Results 1 to 2 of 2

Thread: MS07-009 exploit code released

  1. 2007-03-26, 19:06 #1
    AplusWebMaster
    AplusWebMaster is offline
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS07-009 exploit code released

    FYI...

    - http://www.websense.com/securitylabs...hp?AlertID=758
    March 26, 2007 ~ "Full exploit code was published this morning for MDAC vulnerability MS07-009. The original demonstration of this vulnerability occurred on July 29, 2006 in HD Moore's Month of Browser Bugs #29. At the time, only a denial-of-service demonstration was published... Our scanners are now actively searching for any live sites that are attempting to exploit this vulnerability. This type of vulnerability has been very popular with malicious attacks in the past and we expect to see its usage increase substantially, now that exploit code is publicly available. On February 13, 2007, Microsoft® released patch MS07-009 to address this vulnerability. We recommend that you apply this patch immediately, if you have not yet done so. See the Microsoft Security Bulletin at:
    > http://www.microsoft.com/technet/sec.../ms07-009.mspx ..."

    Also noted here: http://www.us-cert.gov/current/#ADODBActiveX

    Last edited by AplusWebMaster; 2007-03-26 at 23:32. Reason: Added US-CERT reference...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .
  2. 2007-03-26, 21:21 #2
    AplusWebMaster
    AplusWebMaster is offline
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    - http://www.websense.com/securitylabs...php?BlogID=115
    Mar 26 2007 ~ "...Everything starts with a very kind email, offering us a unique opportunity for investment, where we can make a minimum of 15% profit per day for a period of 10 days... What we do not see is the code trying to exploit the MDAC vulnerability it contains. Through that code, it downloads and executes a file called Junix.exe, which is a self-extracting, compressed file that contains several other files:
    * bpk.exe
    * bpkhk.dll
    * bpkr.exe
    * inst.dat
    * pk.bin
    The two exe files and the dll are in charge of handling the keystrokes and sending the information to the attacker. The inst.dat file contains configuration data for installing the application. The pk.bin file contains the email address where the information is being sent, along with additional data. To avoid being discovered, the files bpk.exe, bpkhk.dll, and pk.bin are encrypted with a simple XOR operation. After everything has been installed on the system, the malware notifies the attacker that the installation has been successfully carried out... After alerting the attacker, it remains vigilant for anything typed on the keyboard and captures it. Additionally, every five minutes it takes a full-sized screenshot and prepares a thumbnail of it. These are both kept in a directory called dt, which the Trojan has previously created. Then the captured information is sent to the attacker, so that he or she can check which pages we have been visiting and what we have been typing..."

    (More detail and screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules