[nsp-sec] Bracing For Impact... MS08-067
Nicholas Ianelli
ni at cert.org
Thu Oct 23 14:26:18 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There was a miscreant chatting about this last month, basically stating
that they found a way to "re-infect" people via ports 135/445. Unclear
if they had the code to do so, but it would be interesting to see if
this was already being exploited.
I'll see what I can dig up.
Ok, found it, logs dated from 2008.09.02
falesco found a way of exploiting dcom and lsass again
so hes put them on a fud bot hes had for month
selling source for 250 euros
249k bots
for 3500 euros
If this is true, may be worthwhile getting LE involvement.
Nick
White, Gerard wrote:
> ----------- nsp-security Confidential --------
>
> Greetings.
>
>
>
> As you are all aware (hopefully), Microsoft has recently released a
> patch outside of their normal cycle.
>
>
>
> In my opinion, this was probably touched off as a result of a painful
> decision between releasing a patch
>
> that, if reverse-engineered, would touch off heavy miscreant activity -
> vs. not releasing the patch, and
>
> playing the waiting game.
>
>
>
> So, also in my opinion, it probably won't be long (days?) before
> miscreants attempt to take advantage
>
> of this opportunity... I would like to ask the community to watch their
> darknets for spikes in TCP/135,
>
> & TCP/445.
>
>
>
> While the basic details are available here:
>
> http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
>
>
>
> I Strongly encourage everyone to read better details here:
>
> http://blogs.technet.com/swi/
>
>
>
> GW
>
> 855 - Bell Aliant
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkkAwcoACgkQi10dJIBjZICXtQCgh1nafagwJeIWFrQ6K2RrsYmM
tygAoMSLKUqQ7bFKlUNVwKcqgRdj17jP
=OrAq
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list