Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: [Full-disclosure] Windows RPC worm (MS08-067) in the wild
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Mon, 3 Nov 2008 16:39:13 +0200 (EET)
Kaspersky detect the new wave as
Exploit.Win32.MS08-067.g

and Microsoft as
Exploit:Win32/MS08067.gen!A

Sophos uses name Mal/Generic-A.

One of the reported file size is 16,384 bytes:
http://www.threatexpert.com/report.aspx?uid=919a973d-9fe1-4196-b202-731ebaaffa5d

Windows RPC vulnerability (MS08-067) FAQ has been updated to include these detection names:
http://blogs.securiteam.com/index.php/archives/1150

Juha-Matti
Juha-Matti Laurio [juha-matti.laurio () netti fi] kirjoitti: 
The worm-type exploitation has started. More information at
http://www.f-secure.com/weblog/archives/00001526.html

The worm component has reportdly detection name Exploit.Win32.MS08-067.g and the kernel component 
Rootkit.Win32.KernelBot.dg, in turn.

Symantec uses Worm category too and the name W32.Wecorl:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-110306-2212-99&tabid=2

Juha-Matti

  By Date           By Thread  

Current thread:
  • Re: [Full-disclosure] Windows RPC worm (MS08-067) in the wild Juha-Matti Laurio (Nov 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]