<<<
Sunday, August 13, 2006
>>>
 
IRC bot exploits the 5-day old MS-06040 vulnerability Posted by Mikko @ 08:23 GMT

wgareg.exe
Hopefully everybody followed the advice we gave five days ago. We've just located the first bot exploiting one the remote code execution vulnerabilities patched in last Tuesday's patch set by Microsoft.

The bot, known as Mocbot aka Backdoor.Win32.IRCBot.st is apparently only able to spread to Windows 2000 and perhaps to Windows XP SP1 computers.

Our update 2006-08-13_01 detects this bot.

The bot connects to IRC servers at:

   bbjj.househot.com:18067
   ypgw.wallloan.com:18067

Network admins might want to monitor connection attempts to those hosts from within their network.

More info on the MS06-040 vulnerability.






<<< A-Positive Friday #1
|
Intel Wi-Fi - Drivers Only >>>