Help
Kaspersky's weblog entry of June 5th entitled "Robots,vile robots everywhere!" is a great read. While this vulnerability is one year old, there might be some folks who have only applied MS04-011 and MS03-026 for XP or 2000 to stop true Sasser and Blaster type worms.
MS04-007: RBOT variant - 1st worm to exploit ASN.1 via Internet
(see June 5th weblog entry)
Investigation of the packets revealed a Microsoft ASN.1 exploit, which tries to download and run an executable from the attacking machine via TFTP. We've secured a binary and took a look under the cover. The responsible worm was a Rbot variant, ...
Besides the ASN.1 exploit - and this is the first worm to use it successfully on the Internet - the Rbot variant uses a multitude of other exploits, DCOM, RPC,Veritas Backup Exec, LSASS, MSSQL, password guessing and so on. It also steals registration keys from a good list of popular games, PayPal accounts logins, has an embedded backdoor and of course, DDoS capabilities.
Basically, it's a worm which tries very hard to spread while at the same time, it tries to steal as many valuable data from the victim machine as it is available. It is a highly infectious worm, written for profit. And yes, most of the other worms we're seeing nowadays are no different.
Spybot.PKC - May be a close example of the new RBOT variant
Page 1 of 1
MS04-007: RBOT variant - 1st Internet version exploits ASN.1 vulnerability
#1
- Security Reporter
-
- Group: Members
- Posts: 509
- Joined: 10-April 04
- Gender:Male
- Location:Roanoke, Virginia
Posted 06 June 2005 - 03:49 PM
Back to topShare this topic:
Page 1 of 1