Results 1 to 2 of 2

Thread: Possible RPC worm

  1. #1
    Senior Member
    Join Date
    May 2003
    Posts
    472

    Possible RPC worm

    NAME: RPC
    ALIAS: Exploit.Win32.Autorooter, RPC-1
    F-Secure warns possibly worm which exploits RPC...though in the news heading is same as i have choosen but in the contents..F-secure comtardicts its heading in the contents...but still there is a possibility...how minor it may be.


    This program will create these files to local hard drive:


    rpc.exe
    rpctest.exe
    tftpd.exe
    dcomx.exe
    lolx.exe
    worm.exe

    Rundown of the files:

    Worm.exe is a self-extracting archive that will create rpc.exe, rpctest.exe and tftp.exe.

    Tftp.exe is a normal tftp server utility.

    Rpctest.exe and rpc.exe are part of autorooter.zip tool, released around 30th of June. Rpctest.exe uses the known RPC exploit to spawn a remote shell which listens at TCP port 57005. It contains the text "USE THE FORZ LUKE!" Rpc.exe contains text "rpc autorooter by ERIC". These programs are written which Microsoft Visual Basic.
    Full story here : http://www.f-secure.com/v-descs/rpc.shtml
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    that took longer than i thought

    ..looks like its designed for warez wars
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •