MS04-011 - Hacktool.THCIISLame (hacking tool)

This is the first formally published security concern, I've seen that takes advantage of the recent Microsoft security vulnerabilities patched in April 2004. It is not a virus or worm, but this malicious program could be used by attackers to compromise the security on unpatched systems.

This new development illustrates that there might be storm clouds on the horizon, so it's important to get patched up.

MS04-011 - Hacktool.THCIISLame (hackers tool)
http://www.symantec.com/avcenter/ve...thciislame.html

Hacktool.THCIISLame is a hack tool that takes advantage of the SSL PCT Windows vulnerability, as described in Microsoft Security Bulletin MS04-011. It provides an attacker a system shell on a specified remote computer. The vulnerability affects unpatched versions of Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003. It is considered Critical for NT/2000, Important for XP, and Low for 2003.

MS04-011 Vulnerability Information
http://www.microsoft.com/technet/se...n/MS04-011.mspx

Upon execution, Hacktool.THCIISLame performs the following actions:

1. Sends a specially crafted exploit string to TCP port 443 of the IP address, specified on the command line.

2. If the vulnerability is successfully exploited, the shell code executed will reconnect to the IP and port that the attacker specified on the command line.