ASN.1 vuln keeps on a'chugging.
I do declare, Johannes Ulrich is a seer, of sorts. Yesterday, he discussed the
inner workings of ASN.1 attacks against Microsoft authentication tokens. Yes,
an oldie but a goodie, it is still being seen in the wild. Then, right on cue,
Sophos today reports on a new multi-vectored worm, W32/Tilebot-GD, that spreads
via LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007)
vulnerabilities. It then configures and starts a new Windows service, smsc.exe
that is reported as "Window Services Connection", and joins an IRC botnet
(that's a shocker :p).
Details at http://www.sophos.com/virusinfo/analyses/w32tilebotgd.html
inner workings of ASN.1 attacks against Microsoft authentication tokens. Yes,
an oldie but a goodie, it is still being seen in the wild. Then, right on cue,
Sophos today reports on a new multi-vectored worm, W32/Tilebot-GD, that spreads
via LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007)
vulnerabilities. It then configures and starts a new Windows service, smsc.exe
that is reported as "Window Services Connection", and joins an IRC botnet
(that's a shocker :p).
Details at http://www.sophos.com/virusinfo/analyses/w32tilebotgd.html
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments