Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-05-20 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Port 135 Traffic Increase Due To Bobax.C

Published: 2004-05-20
Last Updated: 2004-05-20 15:56:24 UTC
by David Goldsmith (Version: 1)
0 comment(s)
Port 135 Traffic Increase Due To Bobax.C.

A third Bobox variant has been discovered that now uses the RPC/DCOM vulnerability on TCP port 135 in addition to the existing probes on TCP ports 445 and 5000. The DCOM exploit code in Bobax.C contains offsets for both Windows 2000 and Windows XP so Bobax.C can now infect both of these OSes where Bobax.[AB] could only infect Windows XP.


For more details, see http://www.lurhq.com/bobax.html



David Goldsmith

Handler on Duty
Keywords:
0 comment(s)
Diary Archives