We just received two malware samples exploiting the MS06-040 vulnerability (Vulnerability in Server Service Could Allow Remote Code Execution. Joey discussed about the MS06-040 public exploits in an earlier blog entry, “Public exploits for MS06-040”.The malware samples have different md5 hashes, however, they share a common characteristic where they point to the same command-and-control servers. These malwares are discussed in the following URLs:
Update (JoneZ, Sun, 13 Aug 2006 11:27:53 AM)
The samples will be detected by Trend as WORM_IRCBOT.JK and WORM_IRCBOT.JL.
Update (JoneZ, Sun, 13 Aug 2006 05:28:42 PM)
Complete Virus Report for the malwares can be viewed in our Virus Encyclopedia.
Please update your pattern files to the latest Official Pattern Release 3.651.00. This includes the detection for the malwares described above. Kindly follow the link below for Trend Micro official pattern download site.