UGL - We live the Unreal Life! - View Single Post - Sites to help you remove Trojans and infections

Doz · 08-28-2011, 12:37 PM

Microsoft Security Bulletin MS11-065 - Important

Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)

Published: August 09, 2011

http://www.microsoft.com/technet/sec.../ms11-065.mspx

Server Admins need to Read:
http://threatpost.com/en_us/blogs/ne...ows-pcs-082811

A new worm called Morto has begun making the rounds on the Internet in the last couple of days, infecting machines via RDP (Remote Desktop Protocol). The worm is generating a large amount of outbound RDP traffic on networks that have infected machines, and Morto is capable of compromising both servers and workstations running Windows.

Info
outgoing TCP 3389 connections.

"Once you are connected to a remote system, you can access the drives of that server via Windows shares like \\tsclient\c and \\tsclient\d for drives C: and D:, respectively. Monto uses this feature to copy itself to the target machine. It does this by creating a temporary drive under letter A: and copying a file called a.dll to it. The infection will create several new files on the system including \windows\system32\sens32.dll and \windows\offline web pages\cache.txt. Morto can be controlled remotely. This is done via several alternative servers, including jaifr.com and qfsl.net."

Process Explorer v15.03

By Mark RussinovichPublished: August 18, 2011

http://technet.microsoft.com/en-us/s...rnals/bb896653

Introduction

Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

08-28-2011, 12:37 PM	#4
Doz Maniac Drummer Join Date: Feb 2008 Location: Florida Posts: 3,017	Microsoft Security Bulletin MS11-065 - Important Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222) Published: August 09, 2011 http://www.microsoft.com/technet/sec.../ms11-065.mspx Server Admins need to Read: http://threatpost.com/en_us/blogs/ne...ows-pcs-082811 A new worm called Morto has begun making the rounds on the Internet in the last couple of days, infecting machines via RDP (Remote Desktop Protocol). The worm is generating a large amount of outbound RDP traffic on networks that have infected machines, and Morto is capable of compromising both servers and workstations running Windows. Info outgoing TCP 3389 connections. "Once you are connected to a remote system, you can access the drives of that server via Windows shares like \\tsclient\c and \\tsclient\d for drives C: and D:, respectively. Monto uses this feature to copy itself to the target machine. It does this by creating a temporary drive under letter A: and copying a file called a.dll to it. The infection will create several new files on the system including \windows\system32\sens32.dll and \windows\offline web pages\cache.txt. Morto can be controlled remotely. This is done via several alternative servers, including jaifr.com and qfsl.net." Process Explorer v15.03 By Mark RussinovichPublished: August 18, 2011 http://technet.microsoft.com/en-us/s...rnals/bb896653 Introduction Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded. The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded. The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work. __________________ I am a USAF Veteran and LoveUSA