<<<
NEWS FROM THE LAB - Friday, October 31, 2008
>>>
 

 
Proof of Concept Binaries for MS08-067 Targeting English Windows OS's Posted by Dan @ 12:53 GMT

We are seeing the first Proof of Concept binaries that target the MS08-067 vulnerability on the following English localized systems:

Windows XP Service Pack 2
Windows XP Service Pack 3
Windows 2003 Service Pack 2

The payload is encrypted as normal. Its function is to add the guest account to the administrators group, thus allowing unlimited access to the machine. We detect the binaries as follows:

Backdoor:W32/Agent.DIN
Backdoor:W32/Agent.DIO
Backdoor:W32/Agent.DIP

We'll continue to keep an eye on the events.