F-Secure is now reporting on a worm which exploits the critical vulnerability addressed in Microsoft’s MS08-067 bulletin which target English versions of Windows XP (SP2 and SP3) and Windows 2003 SP2. The exploit payload downloads a dropper that they detect as Trojan-Dropper.Win32.Agent.yhi. The worm component is detected as Exploit.Win32.MS08-067.g and the kernel component as Rootkit.Win32.KernelBot.dg. IBM X-Force will continue to monitor the situation for further developments while the threat level remains at AlertCon 1. Users are advised to patch any remaining systems which may remain vulnerable and, in compliance with recommended best common practices, block ports 139/tcp and 445/tcp from untrusted networks.
Click here for more information.
2008年10月24日, 微软发补丁修危急漏洞 影响所有Windows版本。微软在MS08-067号安全公告(“KB958644”)中警告称,这一缺陷存在于Server服务中,黑客可以利用一个经过特别设计的远程过程调用请求执行任意代码。
建议大家迅速行动,在Windows服务器、各个版本桌面机的补丁系统、反病毒、防火墙和IPS系统等做好紧急处理。 Read more…
据NetworkWorldAsia报导,HP近日承认在所售的USB盘中携带了蠕虫,给客户带来安全威胁。
HP所售的USB软盘(HP USB Floppy Drive Key)是用在HP的Proliant服务器产品线上的,集成了软驱和USB盘,有256M和1GB两种型号。SANS的一位安全专家怀疑蠕虫是在HP的某个工厂感染上的。
If a compromised drive is plugged into a USB port on any machine on the network, the worms may spread “to any mapped drives on the server,” HP’s alert said.
Up-to-date anti-virus software should detect the malware, but HP didn’t specify which of the many available programs would find and then delete the worms. Symantec Corp., for example, has signature definitions in its collection for both pieces of malicious code, which it identifies as “Fakerecy” and “SillyFDC.”
一些最新的杀毒软件已经可以检测出感染的蠕虫。
Recent Comments