funsec mailing list archives

Re: RPC worm (MS08-067) in the wild

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Mon, 3 Nov 2008 16:37:03 +0200 (EET)

Kaspersky detect the new wave as
Exploit.Win32.MS08-067.g

and Microsoft as
Exploit:Win32/MS08067.gen!A

Sophos uses name Mal/Generic-A.

One of the reported file size is 16,384 bytes:
http://www.threatexpert.com/report.aspx?uid=919a973d-9fe1-4196-b202-731ebaaffa5d

Windows RPC vulnerability (MS08-067) FAQ has been updated to include these detection names:
http://blogs.securiteam.com/index.php/archives/1150

Juha-Matt
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: RPC worm (MS08-067) in the wild Juha-Matti Laurio (Nov 03)
- <Possible follow-ups>
- RPC worm (MS08-067) in the wild Juha-Matti Laurio (Nov 03)