Worm exploiting MS08-067 - Microsoft Windows Server spotted

A worm designed to exploit the recently patched vulnerability covered in Microsoft Security Bulletin MS08-067 has been detected, US-CERT, the government's cybersecurity organization, warned. F-Secure said it had received reports of a worm designed to exploit MS08-067 in the wild. "We've received the first reports of a worm capable of exploiting the MS08-067 vulnerability," the […]

A worm designed to exploit the recently patched vulnerability covered in Microsoft Security Bulletin MS08-067 has been detected, US-CERT, the government's cybersecurity organization, warned.

F-Secure said it had received reports of a worm designed to exploit MS08-067 in the wild.

"We've received the first reports of a worm capable of exploiting the MS08-067 vulnerability," the company said on its blog. "The exploit payload downloads a dropper that we detect as Trojan-Dropper.Win32.Agent.yhi. The dropped components include a kernel mode DDOS-bot that currently has a selection of Chinese targets in its configuration."

F-Secure also identified the worm component as Exploit.Win32.MS08-067.g and the kernel component as Rootkit.Win32.KernelBot.dg.

Full Article