| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <30135925.297171225723154006.JavaMail.juha-matti.laurio@netti.fi> Date: Mon, 3 Nov 2008 16:39:13 +0200 (EET) From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: Re: Windows RPC worm (MS08-067) in the wild Kaspersky detect the new wave as Exploit.Win32.MS08-067.g and Microsoft as Exploit:Win32/MS08067.gen!A Sophos uses name Mal/Generic-A. One of the reported file size is 16,384 bytes: http://www.threatexpert.com/report.aspx?uid=919a973d-9fe1-4196-b202-731ebaaffa5d Windows RPC vulnerability (MS08-067) FAQ has been updated to include these detection names: http://blogs.securiteam.com/index.php/archives/1150 Juha-Matti Juha-Matti Laurio [juha-matti.laurio@...ti.fi] kirjoitti: > The worm-type exploitation has started. More information at > http://www.f-secure.com/weblog/archives/00001526.html > > The worm component has reportdly detection name Exploit.Win32.MS08-067.g and the kernel component Rootkit.Win32.KernelBot.dg, in turn. > > Symantec uses Worm category too and the name W32.Wecorl: > http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-110306-2212-99&tabid=2 > > Juha-Matti > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists