Not updating has created a monster botnet

This article says it all for me to stay updated on my WordPress blog and Computers. I know I said I was hesitate to upgrade to the new WordPress 2.7 but I changed my mind after reading this and the compatibility list on Lorelle’s blog.

MS08-067: Not updating has created a monster botnet

Date: December 6th, 2008

Author: Michael Kassner

Category: security, Botnet, anti-spam

Microsoft created MS08-067 to fix a serious vulnerability. MS even felt the problem was critical enough to justify an out-of-band release of the update. They were right; find out why.


MS08-067 is the fix for server service vulnerability CVE-2008-4250:

“A remote code execution vulnerability exists in the Server service on Windows systems. The vulnerability is due to the service not properly handling specially crafted RPC requests. An attacker who successfully exploited this vulnerability could take complete control of an affected system.”

Microsoft had a real sense of urgency with this patch. The Gimmiv.A trojan, which exploits the server service vulnerability, was already found on servers and desktops in the wild. The ThreatExpert blog “Gimmiv.A exploits critical vulnerability” gives a detailed explanation of the trojan and its capabilities.

The Gimmiv.A trojan was designed to collect system information and passwords from the infected computer, then send the information in an encrypted format to a remote server. Next the remote server sends files back to the compromised computer, which will be used to further propagate the trojan. It appears that the Gimmiv.A author has a sense of humor as the following image (courtesy of ThreatExpert) is among the downloaded files: Read more

Thanks for visiting thephotographer4you®
pin it button Not updating has created a monster botnet
pixel Not updating has created a monster botnet

Related posts