In Tuesday's blog "More MS08-067 Exploits" Microsoft said that new malware using an ms08-067 exploit "gained momentum and as a result we see an increased support call volume". The article and other writeups related to this particular malware have similar information, some information not contained in each writeup includes;
...."the worm deletes any user-created System Restore points"...
...."the worm attempts to contact the following sites to obtain the current date:
It uses the date information to generate a list of domain names.
The worm then contacts these domains in an attempt to download additional files onto the compromised computer".
"Once a machine has been infected the worm will patch the exploited function via a simple code hook in order to prevent re-infecting a machine it has already compromised".
Nov 26th 2008
1 decade ago