DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
December 8, 2016 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 135 people online.

 

Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin
 

Follow us
RSS
 

MS05-039 plug-and-play worm spotted in the wild

Posted on Sunday, August 14 2005 @ 19:02:51 CEST by


Yesterday I reported about a critical vulnerability in Windows which allows hackers to takeover your computer remotely and today SANS reports it has spotted the first worm on the Internet that takes advantage of this vulnerability.

Antivirus firm F-Secure cals the worm Zotob.A, while ClamAV refers to it as Trojan.Spybot-123. Windows 2000 users are advised to update as soon as possible. Windows XP SP2 and Windows 2003 users can't get hit by this worm as the worm does not use valid login.
The worm will download the main payload from the infecting machine. Once a machine is infected, it will become an ftp server itself. It will scan for open port 445/tcp. Once it finds a system with port 445 listening, it will try to use the PnP exploit to download and execute the main payload via ftp.

Important facts so far:
- Patch MS05-039 will protect you - Windows XP SP2 and Windows 2003 can not be exploited by this worm, as the worm does not use a valid logon.
- Blocking port 445 will protect you (but watch for internal infected systems)
- The FTP server does not run on port 21. It appears to pick a random high port.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2016 DM Media Group bvba