Technologies that
Bring Peace of Mind
Subscribe to Newsletter:
Online
technical Help
and Support
Status live support chat
Live support
Have a question?
Call us Toll-Free at:
1-877-ANTISPY
1-877-2684779
+44-207-099-2078
More contacts


Subscribe to our
RSS feed
Subscribe to our RSS feed
In focus
Latest on MS08-067
November 6, 2008 02:47


    

Hi, this is Christopher Budd. We´ve been getting some questions from customers this week asking if we´ve seen any changes in the threat environment around MS08-067. We do have some information that we can share so I wanted to pass that along.

Most importantly, we continue to see strong deployments of MS08-067. We´re glad that customers have moved as quickly as they have to download, test and deploy the update. That said, we continue to urge customers who haven´t yet deployed the update to do so.

We have seen some new pieces of malware attempting to exploit this vulnerability this week. And while so far, none of these attacks are the broad, fast-moving, self-replicating attacks people usually think of when they hear the word “worm,” they do underscore the importance of deploying this update if you haven´t already.

My colleagues over in the Microsoft Malware Protection Center (MMPC) have provided write ups on the new pieces of malware we´ve seen this week and have included signatures to help protect against these.

·        Trojan:Win32/Wecorl.A

·        Trojan:Win32/Wecorl.B

·        Trojan:Win32/Clort.A

·        Trojan:Win32/Clort.A!exploit

·        Trojan:Win32/Clort.A.dr

·        TrojanDownloader:Win32/VB.CQ

·        TrojanDownloader:Win32/VB.CJ

Again, none of these are broad, fast-moving, self-replicating attacks. They´re similar to the original attacks we detected, in that they focus on loading malware onto vulnerable system. They´re also similar in that the overall scope of these attacks is very limited. The largest of these attacks are those associated with Clort family and we´ve seen well below fifty attacks worldwide.

Overall the threat environment remains similar to what it was last Monday when we released Microsoft Security Advisory 958963.  The publically available exploit code has resulted in limited malware attacks seeking to exploit the vulnerability. This is in-line with what Mike said we should expect last week. We expect we´ll continue to see new pieces of malware  over the coming days and weeks,  and our colleagues over in the MMPC will continue to add write-ups and signatures for them.

We´ll continue to watch and update you of any important new developments.

Thanks

Christopher

*This posting is provided "AS IS" with no warranties, and confers no rights*

Link: http://blogs.technet.com/msrc/archive/2008/11/05/l...

All news for January 5, 2009
  22:56  Schneier on Security: FBI's New Cryptanalysis Contest
  22:03  Steve Riley on Security: Poll: do you use scheduled scans for malware?
  18:22  Martin McKeay: Four information points on Twitter phishing
  14:34  Schneier on Security: Trends in Counterfeit Currency

All news for January 3, 2009
  00:49  Schneier on Security: Friday Squid Blogging: Climate Change Affects Squids
  00:08  Schneier on Security: Friday Squid Blogging: Squid Attacks ROV

All news for January 2, 2009
  20:17  Schneier on Security: Another Recently Released NSA Document
  18:13  Martin McKeay: Welcome to 2009
  14:42  Schneier on Security: Software Security
Keywords: latest, on, ms08-067

All news for January, 2009

All news for 2008

All news for 2009
Created by Clever Crayon
Created by
Clever Crayon

Useful info: Best LCD Monitors, Home Security, content management system



Copyright © 1999 - 2009 Global Information Technology (UK) Limited. All Rights Reserved.