F-Secure said it had received reports of a worm designed to exploit MS08-067 in the wild.
“We’ve received the first reports of a worm capable of exploiting the MS08-067 vulnerability,” the company said on its blog. “The exploit payload downloads a dropper that we detect as Trojan-Dropper.Win32.Agent.yhi. The dropped components include a kernel mode DDOS-bot that currently has a selection of Chinese targets in its configuration.”
F-Secure also identified the worm component as Exploit.Win32.MS08-067.g and the kernel component as Rootkit.Win32.KernelBot.dg.