A Windows Worm Mockup?


F-Secure and McAfee now are saying this "Mocboc" thing is in fact exploiting the same flaw that the Zotob worm went after, not the latest Microsoft flaw. Not quite sure how these two companies made the same mistake in their analysis, but none of this changes the fact that the possibility of a worm exploiting these new holes remains high.

My original post from earlier today:

On Friday, security researchers released computer programming instructions demonstrating how attackers might exploit a security hole for which Microsoft released a patch less than two weeks ago.

Then on Saturday, evidence emerged that attackers were using the exploit code in a new Trojan horse program designed to turn infected machines into "bots" -- remote controlled machines used mainly to relay spam or attack Web sites. Among the first to detect the new bugger was the Norman Sandbox, a scanning tool that computer forensics experts often use to identify both new and known computer viruses. Anti-virus companies F-Secure and McAfee (and others I'm sure by now) label the new threat as "Mocbot. Security Fix - Brian Krebs on Computer Security - (washingtonpost.com)

Linked by shanmuga Monday, 24th October 2005 1:12PM