Last Updated: 2008-12-31 14:26:41 UTC - "Symantec has identified W32.Downadup.B as a new worm that is spreading by taking advantage of the RPC vulnerability from MS08-067*. It does various things to install and hide itself on the infected computer. It removes any System Restore points that the user has set and disables the Windows Update Service. It looks for ADMIN$ shares on the local network and tries to brute force the share passwords with a built-in dictionary. At this point in time, the worm's purpose appears to be simply to spread and infect as many computers as possible. After January 1, 2009, it will try to reach out to a variety of web sites to pull down an updated copy of itself. You can find examples of the domain names in the Symantec W32.Downadup.B writeup**..."
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
Last Update: 2008-10-24
Critical: Highly critical...
MS08-067 out-of-band netapi32.dll security update
Edited by apluswebmaster, 31 December 2008 - 04:11 PM.