04.16.07

RPC DNS Worm

Posted in IT, Security at 9:50 pm by Tyler Reguly

Yesterday I questioned if we'd see a worm related to the RPC DNS Vuln...

Both McAfee (additional info) and ISC are reporting that we are.

According to the ISC the worm is only scanning port 1025... I question whether this was the displayed behavior or the worm is actually hard coded only to look at this port... It seems like poor design if it's only looking at port 1025.

If anyone has a sample of the worm, please let me know because I'd love to get ahold of it.

Permalink

.:Computer Defense:.

04.16.07

RPC DNS Worm

Pages

Feedburner

Archives

Categories

Search

Meta