[Full-disclosure] setSlice exploited in the wild - massively

Exploit code is available publicly:
http://www.milw0rm.com/exploits/2440

SANS diary:
http://isc.sans.org/diary.php?storyid=1742

And this is so massively exploited, it makes VML look cute. There's a
rootkit, some other malware, and haxdor! (a phishing trojan horse)

Thanks to Roger Thompson at explabs.com for first reporting it.

Gadi.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • setSlice exploited in the wild - massively
    ... And this is so massively exploited, it makes VML look cute. ... rootkit, some other malware, and haxdor! ...
    (Bugtraq)
  • RE: Microsoft Phishing Filter Add-in for MSN Search Toolbar
    ... Well,you need to remove it,to remove the rootkit. ... And I told you to zip the folder and send it for analyze to VirusTotal. ... They will scan it for malware with almost ALL antivirus softwares with the ... Panda TruPrevent - the most intelligent technology to combat unknown malware ...
    (microsoft.public.security)
  • Re: hacktool.rootkit HELP
    ... also real time scanning. ... Once malware is active it has the potential to smack ... but may not if there's a rootkit altering the behavior ...
    (microsoft.public.security.virus)
  • Re: A Hijacking Problem
    ... There is NO RootKit in this. ... | indentified malware has already downloaded and installed a lot of other ... installation of WinAntivirus Pro, ... "There is a security vulnerability from the Blackworm virus. ...
    (alt.computer.security)
  • RE: system32 "invisible" system.drv deleted
    ... this was Malware utilizing a rootkit. ... ability to hide files or applications from the rest of the operating system. ... I had new virus signatures, ...
    (microsoft.public.win2000.general)