Newsfeed
Nachrichtenbote
Code building on the proof of concept binaries that were mentioned last week has moved into the wild.
We've received the first reports of a worm capable of exploiting the MS08-067 vulnerability. The exploit payload downloads a dropper that we detect as Trojan-Dropper.Win32.Agent.yhi.
The dropped components include a kernel mode DDOS-bot that currently has a selection of Chinese targets in its configuration.
The worm component is detected as Exploit.Win32.MS08-067.g and the kernel component as Rootkit.Win32.KernelBot.dg. On 03/11/08 At 01:34 PM
Weiterlesen...
We've received the first reports of a worm capable of exploiting the MS08-067 vulnerability. The exploit payload downloads a dropper that we detect as Trojan-Dropper.Win32.Agent.yhi.
The dropped components include a kernel mode DDOS-bot that currently has a selection of Chinese targets in its configuration.
The worm component is detected as Exploit.Win32.MS08-067.g and the kernel component as Rootkit.Win32.KernelBot.dg. On 03/11/08 At 01:34 PM
Weiterlesen...