Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: SysAdMini on November 15, 2008, 10:09:16 pm

Title: Hacker Tool Targeting MS08-067 Vulnerability
Post by: SysAdMini on November 15, 2008, 10:09:16 pm
http://securitylabs.websense.com/content/Blogs/3237.aspx (http://securitylabs.websense.com/content/Blogs/3237.aspx)
Title: Re: Hacker Tool Targeting MS08-067 Vulnerability
Post by: tjs on November 17, 2008, 06:44:05 pm
Anyone seen it in the wild?
Title: Re: Hacker Tool Targeting MS08-067 Vulnerability
Post by: sowhat-x on November 17, 2008, 06:56:15 pm
It's quite easy to get a copy of it...it's spread over at various chinese skiddie-haxor boards...

http://www.threatexpert.com/report.aspx?md5=eda4f634c84b8e06235b5024d72f012e
http://www.virustotal.com/analisis/4692ac80711ebf6e25b9331e7f863276

====================================================
My guess is that there are TOO many idiots/skiddies with plenty of free time out there,
that even though the above "tool" IS PROVEN to be backdoored itself,
still,they might attempt running it in order to abuse workstations out there...

So,I thought it's probably wiser to not repost the sample in question directly.
Individual malware researchers/analysts,
already have way more than enough info in order to grab the sample in question...
Title: Re: Hacker Tool Targeting MS08-067 Vulnerability
Post by: SysAdMini on November 17, 2008, 09:02:52 pm
So,I thought it's probably wiser to not repost the sample in question directly.
Individual malware researchers/analysts,
already have way more than enough info in order to grab the sample in question...

Wise decision.
Title: Re: Hacker Tool Targeting MS08-067 Vulnerability
Post by: tjs on November 18, 2008, 07:22:06 pm
totally understandable.
Title: Re: Hacker Tool Targeting MS08-067 Vulnerability
Post by: SysAdMini on November 26, 2008, 06:07:35 pm
MS08-067 Vulnerability: Botnets Reloaded
http://blog.trendmicro.com/ms08-067-vulnerability-botnets-reloaded/ (http://blog.trendmicro.com/ms08-067-vulnerability-botnets-reloaded/)

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOWNAD.A&VSect=T (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOWNAD.A&VSect=T)

complete url of the threat is

Code: [Select]
hxxp://trafficconverter.biz/4vir/antispyware/loadadv.exe