are
being made available to the public at the following location:

https://tms.symantec.com/members/AnalystReports/030811-Alert-DCOMworm.pdf

It is expected that this report will be updated frequently as more
information is discovered.  Readers are advised to download/refresh
it throughout the day to ensure that any new information is not missed.

David Mirza Ahmad
Symantec

<end-clip->

David Pavone
Senior IT Systems Analyst - Infrastructure Services Group
david.pavoneat_private
1-401-789-5735 Ext. 2036
APC - American Power Conversion



|---------+--------------------------->
|         |           "Sekurity       |
|         |           Wizard"         |
|         |           <s.wizard@bounda|
|         |           riez.com>       |
|         |                           |
|         |           08/11/2003 11:27|
|         |           PM              |
|         |                           |
|---------+--------------------------->
  >-------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                               |
  |        To:      <incidentsat_private>                                                                                 |
  |        cc:                                                                                                                    |
  |        Subject: RE: msblast.exe available                                                                                     |
  >-------------------------------------------------------------------------------------------------------------------------------|





Has anyone dis-assembled this puppy yet, to get a good idea of what the
heck it does, exactly?  I'm working on it and would like to collaborate
with anyone?

./Wiz

-----Original Message-----
From: Chris McNab [mailto:chris.mcnabat_private]
Sent: Monday, August 11, 2003 6:47 PM
To: bugtraqat_private
Cc: incidentsat_private
Subject: msblast.exe available


Hi,

This is publicly available for analysis from:

www.trustmatta.com/downloads/msblast.exe

Regards,

Chris

Chris McNab
Technical Director

Matta Consulting
18 Noel Street
London W1F 8GN

08700 77 11 00

www.trustmatta.com


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------








---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Michel Angelo da Silva Pereira: "Connections on ports 2023/tcp and 1803/tcp"
Previous message: Jordan Wiens: "RE: MSBLASTER Infecting despite 03-026 patch?"
Maybe in reply to: Chris McNab: "msblast.exe available"
Next in thread: Jamie Pratt: "Re: msblast.exe available"
Reply: Jamie Pratt: "Re: msblast.exe available"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 16:50:16 PDT