I stumbled upon an old, but new Microsoft OS bashing application today circulating within the underground that I thought worthy to share with the security community. The application is called SMBDie.exe and is extremely effective in forcing any Microsoft operating system (including XP) to restart (check out the Nomad Mobile Research Center for more info). Many of you will probably think of WinNuke when hearing of this functionality, but this application is much cleaner, quicker, and more effective than the WinNuke app. SMBDie would be extremely effective to complete the installation of trojans or backdoors on any network (along with causing general havoc). The only information required to get it to work is the computer IP address and the NETBIOS name. After conducting testing in a lab situation, the application performed as promised--within seconds, the target system was shutting down and restarting.

Of course, if the network you are minding is security conscious, information such as the NETBIOS name will not be allowed outside of the firewall(s) and the port necessary to use this application should also be closed. However, as security professionals, we need to be conscious of the stealth and potential damage to be caused by internal users. Due to the functionality of the Microsoft operating system suite, it is readily impossible to shut down SMB and still have a usable, networked OS.

Just a heads up to everyone to watch for it in their network.

...aberration...