[ISN] Exploit binary released as Symantec finds more code

From: InfoSec News (isn@private)
Date: Wed Apr 28 2004 - 02:45:40 PDT

Next message: InfoSec News: "[ISN] Multinational team cracks crypto puzzle"

Previous message: InfoSec News: "[ISN] File and email encryption with GnuPG (PGP) part six"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.smh.com.au/articles/2004/04/28/1083103523103.html

By Sam Varghese 
April 28, 2004 

A binary for one of the exploits released to target a flaw in the
Private Communications Transport (PCT) protocol implementation in the
Microsoft Secure Socket Layer library, has been released on the net.

The compiled version makes it easier for the category of attackers
known as script kiddies to utilise.

Attackers who use this flaw to break in could gain complete control of
servers handling credit card and banking data for online transactions.

Meanwhile, network security and A-V software vendor Symantec says it
has discovered more malicious code that targets the same
vulnerability.

Symantec said in a media release that the malicious code - currently
called backdoor.mipsiv -- opened ports on a system, implemented a
denial-of-service attack against a third-party DNS server system and
also receives command/control instructions via internet relay chat
(IRC) channels.

"Symantec has detected attempts at compromising systems on our
monitored global sensor network and has raised its ThreatCon Rating to
Level 3 as a precautionary measure. Symantec Security Response experts
are analysing the heavily encrypted code and will provide more details
as they become available," the company said.

"The team is also determining if the code is a worm or a bot (a
program used to performs repetitive functions including searching for
news or information)."

Vincent Weafer, senior director, Symantec Security Response, said:  
"We're seeing an increase in the number of exploits, attempts and an
increase in reconnaissance attacks through our DeepSight sensors and
Managed Security Services devices. We encourage our customers to
expedite their patching if they haven't already."

On April 14, a French group, k-otik, released code to exploit another
vulnerability in Windows which was also patched this month.



_________________________________________
ISN mailing list
Sponsored by: OSVDB.org

Next message: InfoSec News: "[ISN] Multinational team cracks crypto puzzle"
Previous message: InfoSec News: "[ISN] File and email encryption with GnuPG (PGP) part six"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 28 2004 - 07:10:53 PDT