[ISN] Exploit binary released as Symantec finds more code

[InfoSec News]

http://www.smh.com.au/articles/2004/04/28/1083103523103.html

By Sam Varghese 
April 28, 2004 

A binary for one of the exploits released to target a flaw in the
Private Communications Transport (PCT) protocol implementation in the
Microsoft Secure Socket Layer library, has been released on the net.

The compiled version makes it easier for the category of attackers
known as script kiddies to utilise.

Attackers who use this flaw to break in could gain complete control of
servers handling credit card and banking data for online transactions.

Meanwhile, network security and A-V software vendor Symantec says it
has discovered more malicious code that targets the same
vulnerability.

Symantec said in a media release that the malicious code - currently
called backdoor.mipsiv -- opened ports on a system, implemented a
denial-of-service attack against a third-party DNS server system and
also receives command/control instructions via internet relay chat
(IRC) channels.

"Symantec has detected attempts at compromising systems on our
monitored global sensor network and has raised its ThreatCon Rating to
Level 3 as a precautionary measure. Symantec Security Response experts
are analysing the heavily encrypted code and will provide more details
as they become available," the company said.

"The team is also determining if the code is a worm or a bot (a
program used to performs repetitive functions including searching for
news or information)."

Vincent Weafer, senior director, Symantec Security Response, said:  
"We're seeing an increase in the number of exploits, attempts and an
increase in reconnaissance attacks through our DeepSight sensors and
Managed Security Services devices. We encourage our customers to
expedite their patching if they haven't already."

On April 14, a French group, k-otik, released code to exploit another
vulnerability in Windows which was also patched this month.