We just received a sample of the first known malware exploiting the vulnerability in Microsoft Windows Distributed Transaction Coordinator (MS05-051 MS05-051). We call it "Dasher.A". The actual exploit is based on publicly available exploit code which was released on first of December.
This worm doesn't appear to be very successful because of two flaws:
- It uses a central server in China for distribution (which is currently down) - The exploit code itself is quite unstable
As far as we can see, the situation with Dasher.A is already over.