New code could unleash biggest ever Windows worm
Goto page 1, 2, 3  Next  :||:
 Security Forums -> Exploits // System Weaknesses
Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Sun Jul 27, 2003 3:29 am    Post subject: New code could unleash biggest ever Windows worm
    ----
This is somewhat worrying. Could be worse than slammer in the right/wrong hands Rolling Eyes

Quote:
A hacker group released code designed to exploit a widespread Windows flaw, paving the way for a major worm attack as soon as this weekend, security researchers warned.

The warning came Friday, after hackers from the Chinese X Focus security group forwarded source code to several public security lists. The code is for a program designed to allow an intruder to enter Windows computers.

The X Focus program takes advantage of a hole in the Microsoft operating system that lets attackers break in remotely. The flaw has been characterized by some security experts as the most widespread ever found in Windows.


This tickled me though:

Quote:
HD Moore, a security researcher and the founder of the Metasploit Project, has done just that. A well-known hacker and programmer of security code, Moore has taken the Chinese code and improved it. Now the code works for at least seven versions of the operating system, including Windows 2000 Service Pack 0 to Service Pack 4 and Windows XP Service Pack 0 and Service Pack 1.

"I don't like broken exploits, so I fixed it," he said.


From: http://news.com.com/2100-1002_3-5055759.html

Last edited by ShaolinTiger on Sun Jul 27, 2003 6:00 pm; edited 1 time in total
Author: alt.don PostPosted: Sun Jul 27, 2003 5:04 pm    Post subject:
    ----
Took me awhile to answer to this as I was wiping off the coffee which came through my nose onto my monitor. Laughing That is priceless though, he "fixed" the sploit. Talk about hoisting their collective petard. Well hopefully MS security is now working on a fix "toute suite". This will be intersting to see if it does hit the wild.
Author: RoboGeekLocation: LeRoy, IL PostPosted: Sun Jul 27, 2003 5:49 pm    Post subject:
    ----
Microsoft Exploit - Service Pack 1.. gotta love it.. Shocked
Author: CHeeKY PostPosted: Sun Jul 27, 2003 6:52 pm    Post subject:
    ----
got code and exploit, works ok by looks of things..
Author: Aleius PostPosted: Thu Jul 31, 2003 3:00 pm    Post subject:
    ----
is there any program or something scrambler that could protect you from this thing if there is a threat?
Author: r3L4x PostPosted: Thu Jul 31, 2003 10:32 pm    Post subject:
    ----
lol i serously doubt this will be another slammer...an exploit this big, working on so many computers and OS's will be much bigger then slammer, and arrive much sooner.
Author: EricTheBald PostPosted: Thu Jul 31, 2003 11:14 pm    Post subject:
    ----
So what you're saying is that we should be so lucky that it's ONLY as bad as Slammer?


You know, and I have to say that this is purely a hunch on my part, with nothing to base it on more concrete than a gut feeling...
I think we're only days away from getting hit with this.

Well, I shouldn't say "we".

I'm PATCHED dangnabbit! Mr. Green

I may not be a \337 haX0r, but I know where the "Update" button is!
Author: Sgt_BLocation: Chicago, IL US PostPosted: Fri Aug 01, 2003 4:42 pm    Post subject:
    ----
August 1st and still no major "attack traffic". Just want to mention I tried running the sploit on windows and nix, and it worked flawlessly. Like _MHz says, its way too easy to run. I rooted my buddies machine for testing (my machine was already patched), and within seconds I was staring at a nice little command prompt.
So are we taking bets on when the worm is coming out? I could see some little monkey scripting this to do all sorts of horrible stuff.
Worse than slammer? You better believe it!
Author: ZATRiXLocation: Canada PostPosted: Fri Aug 01, 2003 9:59 pm    Post subject:
    ----
This is truly a major threat. I have tried this exploit on my entire work network PCs (15) and every single one of them fell vulnerable to the attack. I am able to get ‘root’ and do well pretty much anything except deleting files. But I’ve found a way to upload files so it’s deadly.

However I have found a simple fix to this “huge” problem. It’s a simple change in your registry without downloading anything major.

HKEY_LOCAL_MACHINE\Software\Microsoft\OLE

Simply set the value to “N” and your set. Of course that isn’t enough, you should never have NetBios enabled etc.
Author: scapermoyaLocation: Los Angeles PostPosted: Fri Aug 01, 2003 10:23 pm    Post subject:
    ----
I found it
dcom.c
is that it?
I downloaded a compiler for C, ran it, and it couldnt find any o fthe includes? what do i do?
chinchill.^.
Author: scapermoyaLocation: Los Angeles PostPosted: Sat Aug 02, 2003 1:21 am    Post subject:
    ----
stupid me,
this only compiles in Linux,
mkay.
Author: PhiBerLocation: Your MBR PostPosted: Sat Aug 02, 2003 2:27 am    Post subject:
    ----
This sux,
Yet another patch i have to run on my server....
Hey where did u guys get the Exploit? I wanna try running it on my system.....u have to compile it in C on a nix box, right?
Author: squidlyLocation: Umm.. I dont know.. somewhere PostPosted: Sat Aug 02, 2003 2:36 am    Post subject:
    ----
Check out Full-Disclosure. And google Smile
I tried it against my box and well what do you know.. my box is up to day and patched Smile
Author: vlad902 PostPosted: Sat Aug 02, 2003 6:21 am    Post subject:
    ----
Meh, no worry to me, my firewall/router doesn't router any packets to the windows boxes and it only routes 22/80 and that's to a *N?X box... Althought I'll set it up so that 137/139 redirect to CharGen Twisted Evil
Author: r3L4x PostPosted: Sun Aug 03, 2003 2:28 am    Post subject:
    ----
one by hdm can either be ran on win32 or a nix system or win32 with cygwin installed.
Author: PhiBerLocation: Your MBR PostPosted: Sun Aug 03, 2003 2:56 am    Post subject:
    ----
I finally patched my system!!!!!!!!!! Got it secure again Very Happy

One thing i dont understand, on this webpage....the snort rules, is that the exploit itself?

http://isc.sans.org/diary.html?date=2003-08-01
Security Forums -> Exploits // System Weaknesses


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Goto page 1, 2, 3  Next  :||:
Page 1 of 3

Powered by phpBB 2.0.x © 2001 phpBB Group