Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: * MS06-040 exploit in the wild SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
* MS06-040 exploit in the wild
We have caught a live exploit against a Windows 2000 Server. The pcap packets of the exploit fire the signatures in Sourcefire VRT for the vulnerability described in MS06-040.

It looks like it's building a botnet (as we expected).

More details will follow as we analyze this piggy further.

Please do not ask for samples at this point. We have shared it with the usual anti-virus vendors already.

--
Swa Frantzen -- Section 66
Swa

760 Posts
Aug 12th 2006

Sign Up for Free or Log In to start participating in the conversation!