Peaches Posted November 26, 2008 Report Share Posted November 26, 2008 Nov25MS08-067 Vulnerability: Botnets Reloadedby JM Hipolito (Technical Communications) "After last month’s ruckus made by Microsoft’s out-of-band patch, another threat leveraging the MS08-067 vulnerability was recently reported to have been causing more trouble in the wild.A worm detected by Trend Micro as WORM_DOWNAD.A was found to use the MS08-067 vulnerability to propagate via networks. Trend Micro researchers also noticed high traffic on the affected system’s port 445 upon successful exploitation, after which it connects to a certain IP address to download a copy of itself.The discovery of this threat is consistent with the spike in port 445 activity reported by DShield. Port 445 has raised security concerns in the past, as the port was used by the Sasser and Nimda worms that wreaked havoc years ago.However, this worm seems to be just one half of a worm duo that is spreading trouble these days. Systems affected with WORM_DOWNAD.A were found also infected by another worm, detected as WORM_NETWORM.C. WORM_NETWORM.C also exploits MS08-067, attempts to log in to affected systems though a list of strings, and also opens port 445 to connect to certain IP addresses."More here plus screenshots: http://blog.trendmicro.com/ and read here: http://blogs.technet.com/msrc/archive/2008...067-update.aspx and read here: http://www.computerworld.com/action/articl...;intsrc=hm_list Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.