On Tue, Aug 12, 2003 at 04:51:36PM -0400, Andre Cameron wrote: > I see some posts about W32/lovesan.worm on here but no difinative > answer. I just grabbed the latest plugins and installed them but I am > not sure if it contains a scann for that... If it is not public yet > does any one have a plugin I can use to scan for that exploit on ports > 135 and 4444?
There is a Nessus plugin which will look for the registry entry left by the worm. You'd have found that out if you had bothered reading http://www.nessus.org/scripts.php. Apart from that, there's not much which can be done, unfortunately. Run msrpc_dcom.nasl against your network and apply the patch described in MS03-026. -- Renaud
