Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - A new botnet - Mocbot InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

A new botnet - Mocbot

Published: 2005-10-24
Last Updated: 2005-10-24 09:40:09 UTC
by Deborah Hale (Version: 1)
0 comment(s)
A new botnet is making the rounds. And guess who was the first to notify us.  Our very own Handler Patrick Nolan.  He even beat our primary informant, Juha-Matti.  Way to go Patrick.

This botnet client has been spread using the MS05-047 vulnerability, continues their entry.

http://www.f-secure.com/weblog/

http://www.f-secure.com/weblog/archives/archive-102005.html#00000685

http://www.f-secure.com/v-descs/mocbot.shtml

McAfee has information at:

http://vil.nai.com/vil/content/v_136637.htm

This is a heads up for some since botnet owners are using it to further exploit networks they already have a presence on. If you haven't already patched - you may want to do so now.

(Update):
According to McAfee and F-Secure, they have amended that this botnet is exploiting MS05-039 instead of MS05-047.
Keywords:
0 comment(s)
Diary Archives