We are seeing the first Proof of Concept binaries that target the MS08-067 vulnerability on the following English localized systems:
Windows XP Service Pack 2 Windows XP Service Pack 3 Windows 2003 Service Pack 2
The payload is encrypted as normal. Its function is to add the guest account to the administrators group, thus allowing unlimited access to the machine. We detect the binaries as follows:
