praxis22 opened this issue on Aug 12, 2003 ยท 81 posts
judith posted Tue, 12 August 2003 at 9:41 AM
Attached Link: http://msnbc-cnet.com.com/2100-1002_3-5062477.html?part=msnbc-cnet&tag=alert&form=feed&subj=cnetnew
From C-Net news: "The worm attacks Windows computers via a flaw in a component of the operating system that allows other computers to ask Windows systems to perform an action or service. Microsoft warned about the flaw July 16. The component, known as the remote procedure call (RPC) process, facilitates activities such as sharing files and allowing others to use a computer's printer. By sending too much data to the RPC process, an attacker can cause the system to grant full access to its resources. MSBlast installs the TFTP server and runs the program to download the MSBlast code to the compromised server. But the way the worm causes a compromised computer to download the file is very inefficient, Maiffret said. Moreover, although MSBlast can detect whether a machine is already infected, it has to compromise the machine again before it can check. Starting with a random Internet address, the worm sequentially scans for computers with the vulnerability. Because the scanning process is not completely random, the worm will likely cause a lot of excess traffic on the network. It also adds a registry key to ensure that the worm is restarted when the host computer is rebooted."What we do in life, echoes in eternity.
E-mail
| Renderosity
Homepage | Renderosity
Store | RDNA
Store