Hi All,
Does anyone did a research or know how this malware made the HTTP request
with the WebDav of MicroSoft?
Anyone know a web site talking about that?
Additionally, it also uses a WebDAV exploit in order to propagate to
vulnerable systems. For detailed information about the said exploit, please
refer to the following Microsoft Web page:
Microsoft Bulletin MS03-007
Using these exploits, it sends a shell code to a vulnerable system, which in
turn will execute a remote shell on the target system. The remote shell
connects to a random selected port between port 666 to port 765 of the
infected host where it receives commands to download the worm copy via TFTP.
Thanks for your help
Kowts.
|
Similar Threads
