ASN.1 vuln keeps on a'chugging.

Published: 2006-07-30
Last Updated: 2006-07-31 02:09:36 UTC
by Handlers (Version: 1)
0 comment(s)
I do declare, Johannes Ulrich is a seer, of sorts. Yesterday, he discussed the
inner workings of ASN.1 attacks against Microsoft authentication tokens. Yes,
an oldie but a goodie, it is still being seen in the wild. Then, right on cue,
Sophos today reports on a new multi-vectored worm, W32/Tilebot-GD, that spreads
via LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007)
vulnerabilities. It then configures and starts a new Windows service, smsc.exe
that is reported as "Window Services Connection", and joins an IRC botnet
(that's a shocker :p).  

Details at http://www.sophos.com/virusinfo/analyses/w32tilebotgd.html
Keywords:
0 comment(s)

Comments


Diary Archives