Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: * MS06-040 exploit in the wild - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
* MS06-040 exploit in the wild
We have caught a live exploit against a Windows 2000 Server. The pcap packets of the exploit fire the signatures in Sourcefire VRT for the vulnerability described in MS06-040.

It looks like it's building a botnet (as we expected).

More details will follow as we analyze this piggy further.

Please do not ask for samples at this point. We have shared it with the usual anti-virus vendors already.

--
Swa Frantzen -- Section 66
Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!