lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <30135925.297171225723154006.JavaMail.juha-matti.laurio@netti.fi>
Date: Mon, 3 Nov 2008 16:39:13 +0200 (EET)
From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Windows RPC worm (MS08-067) in the wild

Kaspersky detect the new wave as
Exploit.Win32.MS08-067.g

and Microsoft as
Exploit:Win32/MS08067.gen!A

Sophos uses name Mal/Generic-A.

One of the reported file size is 16,384 bytes:
http://www.threatexpert.com/report.aspx?uid=919a973d-9fe1-4196-b202-731ebaaffa5d

Windows RPC vulnerability (MS08-067) FAQ has been updated to include these detection names:
http://blogs.securiteam.com/index.php/archives/1150

Juha-Matti

Juha-Matti Laurio [juha-matti.laurio@...ti.fi] kirjoitti: 
> The worm-type exploitation has started. More information at
> http://www.f-secure.com/weblog/archives/00001526.html
> 
> The worm component has reportdly detection name Exploit.Win32.MS08-067.g and the kernel component Rootkit.Win32.KernelBot.dg, in turn.
> 
> Symantec uses Worm category too and the name W32.Wecorl:
> http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-110306-2212-99&tabid=2
> 
> Juha-Matti
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ