August 14, 2006

MS06-040 Monday Roundup

wormAfter a weekend of monitoring here’s what we seem to know about the MS06-040 Worm(s) in the wild:

  • There’s at least two variants in the wild so far (ref)
  • It appears to be primarily targeting Windows 2000 machines (ref)
  • After infecting machines it communicates out via IRC via port 18067 and scans for additional machines to infect via port 445 (ref)
  • One variant is also spreading via AOL IM. (ref)
  • Most AV Vendors have released updates to detect for at least some of these known exploits.
  • The purpose of the worm seems to be to spread a botnet to SPAM.

A couple of stats to ponder:

  • Time from patch release to public POC code: ~40 hours
  • Time from patch release to self propagating worm: ~96 hours
  • Average time it takes an enterprise to patch a critical vulnerability: A lot more than 96 hours.

References:

Share It: del.icio.us:MS06-040 Monday Roundup digg:MS06-040 Monday Roundup reddit:MS06-040 Monday Roundup Y!:MS06-040 Monday Roundup
Read More: Threats
Related: Start Your Patching Engines - May Patch Roundup
 Exploits Available for Yesterday’s MS Patches
 18 Vulnerabilities, 7 Patches, 1 Barrel of Monkeys
 POC Code for MS06-040

One Response to “MS06-040 Monday Roundup”

  1. Computer world security » MS06-040 Monday Roundup Says:

    […] Original post by Security Wonk and software by Elliott […]

    April 10th, 2007 at 4:17 am

Post a Comment...

(required)

(required)
(will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>