Saturday, November 1, 2008

Victims of RPC Trojan Gimmiv

Via SecuriTeam Blog -

The RPC Worm Victim List has a list [.txt] of hundreds machines and they are mainly Windows XP machines (MSIE 6.0 or MSIE7.0; Windows NT 5.1 in browser’s user agent).

I made a script to generate WHOIS queries and the results say that the victim machines are located mainly in Australia, China, Philippines, India, Japan, Korea, Malta, Malaysia, Taiwan, and Vietnam. There are only some machines in France, UK, and USA.

It’s very interesting that there is an IP from Microsoft too - a Wget machine with IP address 64.147.0.80. The Wget version is 1.10.2.

There are several Wget UA’s included, one with the version number Wget/1.8.2 too.

I recommend that Redmon guys patch that machine ASAP.

--------------------------------------

On this same topic, it looks like F-Secure has started to detect PoC Binaries designed to attack English OSs (XP SP2, XP SP3, Win2003 SP2).

No comments:

Post a Comment