F-Secure warns possibly worm which exploits RPC...though in the news heading is same as i have choosen but in the contents..F-secure comtardicts its heading in the contents...but still there is a possibility...how minor it may be.NAME: RPC
ALIAS: Exploit.Win32.Autorooter, RPC-1
Full story here : http://www.f-secure.com/v-descs/rpc.shtml
This program will create these files to local hard drive:
rpc.exe
rpctest.exe
tftpd.exe
dcomx.exe
lolx.exe
worm.exe
Rundown of the files:
Worm.exe is a self-extracting archive that will create rpc.exe, rpctest.exe and tftp.exe.
Tftp.exe is a normal tftp server utility.
Rpctest.exe and rpc.exe are part of autorooter.zip tool, released around 30th of June. Rpctest.exe uses the known RPC exploit to spawn a remote shell which listens at TCP port 57005. It contains the text "USE THE FORZ LUKE!" Rpc.exe contains text "rpc autorooter by ERIC". These programs are written which Microsoft Visual Basic.