HEADS UP *Exploit-DcomRpc* Trojan
Results 1 to 10 of 10

Thread: HEADS UP *Exploit-DcomRpc* Trojan

  1. #1
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840

    HEADS UP *Exploit-DcomRpc* Trojan

    Trojan Name Risk Assessment
    Exploit-DcomRpc Corporate User : Low
    Home User : Low



    Trojan Information
    Discovery Date: 07/29/2003
    Origin: Unknown
    Length: Varies
    Type: Trojan
    SubType: Exploit
    Minimum DAT:
    Release Date: 4281
    07/30/2003
    Minimum Engine: 4.1.60
    Description Added: 07/29/2003
    Description Modified: 07/29/2003 4:09 PM (PT)

    Trojan Characteristics:
    This detection covers an exploit tool that makes use of the RPC Interface Buffer Overflow (7.17.03) vulnerability.
    This exploit tool, creates a remote shell to provide access to a compromised system.

    This tool is run on a Windows NT based system, to attack a Win2K/XP system.
    Top of Page

    Symptoms
    N/A This is an attack tool, to exploit vulnerable remote systems.
    Top of Page

    Method Of Infection
    N/A
    Top of Page

    Removal Instructions
    All Users:
    Use current engine and DAT files for detection. Delete any file which contains this detection.
    Additional Windows ME/XP removal considerations

    *FROM http://vil.nai.com/vil/content/v_100516.htm*

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    This has been discussed in great detail already.

    http://www.antionline.com/showthread...hlight=ms03026

    I usually search the forums before posting. You may want to do the same.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    if the trojan was discovered on the 29th, how can u possibly discuss about it on the 17th?Also, some of you in the link that you provided me, called it a worm; which is not. The name in that post is different too. Please read the post carefully next time. I'm sure there's more than just 1 RPC exploit.

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Cybr1d old chap...... I hate to pi$$ on your fireworks but I have to say that telling Hoss to "read the post carefully next time" is a little silly when you asked how could you discuss something on the 17th that wasn't discovered until the 29th when in your initial post you "cut and pasted"

    This detection covers an exploit tool that makes use of the RPC Interface Buffer Overflow (7.17.03)
    I guess you should have read your post before you posted it..... But it's a wonderful example of why I inhabit this place.......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    I cut and pasted that from http://vil.nai.com/vil/content/v_100516.htm. I suppose they copied it from our old post

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Couldn't have said it better myself Tiger Shark. I was trying to be nice by simply posting a response but now that I see that the poster has responded in this way, I think I will remind him what can happen when you post in ignorance and then try to justify the ignorance.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    I would suggest that most AO posters are subscribed to AV bulletin/alert services....you have nothing to add to it...so why bother posting it?

    cheers

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Ok chaps..... Time to call the dogs off...... He showed a nice sense of humor there......

    Cybr1d: Nice repsonse...... You'll do well here.......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    cool wid me ...lol didnt mean to be mean to anybody...wish we could post our mood lol...

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    Cybr1d:

    Page Not Found
    The page you are looking for is temporarily unavailable or no longer exists.

    i guess they say the error of their ways. a trojan is a piece of software on a victems computer that opens a back door. this is a remote exploit.

    BTW the code that Xfocus released, out of the box will only cause svchost.exe to crash. So someone without any programming knowledge cant really do much with it and anyone that gos asking for the tweeked and compiled exe will more than likely wind up hosting their own back door
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •