SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Pastimes : Computer Learning
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  
To: thecow who wrote (35862)8/20/2003 9:34:57 AM
From: Lost1  Read Replies (1) of 110652
 
more on "blaster":

Method of Distribution
It starts by scanning the entire subnet for open 135 ports, then moves on to scan randomly selected class B subnets (255.255.0.0) to start scanning. If an open 135 port is found, it uses the exploit mentioned above to gain entry and create a remote shell on the exploited machine. It then assumes the exploit succeeded and attempts to connect to port 4444 of the remote machine. If successfully connected, it instructs the remote machine to download MSBLAST.EXE (size: 6,176 bytes, UPX packed) from its TFTP (Trivial File Transfer Protocol) service using TFTP.EXE. It then sends an instruction to start MSBLAST.EXE on the remote machine.

Note: TFTP.EXE is a utility included in default installations of Windows 2000 and later versions.

The worm is capable of keeping live connections to 20 exploited machines simultaneously.

The worm attempts to infect both Windows 2000 and Windows XP systems. One of the offsets used by the worm must be different for each of these operating systems, in order for the exploit it uses to work. Since the worm does not know what operating system the target machine is running, it guesses. There is an 80% chance it will attempt to exploit Windows XP, and a 20% chance it will attempt to exploit Windows 2000.

some good info on the computer associates site:

www3.ca.com
Report TOU ViolationShare This Post
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  

HomeMailHotSubjectMarksPeopleMarksKeepersSettings
Terms Of UseContact UsCopyright/IP PolicyPrivacy PolicyAbout UsFAQAdvertise on SI
© 2026 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News