Brian Ladd’s Blog – Notes on Life

Just another WordPress.com weblog

Massive hole in windows..(another one anyway)

http://it.slashdot.org/it/08/12/02/0133231.shtml

“The worm exploiting a critical Windows bug that Microsoft patched with an emergency fix in late October is now being used to build a fast-growing botnet, said Ivan Macalintal, a senior research engineer with Trend Micro. Dubbed ‘Downad.a’ by Trend (and ‘Conficker.a’ by Microsoft and ‘Downadup’ by Symantec), the worm is a key component in a massive new botnet that a new criminal element, not associated with McColo, is creating. ‘We think 500,000 is a ballpark figure,’ said Macalintal when asked the size of the new botnet. ‘That’s not as large as some, such as [the] Kraken [botnet], or Storm earlier, but it’s… starting to grow.'”

Some background on this hole and how it works:
http://tech.slashdot.org/tech/08/10/23/1713220.shtml?tid=201

http://web.nvd.nist.gov/view/vuln/detail;jsessionid=8cbbb6719c907342334ffd9256d8?execution=e1s1
http://www.us-cert.gov/cas/bulletins/SB08-294.html
http://www.intelliadmin.com/blog/2008/10/smb-vulnerablity-found-emergency-patch.html

Microsoft Response to the hole:
http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx
http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx

I found proof-of-concept code available through google.  Took all of a minute.

Advertisements

December 2, 2008 - Posted by | General Computer Tech, Security, Windows / Microsoft

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: