Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: RPC DCOM Update - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
RPC DCOM Update

Over the weekend, scanning for the RPC DCOM vulnerability has increased. At least one 'auto-rooter' has been found in the wild. It will install a number of standard backdoors and an irc bot.

So far, the number of sources scanning is not increasing much. We observe 2000-3000 sources each day. This is an indication that there is currently no self replicating code (=worm).

Some question has been raised with respect to the vulnerability of Windows 9x and ME. According to Microsofts advisory, Windows ME is not vulnerable. Windows 9x does not include DCOM by default, but it is available as a free download. Some software, like Kiwi Syslog, requires the installation of RPC DCOM.

--------

please send updates to isc_AT_sans.org
Handlers

76 Posts

Sign Up for Free or Log In to start participating in the conversation!