Over the weekend, scanning for the RPC DCOM vulnerability has increased. At least one 'auto-rooter' has been found in the wild. It will install a number of standard backdoors and an irc bot.

So far, the number of sources scanning is not increasing much. We observe 2000-3000 sources each day. This is an indication that there is currently no self replicating code (=worm).

Some question has been raised with respect to the vulnerability of Windows 9x and ME. According to Microsofts advisory, Windows ME is not vulnerable. Windows 9x does not include DCOM by default, but it is available as a free download. Some software, like Kiwi Syslog, requires the installation of RPC DCOM.

--------

please send updates to isc_AT_sans.org