Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: ASN.1 vuln keeps on a'chugging. - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ASN.1 vuln keeps on a'chugging.
I do declare, Johannes Ulrich is a seer, of sorts. Yesterday, he discussed the
inner workings of ASN.1 attacks against Microsoft authentication tokens. Yes,
an oldie but a goodie, it is still being seen in the wild. Then, right on cue,
Sophos today reports on a new multi-vectored worm, W32/Tilebot-GD, that spreads
via LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007)
vulnerabilities. It then configures and starts a new Windows service, smsc.exe
that is reported as "Window Services Connection", and joins an IRC botnet
(that's a shocker :p).  

Details at http://www.sophos.com/virusinfo/analyses/w32tilebotgd.html
Handlers

76 Posts

Sign Up for Free or Log In to start participating in the conversation!