MS05-012 not MS05-051 exploit found

Published: 2005-10-18
Last Updated: 2005-10-18 05:18:40 UTC
by Johannes Ullrich (Version: 4)
0 comment(s)

Later this evening Trend updated their webpage concerning the TROJ_SSPLOIT.A virus to show that it was not MS05-051, but was MS05-012 instead.  Thanks Microsoft for updating us on this as well.

Original Message:

Trend Micro reports that they spotted a POC for MS05-051 in the wild. They found it included  as a new exploit in other malware. We don't have any details yet beyond what can be found in at Trend Micro. If you find a copy of this malware, please forward it.

Trend Micro states that the malware was written in Visual Basic, which usually indicates some low skilled bot-kid. Kind of odd to see it surface this way, but having it included as a new warhead in existing malware matches past patterns.

Trend Micros virus statistics do not report any "captures" of this exploit in the wild. Not exactly sure if this is just a lab sample, or if it was actually seen in the "wild".

We will update this diary as we learn more.

0 comment(s)


Diary Archives