Symantec has done a pretty good job: <-Clip-> Symantec has been tracking its activity and is currently conducting analysis/full disassembly of the malicious code, which has been named "Blaster". The results of our analysis are being made available to the public at the following location: https://tms.symantec.com/members/AnalystReports/030811-Alert-DCOMworm.pdf It is expected that this report will be updated frequently as more information is discovered. Readers are advised to download/refresh it throughout the day to ensure that any new information is not missed. David Mirza Ahmad Symantec <end-clip-> David Pavone Senior IT Systems Analyst - Infrastructure Services Group david.pavoneat_private 1-401-789-5735 Ext. 2036 APC - American Power Conversion |---------+---------------------------> | | "Sekurity | | | Wizard" | | | <s.wizard@bounda| | | riez.com> | | | | | | 08/11/2003 11:27| | | PM | | | | |---------+---------------------------> >-------------------------------------------------------------------------------------------------------------------------------| | | | To: <incidentsat_private> | | cc: | | Subject: RE: msblast.exe available | >-------------------------------------------------------------------------------------------------------------------------------| Has anyone dis-assembled this puppy yet, to get a good idea of what the heck it does, exactly? I'm working on it and would like to collaborate with anyone? ./Wiz -----Original Message----- From: Chris McNab [mailto:chris.mcnabat_private] Sent: Monday, August 11, 2003 6:47 PM To: bugtraqat_private Cc: incidentsat_private Subject: msblast.exe available Hi, This is publicly available for analysis from: www.trustmatta.com/downloads/msblast.exe Regards, Chris Chris McNab Technical Director Matta Consulting 18 Noel Street London W1F 8GN 08700 77 11 00 www.trustmatta.com ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 16:50:16 PDT