Friday, October 31, 2008 10:40 AM cmosby

Proof of Concept binaries for MS08-067 targeting english Windows OS's - F-Secure Weblog

Proof of Concept binaries for MS08-067 targeting english Windows OS's Posted by Dan @ 12:53 GMT | postCount('00001525'); Comments

We are seeing the first Proof of Concept binaries that target the MS08-067 vulnerability on the following English localized systems:

Windows XP Service Pack 2
Windows XP Service Pack 3
Windows 2003 Service Pack 2

The payload is encrypted as normal. It's function is to add the guest account to the administrators group, thus allowing unlimited access to the machine. We detect the binaries as follows:

Backdoor:W32/Agent.DIN
Backdoor:W32/Agent.DIO
Backdoor:W32/Agent.DIP

We'll continue to keep an eye on the events.

Filed under: , , ,

Comments

No Comments