[ISN] Exploit binary released as Symantec finds more code

From: InfoSec News (isn@private)
Date: Wed Apr 28 2004 - 02:45:40 PDT

  • Next message: InfoSec News: "[ISN] Multinational team cracks crypto puzzle"

    http://www.smh.com.au/articles/2004/04/28/1083103523103.html
    
    By Sam Varghese 
    April 28, 2004 
    
    A binary for one of the exploits released to target a flaw in the
    Private Communications Transport (PCT) protocol implementation in the
    Microsoft Secure Socket Layer library, has been released on the net.
    
    The compiled version makes it easier for the category of attackers
    known as script kiddies to utilise.
    
    Attackers who use this flaw to break in could gain complete control of
    servers handling credit card and banking data for online transactions.
    
    Meanwhile, network security and A-V software vendor Symantec says it
    has discovered more malicious code that targets the same
    vulnerability.
    
    Symantec said in a media release that the malicious code - currently
    called backdoor.mipsiv -- opened ports on a system, implemented a
    denial-of-service attack against a third-party DNS server system and
    also receives command/control instructions via internet relay chat
    (IRC) channels.
    
    "Symantec has detected attempts at compromising systems on our
    monitored global sensor network and has raised its ThreatCon Rating to
    Level 3 as a precautionary measure. Symantec Security Response experts
    are analysing the heavily encrypted code and will provide more details
    as they become available," the company said.
    
    "The team is also determining if the code is a worm or a bot (a
    program used to performs repetitive functions including searching for
    news or information)."
    
    Vincent Weafer, senior director, Symantec Security Response, said:  
    "We're seeing an increase in the number of exploits, attempts and an
    increase in reconnaissance attacks through our DeepSight sensors and
    Managed Security Services devices. We encourage our customers to
    expedite their patching if they haven't already."
    
    On April 14, a French group, k-otik, released code to exploit another
    vulnerability in Windows which was also patched this month.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Wed Apr 28 2004 - 07:10:53 PDT