Monday, November 03, 2008 9:42 AM cmosby

Worm Exploiting MS08-067 in the Wild - F-Secure Weblog

Worm Exploiting MS08-067 in the Wild Posted by Toni @ 13:34 GMT | postCount('00001526'); Comments

Code building on the proof of concept binaries that were mentioned last week has moved into the wild.

We've received the first reports of a worm capable of exploiting the MS08-067 vulnerability. The exploit payload downloads a dropper that we detect as Trojan-Dropper.Win32.Agent.yhi.

The dropped components include a kernel mode DDOS-bot that currently has a selection of Chinese targets in its configuration.

The worm component is detected as Exploit.Win32.MS08-067.g and the kernel component as Rootkit.Win32.KernelBot.dg.

Filed under: , , , , , , ,

Comments

No Comments