Harry Waldron - Corporate IT Security

All home and corporate users should ensure they are up-to-date on Windows security patches. A Windows Update should be performed if it's not an automatic process on your system. This emergency release became available on October 23, 2008.

So far, Troj/Gimmiv.A requires social engineering and some human intervention for the malware agents to load on unpatched Windows workstation and server operating systems. Usually, this requires visiting a malicious website or a mouse click to install the malicious software.

A true worm will infect vulnerable systems that are simply connected to the Internet or a Local Area Network automatically, without any human intervention. Examples of past true worms include: Code Red, Blaster, SQL-Slammer, Sasser, etc. It should also be noted that some of these early variants were buggy and less effective than more steamlined later versions.

It is hopeful that exploits related to MS08-067 will not become wormable. Still users should not take a chance. By patching now, they will prevent infections if a wormable threat materializes later. Information on patching this security vulnerability can be found below:

Microsoft Security Bulletin - MS08-067 Information
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Gimmiv.A exploits critical vulnerability (MS08-067)
http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html

QUOTE: What needs to be clarified here, is that the exploit MS08-067 used by Gimmiv.A allows remote code execution, which makes it potentially "wormable". Considering that the vector of attack is RPC DCOM and the code is similar to typical RPC DCOM network-aware worms, which is used against other hosts in the network, Gimmiv.A is determined in this post as a worm. However, it could technically be classified as a network-aware trojan that employs functionality of a typical RPC DCOM network-aware worm to attack other hosts in the network

First Glimpse into MS08-067 Exploits In The Wild
http://www.avertlabs.com/research/blog/index.php/2008/10/24/first-glimpse-into-ms08-067-exploits-in-the-wild/


Gimmiv - Additional Information Links
http://vil.nai.com/vil/content/v_152898.htm
http://community.ca.com/blogs/securityadvisor/archive/2008/10/27/ms08-067-wormable-vulnerability-patched.aspx
http://www.prevx.com/blog/101/MS--GimmivA-exploits-Windows-bug.html
http://security.blogs.techtarget.com/2008/10/24/worm-exploiting-ms08-067-rpc-vulnerability/
https://forums.symantec.com/syment/blog/article?blog.id=vulnerabilities_exploits&thread.id=174
http://www.networkworld.com/community/node/34429
http://www.precisesecurity.com/threats/trojangimmiva/
http://www.csoonline.com/article/456980/Gimmiv_Worm_Feeds_on_Latest_Microsoft_Bug
http://www.sophos.com/security/analyses/viruses-and-spyware/trojgimmiva.html
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=74604
http://www.threatexpert.com/reports.aspx?find=gimmiv
http://www.frsirt.com/english/virus/2008/06423