Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: A new botnet - Mocbot SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
A new botnet - Mocbot
A new botnet is making the rounds. And guess who was the first to notify us.  Our very own Handler Patrick Nolan.  He even beat our primary informant, Juha-Matti.  Way to go Patrick.

This botnet client has been spread using the MS05-047 vulnerability, continues their entry.

http://www.f-secure.com/weblog/

http://www.f-secure.com/weblog/archives/archive-102005.html#00000685

http://www.f-secure.com/v-descs/mocbot.shtml

McAfee has information at:

http://vil.nai.com/vil/content/v_136637.htm

This is a heads up for some since botnet owners are using it to further exploit networks they already have a presence on. If you haven't already patched - you may want to do so now.

(Update):
According to McAfee and F-Secure, they have amended that this botnet is exploiting MS05-039 instead of MS05-047.
Deborah

278 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!