NEWS FROM THE LAB - Thursday, December 15, 2005

First MSDTC-exploiting malware unsuccessful Posted by Jarkko @ 10:00 GMT

dasherWe just received a sample of the first known malware exploiting the vulnerability in Microsoft Windows Distributed Transaction Coordinator (MS05-051 MS05-051). We call it "Dasher.A". The actual exploit is based on publicly available exploit code which was released on first of December.

This worm doesn't appear to be very successful because of two flaws:

- It uses a central server in China for distribution (which is currently down)
- The exploit code itself is quite unstable

As far as we can see, the situation with Dasher.A is already over.