Just when Microsoft published MS05-047 vulnerability which is dubbed as ‘Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege’ a couple of days after, a remote exploit was publicly posted on FrSIRT.
And just as we expected, a malware that utilizes this exploit follows!
The malware behaves as a backdoor. It installs itself as a service with the name ‘Windows UDP Communication’. To be able to notify the author of the malware, it connects the infected system to particular IRC server/s then only that the attacker can gain control of the affected system. In effect, it registers the affected system as member of a botnet.
Just as other bots, this malware can perform Distributed Denial of Service (DDOS) such as SYN and UDP flood attacks. And the reason why I posted this malware is that it carries an exploit on its body as part of its malicious activites. It exploits the newly published vulnerability abovementioned as one of the commands that the attacker can issue to the affected system remotely!
The malware has been given the detection name BKDR_MOCBOT.A. So, be sure that you have patched up your system to lessen the impact of this kind of malware!
And just as we expected, a malware that utilizes this exploit follows!
The malware behaves as a backdoor. It installs itself as a service with the name ‘Windows UDP Communication’. To be able to notify the author of the malware, it connects the infected system to particular IRC server/s then only that the attacker can gain control of the affected system. In effect, it registers the affected system as member of a botnet.
Just as other bots, this malware can perform Distributed Denial of Service (DDOS) such as SYN and UDP flood attacks. And the reason why I posted this malware is that it carries an exploit on its body as part of its malicious activites. It exploits the newly published vulnerability abovementioned as one of the commands that the attacker can issue to the affected system remotely!
The malware has been given the detection name BKDR_MOCBOT.A. So, be sure that you have patched up your system to lessen the impact of this kind of malware!
