RPC DCOM interface buffer overflow

[pre-g-user]

Hi all

Since the 6th of August I started seeing regular intrusion attempts using the "RPC DCOM interface buffer overflow" vulnerability. They are mostly coming from the 10.*.*.* network segment on Vodacom's network and a few from the 196.*.*.* segment. No doubt there are many home users out there who do not patch their windows machines and possibly have been infected with a trojan/worm which is now using this vulnerability.

Anyone else noticing this activity?? Is Vodacom aware of this?

I have tried notifying Vodacom abuse (abuse@vodacom.co.za) to report this but the abuse address does not work and Voda's mail server rejects mail to this address (required by RFC2142). Can V3G post a working abuse address?

http://www.microsoft.com/technet/security/Bulletin/MS06-018.mspx
http://www.microsoft.com/technet/security/bulletin/ms04-029.mspx
http://www.microsoft.com/technet/security/bulletin/ms03-039.mspx
http://www.microsoft.com/technet/security/Bulletin/MS05-051.mspx
http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx
http://www.microsoft.com/technet/security/bulletin/MS05-012.mspx
http://www.microsoft.com/technet/security/bulletin/ms03-026.mspx

 

[vodacom3g]

Hi all

Since the 6th of August I started seeing regular intrusion attempts using the "RPC DCOM interface buffer overflow" vulnerability. They are mostly coming from the 10.*.*.* network segment on Vodacom's network and a few from the 196.*.*.* segment. No doubt there are many home users out there who do not patch their windows machines and possibly have been infected with a trojan/worm which is now using this vulnerability.

Anyone else noticing this activity?? Is Vodacom aware of this?

I have tried notifying Vodacom abuse (abuse@vodacom.co.za) to report this but the abuse address does not work and Voda's mail server rejects mail to this address (required by RFC2142). Can V3G post a working abuse address?

http://www.microsoft.com/technet/security/Bulletin/MS06-018.mspx
http://www.microsoft.com/technet/security/bulletin/ms04-029.mspx
http://www.microsoft.com/technet/security/bulletin/ms03-039.mspx
http://www.microsoft.com/technet/security/Bulletin/MS05-051.mspx
http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx
http://www.microsoft.com/technet/security/bulletin/MS05-012.mspx
http://www.microsoft.com/technet/security/bulletin/ms03-026.mspx

abuse should work. Have escalated, thanks.

 

[pre-g-user]

Thanks V3G .... I tested a few times and abuse address fails. Let me know when you hear back from them.

 

[pre-g-user]

V3G, 4 days and still no working abuse@vodacom.co.za address. I wonder how many thousands of abuse messages NEVER reach Vodacom's network guys???

This is the official email address listed with the domain records and it's the same address any ISP in the world will use for abuse complaints.

Please could you escalate again and let me know.

Thanks a mil

 

[pre-g-user]

V3G ... just tried now again and the abuse address is not working.

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

abuse@vodacom.co.za