Monday, November 17, 2008

China Hacker's Tool for MS08-067 Vulnerability

It is not surprised to know that there is a tool that targeting one of the major security leaks in Microsoft RPC Server service. This vulnerability (CVE-2008-4250) allows attackers to write a worm (commonly detected as Trojan.Gimmiv) to spread over the network without user interaction by creating specially crafted RPC request and sent to the vulnerable machine. A successful exploitation would result in complete control of victim's machine.

Interestingly, the hackers who use this tool 狼牙全自动MS08-067抓鸡器 (Wolfteeth Bot Catcher) will be hacked by the tool's author by dropping a backdoor file on the hackers' machine. It is a very good technique to own other hackers' machine though. :)

Below is the screenhshot of the tool:


More info:

http://securitylabs.websense.com/content/Blogs/3237.aspx (Detail analysis of the tool)
http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx


Update:

Ahh, I found that this tool does not contain the backdoor originally. The author, WolfTeeth, claimed that there are some versions of this tool distributed on the Internet have been "trojanized" and this tool can be downloaded from his "malware shop", http://www.ly807359.cn/.

2 comments:

Anonymous said...

The exploit was given by my friend, I just make it easier for use. Since an antivirus company in China announced that it was dangerious, I have already delete it from my blog.

x9090 said...

Hi,

Thanks for your comment.

No worries! I just want to let the security enthusiasts know there is such hack tool available on Internet which can make exploit easily. ;)