So you are saying that the infected target also scans other computers for the dcom vulnerability? if so then it would be considered a worm.
--- Stephen <[EMAIL PROTECTED]> wrote: > > Hello here, > > a new worm is on the wild, it uses the exploit > released by k-otik (48 targets - > http://www.k-otik.com/exploits/07.30.dcom48.c.php) > > look this shit : > > /* RPC DCOM WORM v 2.2 - > * This code is in relation to a specific DDOS IRCD > botnet project. > * You may edit the code, and define which ftp to > login > * and which .exeutable file to recieve and run. > * I use spybot, very convienent > * - > * So basicly script kids and brazilian children, > this > is useless to you > * > > So PATCH PATCH PATCH and block the ports 135 - 139 > -445 - 593 > > Regards. > > Stephen - Germany __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html