点饭的百度空间
银牌会员
积分 2315
发帖 2236
注册 2007-11-30
|
#1 发现溢出ms08067网络入侵微点报警! 我们的微点保卫我们,抵御微软最新漏洞攻击
微软4年来最强漏洞来了! 当年的RPC漏洞重现 危害类似"冲击波"
微软在2008年10月24日凌晨 太平洋标准时间下午1点举行网络直播会议紧急发布一个最高级别为严重的安全补丁ms08-067,用以修复已发现的Windows Server service 的漏洞并可能被利用于远程攻击或散播蠕虫. 攻击成功者可能获取系统的完全控制权限.
微软系统这一安全漏洞可影响包括Windows XP、Windows 2000、Windows Server 2003、Windows Vista等几乎所有主流操作系统。黑客可以利用此漏洞发动大规模远程攻击,实际效果可与“冲击波”“震荡波”等病毒类似。
“冲击波”病毒于2003年8月首次爆发,1小时内就造成全球上百万台电脑瘫痪。中毒电脑的系统资源被大量占用,有时会弹出RPC服务终止的对话框,并且系统反复重启,不能收发邮件、不能正常复制文件、无法正常浏览网页,复制粘贴等操作受到严重影响。
NOTICE: October 23, 2008: Today the MSRC released Security Bulletin MS08-067. For more information on this bulletin, and to stay protected get the latest information from the MMPC here on our blog: http://blogs.technet.com/mmpc/ar ... -protected-now.aspx
Get Protected, Now!
Thursday, October 23, 2008 10:00 AM by mmpc
We have detection for the current attacks. Its name is Exploit:Win32/MS08067.gen!A and it is included in VDM update version 1.45.1012.0 and higher. We released these VDMs this morning shortly after 10 AM PDT. These current attacks will be detected when the attack file is copied to the victim’s computer, for example, as part of its self replication. Note that we are not aware of any self replicating malware that is exploiting this vulnerability at the moment. This update can detect the current attacks and we will continue to update should more be created. Our team, the Microsoft Malware Protection Center, is on the alert and is closely monitoring the situation.
Currently, attacks try to download a trojan named n2.exe to the victim’s computer and there are now two different versions of this binary. Our products are able to detect both files as TrojanSpy:Win32/Gimmiv.A. This trojan drops another DLL that we detect as TrojanSpy:Win32/Gimmiv.A.dll. The malware deletes itself after it executes so you may not find it even on systems that were previously infected. Our products provide real-time protection that will block that malware from being copied to the hard drive. You can read more details about this malware in our encyclopedia write ups.
So get protected, and the sooner, the better.
文章来自微软Microsoft® Malware Protection Center官方BLOG
链接地址:http://blogs.technet.com/mmpc/ar ... -protected-now.aspx
Our Micropoint protect us against Microsoft Security Hole-MS08067
 微点试用版预升级应该都可以硬防 还记的当年的“冲击波”病毒吗? 在不安装更新微软Windows漏洞补丁的情况下,第一时间微点主动防御软件就能够抵挡威胁!!
有兴趣的朋友可自行测试 xp sp2始终是溢出就崩溃,寒!一直没找到可以成功执行ShellCode的,还是SP3比较好或者是差!对比上面两张图,可见sp2还是安全的,幸亏没用什么sp3
MS08-067溢出环境:
lanmanworkstation服务开启(默认)
server服务开启(默认)
Browser服务开启(默认)
windows默认防火墙禁用。。。貌似装了某些杀毒软件会自动禁用的,所以不说了。。。。
对于未使用微点主动防御软件的用户,个人建议:
1、开启windows自动更新,及时打好漏洞补丁 应用更新:http://bbs.micropoint.com.cn/showthread.asp?tid=43026&fpage=1
2、不要在不明站点下载非官方版本的软件进行安装,避免病毒通过捆绑的方式进入您的系统。黑屏病毒专题报道:小心黑屏行动酿成黑客风暴:http://hi.baidu.com/micropoint/b ... 8b121790ef39f7.html 安装微点主动防御类软件,该软件是解决此类病毒最有效的方法。
 
Summary
Exploit:Win32/MS08067.gen!A is a generic detection for code that attempts to exploit a vulnerability in SVCHOST.EXE. If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled.
On targeted hosts running Windows 2003, XP, 2000 or NT, this remote attack may be performed by an unauthenticated user. Successful exploitation of the vulnerability on systems with default installations of Windows Vista and Windows Server 2008 require authentication due to protections introduced as part of user access control (UAC) that enforce additional levels of integrity.
Microsoft strongly recommends that users apply the update referred to in Security Bulletin MS08-067 immediately.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).
 
 
 
 
 
 
 
 
MSG to hack: the first virus who bypass Micropoint will be the first killed in the next 24hours!
[ Last edited by 点饭的百度空间 on 2008-11-14 at 09:24 ]
| |
※ ※ ※ 本文纯属【点饭的百度空间】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
你的微笑 is 微点的骄傲!
http://hi.baidu.com/new/micropoint |
|
|
2008-10-30 11:00 |
|
snhao
银牌会员
积分 1791
发帖 1782
注册 2007-6-12
|
#2
一堆阴文看得头大
| |
※ ※ ※ 本文纯属【snhao】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2008-10-30 11:11 |
|
心随风落
高级用户
积分 518
发帖 500
注册 2007-1-24
|
#3
看明白LZ表达的意思了!
8月份的微点都能查杀咯!
| |
※ ※ ※ 本文纯属【心随风落】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2008-10-30 15:57 |
|
yurong7777777
高级用户
积分 536
发帖 534
注册 2008-9-12
|
#4
你想说什么
| |
※ ※ ※ 本文纯属【yurong7777777】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2008-10-30 18:17 |
|
gudan
高级用户
积分 605
发帖 579
注册 2007-7-20
|
#5
厄,又是这个,楼主e文那么好就不要让我在线翻译了,能累死人的
| |
※ ※ ※ 本文纯属【gudan】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
相思无用 唯别而已
别期若有定
千般煎熬又何如
莫道黯然销魂
何处柳暗花明 |
|
|
|
2008-11-1 01:58 |
|
点饭的百度空间
银牌会员
积分 2315
发帖 2236
注册 2007-11-30
|
|
|
2008-11-8 10:54 |
|
ballpointpen
中级用户
积分 436
发帖 434
注册 2006-6-20
|
#7
| Quote: | Originally posted by 点饭的百度空间 at 2008-10-30 11:00:
微软4年来最强漏洞来了! 当年的RPC漏洞重现 危害类似"冲击波"
微软在2008年12月24日清晨 太平洋标准时间下午1点举行网络直播会议紧急发布一个最高级别 ... |
|
是2008年10月23日,非12月24日
NOTICE: October 23, 2008
| |
※ ※ ※ 本文纯属【ballpointpen】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2008-11-13 20:15 |
|
点饭的百度空间
银牌会员
积分 2315
发帖 2236
注册 2007-11-30
|
#8
| Quote: | Originally posted by ballpointpen at 2008-11-13 20:15:
是2008年10月23日,非12月24日
NOTICE: October 23, 2008 |
|
抱歉! 已纠正
| |
※ ※ ※ 本文纯属【点饭的百度空间】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
你的微笑 is 微点的骄傲!
http://hi.baidu.com/new/micropoint |
|
|
|
2008-11-14 09:54 |
|
