Windows RPC worm (MS08-067) in the wild

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Windows RPC worm (MS08-067) in the wild
From: Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx>
Date: Mon, 3 Nov 2008 15:52:13 +0200 (EET)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

The worm-type exploitation has started. More information at
http://www.f-secure.com/weblog/archives/00001526.html

The worm component has reportdly detection name Exploit.Win32.MS08-067.g and 
the kernel component Rootkit.Win32.KernelBot.dg, in turn.

Symantec uses Worm category too and the name W32.Wecorl:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-110306-2212-99&tabid=2

Juha-Matti

Prev by Date: Re: Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day
Next by Date: DriveCMS article.php remote sql injection
Previous by thread: sharedlog CMS Remote File Includes
Next by thread: DriveCMS article.php remote sql injection
Index(es):
- Date
- Thread