Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: * MS06-040 exploit in the wild SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
* MS06-040 exploit in the wild
We have caught a live exploit against a Windows 2000 Server. The pcap packets of the exploit fire the signatures in Sourcefire VRT for the vulnerability described in MS06-040.

It looks like it's building a botnet (as we expected).

More details will follow as we analyze this piggy further.

Please do not ask for samples at this point. We have shared it with the usual anti-virus vendors already.

--
Swa Frantzen -- Section 66
Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!