When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

New Worm Targets MS05-039 Vulnerability

CEO - Neowin.net Neowin · with -1 comments

McAfee is reporting an outbreak of a new worm that affects Windows 2000 and pre Windows XP SP2 users.

The worm creates 16 threads to scan for infectable systems. The worm targets random class B IP addresses, sending SYN packets to TCP Port 445. When a vulnerable system is found, buffer overflow and shellcode is sent to the remote system, creating an FTP script and launching FTP.EXE to download and execute the worm from the source system.

This worm exploits the MS05-039 vulnerability. There are at least 2 other W32/Sdbot based worms know to exist that also exploit this vulnerability. They may be seen with the filenames pnpsrv.exe or winpnp.exe.

View: Details & Fix Information @ McAfee

View: MS05-039 Bulletin & Fixes @ Microsoft

Source: Thanks Jon for posting this in Back Page News on our forums.

Report a problem with article
Next Article

FlashGet 1.70

Previous Article

Quake II: Lost Marine QuakeCon 2005 Test Build

Join the conversation!

Login or Sign Up to read and post a comment.

-1 Comments - Add comment