Security News > 2004 > April > Exploit binary released as Symantec finds more code

Exploit binary released as Symantec finds more code
2004-04-28 09:45

http://www.smh.com.au/articles/2004/04/28/1083103523103.html By Sam Varghese April 28, 2004 A binary for one of the exploits released to target a flaw in the Private Communications Transport (PCT) protocol implementation in the Microsoft Secure Socket Layer library, has been released on the net. The compiled version makes it easier for the category of attackers known as script kiddies to utilise. Attackers who use this flaw to break in could gain complete control of servers handling credit card and banking data for online transactions. Meanwhile, network security and A-V software vendor Symantec says it has discovered more malicious code that targets the same vulnerability. Symantec said in a media release that the malicious code - currently called backdoor.mipsiv -- opened ports on a system, implemented a denial-of-service attack against a third-party DNS server system and also receives command/control instructions via internet relay chat (IRC) channels. "Symantec has detected attempts at compromising systems on our monitored global sensor network and has raised its ThreatCon Rating to Level 3 as a precautionary measure. Symantec Security Response experts are analysing the heavily encrypted code and will provide more details as they become available," the company said. "The team is also determining if the code is a worm or a bot (a program used to performs repetitive functions including searching for news or information)." Vincent Weafer, senior director, Symantec Security Response, said: "We're seeing an increase in the number of exploits, attempts and an increase in reconnaissance attacks through our DeepSight sensors and Managed Security Services devices. We encourage our customers to expedite their patching if they haven't already." On April 14, a French group, k-otik, released code to exploit another vulnerability in Windows which was also patched this month. _________________________________________ ISN mailing list Sponsored by: OSVDB.org


News URL

http://www.smh.com.au/articles/2004/04/28/1083103523103.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Symantec 79 10 69 77 11 167