The worm has many differing names: MSBLAST (Trend),
BLASTER (Symantec), LOVSAN (McAfee).
When the worm is executed, it scans a random IP range to
look for vulnerable systems on TCP port 135. The worm
attempts to exploit the DCOM RPC vulnerability on the
found systems to create a remote shell on TCP port 4444,
and then pass a TFTP command to download the worm to the %
WinDir%\system32 directory and execute it. The worm
then creates the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\
Run "windows auto update" = msblast.exe I just want to
say LOVE YOU SAN!! bill
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
