RPC worm (MS08-067) in the wild

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

The first e-mail appeared only to bugtraq and full-disclosure, sorry, but is copied here:

The worm-type exploitation has started. More information at
http://www.f-secure.com/weblog/archives/00001526.html

The worm component has reportedly detection name Exploit.Win32.MS08-067.g and the kernel component 
Rootkit.Win32.KernelBot.dg, in turn.

Symantec uses Worm category too and the name W32.Wecorl:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-110306-2212-99&tabid=2

Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.