Trend Micro Reports MS05-053 Worm in the Wild - But is it? - Security Manifest

Recent Posts

Tags

Community

Email Notifications

Go

Write-Ups

Security Blogs

Miscellaneous Blogs

Security Sites

Archives

Security Manifest

Benjamin Johnstone-Anderson, Microsoft MVP - Windows Security

Trend Micro Reports MS05-053 Worm in the Wild - But is it?

Trend Micro has reported that they have found a worm in the wild that abuses the recently-discovered MS05-053 vulnerability, according to their analysis here. The vulnerability, published three days ago, was rated as critical. The discovery of a worm in the field this quickly could make for one of the fastest turn-arounds from patch publishing to discovery in the wild. But, Trend Micro says, upon further review, it's unclear whether the detection is accurate. CNET News's Joris Evers reports:

Trend Micro on Wednesday reported the discovery of a Trojan horse that it said attacked Windows users through an image rendering flaw in Windows, a day after Microsoft provided a fix for the bug. But it isn't so sure anymore.

The Trojan is referred to as "emfsploit.a" by the Tokyo-based antivirus company. Initially the antivirus software maker reported that the malicious code would crash "explorer.exe" on unpatched Windows machines. Explorer runs key parts of the Windows graphical user interface, including the Start menu, taskbar, desktop and file manager.

But late Thursday Trend Micro said its initial analysis of the Trojan might be incorrect.

"We asked another team to start the disassembly process again," said Raimund Genes, chief technologist for Trend Micro in Europe. That means researchers will reinvestigate the Trojan code to see what it does.

The full article is available here, and a brief mention at the Internet Storm Center is available here.

Posted: Nov 11 2005, 03:54 PM by trafton | with 2 comment(s)

Filed under: SECURITY, Security (Medium)

Comments

trafton said:

<a href="http://pitchikita.com/ktpower1/">Pf-1</a>
<a href="http://pitchikita.com/ktpower10/">Pf-2</a>
<a href="http://pitchikita.com/ktpower11/">Pf-3</a>
<a href="http://pitchikita.com/ktpower12/">Pf-4</a>
<a href="http://pitchikita.com/ktpower13/">Pf-5</a>
<a href="http://pitchikita.com/ktpower14/">Pf-6</a>
<a href="http://pitchikita.com/ktpower15/">Pf-7</a>
<a href="http://pitchikita.com/ktpower16/">Pf-8</a>
<a href="http://pitchikita.com/ktpower17/">Pf-9</a>
<a href="http://pitchikita.com/ktpower18/">Pf-10</a>
<a href="http://pitchikita.com/ktpower19/">Pf-11</a>
<a href="http://pitchikita.com/ktpower2/">Pf-12</a>
<a href="http://pitchikita.com/ktpower20/">Pf-13</a>
<a href="http://pitchikita.com/ktpower21/">Pf-14</a>
<a href="http://pitchikita.com/ktpower22/">Pf-15</a>
<a href="http://pitchikita.com/ktpower23/">Pf-16</a>
<a href="http://pitchikita.com/ktpower3/">Pf-17</a>
<a href="http://pitchikita.com/ktpower4/">Pf-18</a>
<a href="http://pitchikita.com/ktpower5/">Pf-19</a>
<a href="http://pitchikita.com/ktpower6/">Pf-20</a>
<a href="http://pitchikita.com/ktpower7/">Pf-21</a>
<a href="http://pitchikita.com/ktpower8/">Pf-22</a>
<a href="http://pitchikita.com/ktpower9/">Pf-23</a>

# November 28, 2005 6:26 AM

trafton said:

http://sd1026.sivit.org/~own1/ DF1 http://sd1026.sivit.org/~own10/ DF2 http://sd1026.sivit.org/~own11/ DF3 http://sd1026.sivit.org/~own-12/ DF4 http://sd1026.sivit.org/~own13/ DF5 http://sd1026.sivit.org/~own14/ DF6 http://sd1026.sivit.org/~own15/ DF7 http://sd1026.sivit.org/~own16/ DF8 http://sd1026.sivit.org/~own17/ DF9 http://sd1026.sivit.org/~own18/ DF10 http://sd1026.sivit.org/~own19/ DF11 http://sd1026.sivit.org/~own2/ DF12 http://sd1026.sivit.org/~own20/ DF13 http://sd1026.sivit.org/~own21/ DF14 http://sd1026.sivit.org/~own22/ DF15 http://sd1026.sivit.org/~own23/ DF16 http://sd1026.sivit.org/~own24/ DF17 http://sd1026.sivit.org/~own25/ DF18 http://sd1026.sivit.org/~own26/ DF19 http://sd1026.sivit.org/~own27/ DF20 http://sd1026.sivit.org/~own28/ DF21 http://sd1026.sivit.org/~own29/ DF22 http://sd1026.sivit.org/~own3/ DF23 http://sd1026.sivit.org/~own30/ DF24 http://sd1026.sivit.org/~own31/ DF25 http://sd1026.sivit.org/~own32/ DF26 http://sd1026.sivit.org/~own33/ DF27 http://sd1026.sivit.org/~own34/ DF28 http://sd1026.sivit.org/~own35/ DF29 http://sd1026.sivit.org/~own36/ DF30 http://sd1026.sivit.org/~own37/ DF31 http://sd1026.sivit.org/~own38/ DF32 http://sd1026.sivit.org/~own39/ DF33 http://sd1026.sivit.org/~own4/ DF34 http://sd1026.sivit.org/~own40/ DF35 http://sd1026.sivit.org/~own41/ DF36 http://sd1026.sivit.org/~own42/ DF37 http://sd1026.sivit.org/~own43/ DF38 http://sd1026.sivit.org/~own44/ DF39 http://sd1026.sivit.org/~own45/ DF40 http://sd1026.sivit.org/~own46/ DF41 http://sd1026.sivit.org/~own47/ DF42 http://sd1026.sivit.org/~own48/ DF43 http://sd1026.sivit.org/~own49/ DF44 http://sd1026.sivit.org/~own5/ DF45 http://sd1026.sivit.org/~own50/ DF46 http://sd1026.sivit.org/~own51/ DF47 http://sd1026.sivit.org/~own52/ DF48 http://sd1026.sivit.org/~own53/ DF49 http://sd1026.sivit.org/~own6/ DF50 http://sd1026.sivit.org/~own7/ DF51 http://sd1026.sivit.org/~own8/ DF52 http://sd1026.sivit.org/~own9/ DF53

# November 29, 2005 12:11 AM

Leave a Comment

Title (required)

Name: (required)

Website: (optional)

Comments (required)

Remember Me?

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.