[Full-disclosure] setSlice exploited in the wild - massively



Exploit code is available publicly:
http://www.milw0rm.com/exploits/2440

SANS diary:
http://isc.sans.org/diary.php?storyid=1742

And this is so massively exploited, it makes VML look cute. There's a
rootkit, some other malware, and haxdor! (a phishing trojan horse)

Thanks to Roger Thompson at explabs.com for first reporting it.

Gadi.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • setSlice exploited in the wild - massively
    ... And this is so massively exploited, it makes VML look cute. ... rootkit, some other malware, and haxdor! ...
    (Bugtraq)
  • RE: Microsoft Phishing Filter Add-in for MSN Search Toolbar
    ... Well,you need to remove it,to remove the rootkit. ... And I told you to zip the folder and send it for analyze to VirusTotal. ... They will scan it for malware with almost ALL antivirus softwares with the ... Panda TruPrevent - the most intelligent technology to combat unknown malware ...
    (microsoft.public.security)
  • Re: hacktool.rootkit HELP
    ... also real time scanning. ... Once malware is active it has the potential to smack ... but may not if there's a rootkit altering the behavior ...
    (microsoft.public.security.virus)
  • Re: A Hijacking Problem
    ... There is NO RootKit in this. ... | indentified malware has already downloaded and installed a lot of other ... installation of WinAntivirus Pro, ... "There is a security vulnerability from the Blackworm virus. ...
    (alt.computer.security)
  • Re: How good is Comodo Internet Security?
    ... It's true under the condition that malware is run under an admin account ... the rootkit functionality may be used by malware to disguise itself. ...
    (comp.security.firewalls)