Hopefully, the ingress rules blocking SMB from coming in and egress rules used by ISPs to block outgoing SMB will mitigate the impact this time around.
send9 | 10.23.08 - 6:08 pm | #

Detected by VVS
Michael St. Neitzel | Homepage | 10.23.08 - 6:51 pm | #

(He means that the trojans are detected by VIPRE's Virtual System).
alex eckelberry | 10.23.08 - 7:41 pm | #

> We have samples in-house of the trojans in-the-wild that are being used in targeted attacks, taking advantage of this exploit.

Has anyone there tested whether or not disabling RPC-DCOM (using, say, SafeXP) makes this specific vuln go away? If so, what was the result?
Mark Odell | 10.25.08 - 1:51 am | #