Ms08-067 Vulnerability: Botnets Reloaded


Recommended Posts

Nov25

MS08-067 Vulnerability: Botnets Reloaded

by JM Hipolito (Technical Communications)

"After last month’s ruckus made by Microsoft’s out-of-band patch, another threat leveraging the MS08-067 vulnerability was recently reported to have been causing more trouble in the wild.

A worm detected by Trend Micro as WORM_DOWNAD.A was found to use the MS08-067 vulnerability to propagate via networks. Trend Micro researchers also noticed high traffic on the affected system’s port 445 upon successful exploitation, after which it connects to a certain IP address to download a copy of itself.

The discovery of this threat is consistent with the spike in port 445 activity reported by DShield. Port 445 has raised security concerns in the past, as the port was used by the Sasser and Nimda worms that wreaked havoc years ago.

However, this worm seems to be just one half of a worm duo that is spreading trouble these days. Systems affected with WORM_DOWNAD.A were found also infected by another worm, detected as WORM_NETWORM.C. WORM_NETWORM.C also exploits MS08-067, attempts to log in to affected systems though a list of strings, and also opens port 445 to connect to certain IP addresses."

More here plus screenshots: http://blog.trendmicro.com/ and read here: http://blogs.technet.com/msrc/archive/2008...067-update.aspx and read here: http://www.computerworld.com/action/articl...;intsrc=hm_list

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...