F-Secure report new worms through MS08-067
F-Secure is now reporting on a worm which exploits the critical vulnerability addressed in Microsoft’s MS08-067 bulletin which target English versions of Windows XP (SP2 and SP3) and Windows 2003 SP2. The exploit payload downloads a dropper that they detect as Trojan-Dropper.Win32.Agent.yhi. The worm component is detected as Exploit.Win32.MS08-067.g and the kernel component as Rootkit.Win32.KernelBot.dg. IBM X-Force will continue to monitor the situation for further developments while the threat level remains at AlertCon 1. Users are advised to patch any remaining systems which may remain vulnerable and, in compliance with recommended best common practices, block ports 139/tcp and 445/tcp from untrusted networks.
Click here for more information.
Recent Comments