[Dshield] Trojan that exploits MS05-031

Chris Wright dshield at yaps4u.net
Mon Oct 17 22:37:53 GMT 2005


> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Roger Roberts
> Sent: Monday, October 17, 2005 10:51 PM
> To: list at lists.dshield.org
> Subject: [Dshield] Trojan that exploits MS05-031
> 
> Let the MS05-031 Games possibly begin. Trend link, doesnt 
> appear to have taken off as of yet.
> 

I don't understand part of their claim:

<quote>
This Trojan is compiled using Microsoft Visual Basic. It affects the
following Windows versions: 

Windows 2000 Service Pack 4 
Windows XP Service Pack 1 
Windows XP Service Pack 2 
Windows XP Professional x64 Edition 
Windows Server 2003 
Windows Server 2003 Service Pack 1 
Windows Server 2003 for Itanium-based Systems 
Windows Server 2003 with SP1 for Itanium 
Windows Server 2003 x64 Edition 

Note, however, that systems running Windows XP Service Parck 2, Windows
Server 2003, and Windows Server 2003 Service Pack 1 have default settings
that require the remote malicious user or malware to have valid login
credentials in order to perform the exploit employed by this Trojan
</quote>

They say it effects XP SP2, W2003, W2003 SP1, and then go on to say it
requires the remote user to have valid login credentials.  So unless it's a
two pronged attack, or issues some sort of "Before this malware can be
deemed dangerous, please create the following account and then run me again"
message.

I do so hate it when they do that... 

Regards

Chris




More information about the list mailing list