 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
harrywaldron
Junior Member
Joined: 24 Jul 2007
Last Visit: 09 Apr 2009
Posts: 43
Location: Roanoke, Virginia
|
 Posted: Mon Nov 03, 2008 8:37 am Post subject: MS08-067 - First Worm Exploiting unpatched systems in the Wi |
 |
|
More evidence that the initial buggy and trojan horse based attacks are being refined by the bad guys into a true Internet based worm. If you haven't performed a Windows Update since October 23rd, it's important to do so immediately.
MS08-067 - First Worm Exploiting unpatched systems in the Wild
http://isc.sans.org/diary.html?storyid=5275
http://www.f-secure.com/weblog/archives/00001526.html
http://www.threatexpert.com/report.aspx?uid=919a973d-9fe1-4196-b202-731ebaaffa5d
| Quote: |
Code building on the proof of concept binaries that were mentioned last week has moved into the wild. We've received the first reports of a worm capable of exploiting the MS08-067 vulnerability. The exploit payload downloads a dropper that we detect as Trojan-Dropper.Win32.Agent.yhi.
The dropped components include a kernel mode DDOS-bot that currently has a selection of Chinese targets in its configuration. he worm component is detected as Exploit.Win32.MS08-067.g and the kernel component as Rootkit.Win32.KernelBot.dg. |
|
|
| Back to top |
|
 |
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
