New Worm Targets MS05-039 Vulnerability

McAfee is reporting an outbreak of a new worm that affects Windows 2000 and pre Windows XP SP2 users.

The worm creates 16 threads to scan for infectable systems. The worm targets random class B IP addresses, sending SYN packets to TCP Port 445. When a vulnerable system is found, buffer overflow and shellcode is sent to the remote system, creating an FTP script and launching FTP.EXE to download and execute the worm from the source system.

This worm exploits the MS05-039 vulnerability. There are at least 2 other W32/Sdbot based worms know to exist that also exploit this vulnerability. They may be seen with the filenames pnpsrv.exe or winpnp.exe.

View: Details & Fix Information @ McAfee

View: MS05-039 Bulletin & Fixes @ Microsoft

Source: Thanks Jon for posting this in Back Page News on our forums.

Report a problem with article
Previous Story

What Is the Ideal iPod Competitor?

Next Story

360 May Not Always Have Hard Drive

0 Comments - Add comment