[nsp-sec] Bracing For Impact... MS08-067
Chris Calvert
Chris.Calvert at telus.com
Thu Oct 23 15:49:15 EDT 2008
In that case... Paging Zot O'Connor/Microsoft to the batphone!
Thanks for the SWI blog link, Gerard. I didn't get to that yet in my own research and have to admit that I probably would have forgotten to check.
Chris
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Nicholas Ianelli
> Sent: Thursday, October 23, 2008 12:26 PM
> To: White, Gerard
> Cc: NSP nsp-security
> Subject: Re: [nsp-sec] Bracing For Impact... MS08-067
>
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> There was a miscreant chatting about this last month,
> basically stating
> that they found a way to "re-infect" people via ports 135/445. Unclear
> if they had the code to do so, but it would be interesting to see if
> this was already being exploited.
>
> I'll see what I can dig up.
>
> Ok, found it, logs dated from 2008.09.02
>
> falesco found a way of exploiting dcom and lsass again
> so hes put them on a fud bot hes had for month
> selling source for 250 euros
> 249k bots
> for 3500 euros
>
> If this is true, may be worthwhile getting LE involvement.
>
> Nick
>
> White, Gerard wrote:
> > ----------- nsp-security Confidential --------
> >
> > Greetings.
> >
> >
> >
> > As you are all aware (hopefully), Microsoft has recently released a
> > patch outside of their normal cycle.
> >
> >
> >
> > In my opinion, this was probably touched off as a result of
> a painful
> > decision between releasing a patch
> >
> > that, if reverse-engineered, would touch off heavy
> miscreant activity -
> > vs. not releasing the patch, and
> >
> > playing the waiting game.
> >
> >
> >
> > So, also in my opinion, it probably won't be long (days?) before
> > miscreants attempt to take advantage
> >
> > of this opportunity... I would like to ask the community
> to watch their
> > darknets for spikes in TCP/135,
> >
> > & TCP/445.
> >
> >
> >
> > While the basic details are available here:
> >
> > http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
> >
> >
> >
> > I Strongly encourage everyone to read better details here:
> >
> > http://blogs.technet.com/swi/
> >
> >
> >
> > GW
> >
> > 855 - Bell Aliant
> >
> >
> >
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> >
> > Please do not Forward, CC, or BCC this E-mail outside of
> the nsp-security
> > community. Confidentiality is essential for effective
> Internet security counter-measures.
> > _______________________________________________
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
>
> iEYEARECAAYFAkkAwcoACgkQi10dJIBjZICXtQCgh1nafagwJeIWFrQ6K2RrsYmM
> tygAoMSLKUqQ7bFKlUNVwKcqgRdj17jP
> =OrAq
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list