HEADS UP *Exploit-DcomRpc* Trojan

[Cybr1d]

Trojan Name Risk Assessment
Exploit-DcomRpc Corporate User : Low
Home User : Low



Trojan Information
Discovery Date: 07/29/2003
Origin: Unknown
Length: Varies
Type: Trojan
SubType: Exploit
Minimum DAT:
Release Date: 4281
07/30/2003
Minimum Engine: 4.1.60
Description Added: 07/29/2003
Description Modified: 07/29/2003 4:09 PM (PT)

Trojan Characteristics:
This detection covers an exploit tool that makes use of the RPC Interface Buffer Overflow (7.17.03) vulnerability.
This exploit tool, creates a remote shell to provide access to a compromised system.

This tool is run on a Windows NT based system, to attack a Win2K/XP system.
Top of Page

Symptoms
N/A This is an attack tool, to exploit vulnerable remote systems.
Top of Page

Method Of Infection
N/A
Top of Page

Removal Instructions
All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.
Additional Windows ME/XP removal considerations

*FROM http://vil.nai.com/vil/content/v_100516.htm*

[thehorse13]

This has been discussed in great detail already.

http://www.antionline.com/showthread...hlight=ms03026

I usually search the forums before posting. You may want to do the same.

[Cybr1d]

if the trojan was discovered on the 29th, how can u possibly discuss about it on the 17th?Also, some of you in the link that you provided me, called it a worm; which is not. The name in that post is different too. Please read the post carefully next time. I'm sure there's more than just 1 RPC exploit.

[Tiger Shark]

Cybr1d old chap...... I hate to pi$$ on your fireworks but I have to say that telling Hoss to "read the post carefully next time" is a little silly when you asked how could you discuss something on the 17th that wasn't discovered until the 29th when in your initial post you "cut and pasted"

This detection covers an exploit tool that makes use of the RPC Interface Buffer Overflow (7.17.03)

I guess you should have read your post before you posted it..... But it's a wonderful example of why I inhabit this place.......

[Cybr1d]

I cut and pasted that from http://vil.nai.com/vil/content/v_100516.htm. I suppose they copied it from our old post

[thehorse13]

Couldn't have said it better myself Tiger Shark. I was trying to be nice by simply posting a response but now that I see that the poster has responded in this way, I think I will remind him what can happen when you post in ignorance and then try to justify the ignorance.

[nihil]

I would suggest that most AO posters are subscribed to AV bulletin/alert services....you have nothing to add to it...so why bother posting it?

cheers

[Tiger Shark]

Ok chaps..... Time to call the dogs off...... He showed a nice sense of humor there......

Cybr1d: Nice repsonse...... You'll do well here.......

[Cybr1d]

cool wid me ...lol didnt mean to be mean to anybody...wish we could post our mood lol...

[Tedob1]

Cybr1d:

Page Not Found
The page you are looking for is temporarily unavailable or no longer exists.

i guess they say the error of their ways. a trojan is a piece of software on a victems computer that opens a back door. this is a remote exploit.

BTW the code that Xfocus released, out of the box will only cause svchost.exe to crash. So someone without any programming knowledge cant really do much with it and anyone that gos asking for the tweeked and compiled exe will more than likely wind up hosting their own back door