Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


MS04-011: Cycle.A Worm (ports: 69, 445, 3332)

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:05:57 AM

Posted 10 May 2004 - 08:37 AM

MS04-011: Cycle.A Worm (ports: 69, 445, 3332)

Win32.Cycle.A is a worm that spreads by exploiting a vulnerability in the LSASS service on Windows 2000, XP and 2003 server. It has been distributed as a 10,240-byte, UPX-packed, Win32 executable.

The worm runs its own tftp server on UDP port 69 on infected machines, for targets to download from. If successful, the worm is saved as %System%\cyclone.exe. The worm listens on TCP port 3332. This is simply used by the worm to recognize machines that are already infected. It attempts to connect to each target address on port 3332, and if successful, will not try to exploit that machine.

The Microsoft security bulletin for this vulnerability is available here:

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users