Random Entry: Telkom, JM Attorneys, Meiring & Company Inc.
< Microsoft Patches a month late | Targeted Penetration >

Dasher and the MS05-051 worm

A worm exploiting the MS05-051 Windows Distributed Transaction Coordinator vulnerability has been released. The first variant was crippled, but it appears a fixed one has been released. F-Secure has done the footwork on this with the help of malware samples from the ISC. Both worms are using the exploit code released by Swan on Dec 1st. They are calling it Dasher. The ISC thinks this is what has been responsible for the spike in port 1025 activity.

Dasher.A, Dasher.B, Dasher.C

The now-typical rapid variation of malware is occuring. Dasher.C is out with an anti-anti-malware payload, probally more to come.

Patch, firewall port 1025, update anti-virus, monitor (snort sigs).

update: added link to snort rules
update: added link to dasher.c

Thursday, December 15. 2005
Posted by Dominic White in Security
Comments (0) | Trackbacks (0)

Last modified on 2005-12-17 22:51

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry