[ISN] Trojan attacks Microsoft's emergency patch vuln

From: InfoSec News <alerts_at_private>
Date: Mon, 27 Oct 2008 05:39:46 -0600 (CST)

By Dan Goodin in San Francisco 
The Register
24th October 2008

A day after Microsoft released an emergency patch for a critical flaw 
that could allow self-replicating attacks, researchers have identified a 
nasty trojan that attempts to exploit the vulnerability.

Variants of the data-stealing trojan known by names including Gimmiv.A 
and Spy-Agent.da have morphed over the past few weeks to exploit a major 
weakness in virtually all versions of the Windows operating system. If 
successful, the exploit could transform the malware into a virulent worm 
that allows a single infected machine to contaminate any other 
vulnerable machine over a local network without requiring any 
interaction on the part of the end users.

At the moment, the part of the trojan that exploits the weakness in the 
Windows server service isn't especially reliable, researchers said. It 
generally succeeds only when code custom-built for a specific version 
and language of the OS encounters its intended target. But the limited 
success has prompted security experts to take seriously Microsoft's 
warning that the vulnerability is wormable.


Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
Received on Mon Oct 27 2008 - 04:39:46 PDT

This archive was generated by hypermail 2.2.0 : Mon Oct 27 2008 - 04:48:44 PDT