We have caught a live exploit against a Windows 2000 Server. The pcap packets of the exploit fire the signatures in Sourcefire VRT for the vulnerability described in MS06-040.
It looks like it's building a botnet (as we expected).
More details will follow as we analyze this piggy further.
Please do not ask for samples at this point. We have shared it with the usual anti-virus vendors already.
Swa Frantzen -- Section 66
Aug 12th 2006
1 decade ago