Author: JT Smith
Posted at Help Net Security: “We’ve all just been hit by a VERY aggressive worm/virus.
Quick analysis indicates that it propagates itself in a number of different ways:
Through use of IIS UNICODE direcory traversal coupled with the recent IIS .dll privilege escalation attack. It uses SMB/CIFS and TFTP to get the worm payload.
Through MAPI mails (probably to all of addressbook).”
Category:
- Linux