[Dshield] Trojan that exploits MS05-0??

David Taylor ltr at isc.upenn.edu
Tue Oct 18 12:22:09 GMT 2005


Later this evening Trend updated their webpage concerning the TROJ_SSPLOIT.A
virus to show that it was not MS05-051, but was MS05-012 instead

http://isc.sans.org/diary.php?storyid=769



==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 

SANS - The Twenty Most Critical Internet Security Vulnerabilities 
http://www.sans.org/top20/

SANS - Internet Storm Center
http://isc.sans.org

irc.freenode.net #dshielders
http://freenode.net/



-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of David Taylor
Sent: Monday, October 17, 2005 8:12 PM
To: 'General DShield Discussion List'
Subject: Re: [Dshield] Trojan that exploits MS05-0??


I may be wrong but I am thinking Trendmicro bundled the MSDTC in the text of
the advisory because that is how it was bundled by Microsoft (Thanks
Microsoft!).  They refer to MSDTC/COM. I'm going to 'guess' this uses the
COM vulnerability. Probably a local privilege escalation.




==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 

SANS - The Twenty Most Critical Internet Security Vulnerabilities 
http://www.sans.org/top20/

SANS - Internet Storm Center
http://isc.sans.org

irc.freenode.net #dshielders
http://freenode.net/



-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Martin Forest
Sent: Monday, October 17, 2005 7:49 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Trojan that exploits MS05-0??


Are you talking about MS05-031 or MS05-051?
/martin forest
On Tue, 18 Oct 2005 10:50:56 +1300, Roger Roberts  
<roger.roberts at gmail.com> wrote:

> Let the MS05-031 Games possibly begin. Trend link, doesnt appear to have
> taken off as of yet.
>
>
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FSSPLO
IT%2EA&VSect=T
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:  
> http://www.dshield.org/mailman/listinfo/list



-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list