Security Incidents mailing list archives
RE: cuebot-d infection method
From: "Matthew Neeley" <matt.neeley () familyfeaturedproducts com>
Date: Wed, 24 Aug 2005 13:25:12 -0400
Description tab on said site. W32/Cuebot-D is a network worm with backdoor Trojan functionality for the Windows platform. W32/Cuebot-D attempts to spread using a variety of techniques including the exploitation of the PnP vulnerability (MS05-039). A patch for the PnP operating system vulnerability exploited by W32/Cuebot-D can be obtained from Microsoft at: MS05-039 -----Original Message----- From: Jeff Bryner [mailto:jbryner1 () yahoo com] Sent: Wednesday, August 24, 2005 11:03 AM To: incidents () securityfocus com Subject: cuebot-d infection method I've seen a couple cuebot-d infections over the last couple days and am trying to track down the source of them. Has anyone seen enough of this to know the universe of ways the pc gets initially infected? The pcs that have gotten infected have mcafee running on them which incorrectly picks it up as W32/Sdbot.worm.gen.by when a scan is requested. It didn't seem to pick it up *until* a scan was requested. The writeup at http://www.sophos.com/virusinfo/analyses/w32cuebotd.html fits the scenario, but it doesn't say exactly what the initial infection vector is. Thanks for any help. Jeff CISSP, GCIH, GCFA
Current thread:
- cuebot-d infection method Jeff Bryner (Aug 24)
- RE: cuebot-d infection method Matthew Neeley (Aug 24)
- Re: cuebot-d infection method Matt Stockdale (Aug 24)
- Re: cuebot-d infection method Irwan Ismail (Aug 25)
- RE: cuebot-d infection method Jason Burton (Aug 25)
- Re: cuebot-d infection method Jayson Anderson (Aug 25)
- Re: cuebot-d infection method Harlan Carvey (Aug 26)
- Re: cuebot-d infection method Jeff Bryner (Aug 29)
- Re: cuebot-d infection method Harlan Carvey (Aug 29)
- Re: cuebot-d infection method Jayson Anderson (Aug 29)
- Re: cuebot-d infection method Jose Nazario (Aug 29)
- Re: cuebot-d infection method Irwan Ismail (Aug 25)