[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: cuebot-d infection method
Description tab on said site.
W32/Cuebot-D is a network worm with backdoor Trojan functionality for the
W32/Cuebot-D attempts to spread using a variety of techniques including the
exploitation of the PnP vulnerability (MS05-039).
A patch for the PnP operating system vulnerability exploited by W32/Cuebot-D
can be obtained from Microsoft at:
From: Jeff Bryner [mailto:jbryner1@xxxxxxxxx]
Sent: Wednesday, August 24, 2005 11:03 AM
Subject: cuebot-d infection method
I've seen a couple cuebot-d infections over the last couple days and am
trying to track down the source of them. Has anyone seen enough of this
to know the universe of ways the pc gets initially infected?
The pcs that have gotten infected have mcafee running on them which
incorrectly picks it up as W32/Sdbot.worm.gen.by when a scan is
requested. It didn't seem to pick it up *until* a scan was requested.
The writeup at http://www.sophos.com/virusinfo/analyses/w32cuebotd.html
fits the scenario, but it doesn't say exactly what the initial
infection vector is.
Thanks for any help.
CISSP, GCIH, GCFA