Comments on: Exploit-MS08-067 Bundled in Commercial Malware Kit http://blogs.mcafee.com/mcafee-labs/exploit-ms08-067-bundled-in-commercial-malware-kit Tue, 29 Nov 2011 07:51:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Trackback - Cheap Internation Call >> How to make cheap international call http://blogs.mcafee.com/mcafee-labs/exploit-ms08-067-bundled-in-commercial-malware-kit/comment-page-1#comment-19582 Trackback - Cheap Internation Call >> How to make cheap international call Thu, 19 Nov 2009 21:56:16 +0000 http://www.labs.com/research/blog/?p=746#comment-19582 ,..] www.labs.com is one interesting source of information on this subject,..] ,..] www.labs.com is one interesting source of information on this subject,..]

]]> By: Mike http://blogs.mcafee.com/mcafee-labs/exploit-ms08-067-bundled-in-commercial-malware-kit/comment-page-1#comment-19581 Mike Wed, 11 Nov 2009 16:08:13 +0000 http://www.labs.com/research/blog/?p=746#comment-19581 So the Chinese are now just publicly selling <a href="http://www.sophos.net/" rel="nofollow">malware</a> kits...amazing. In response to #8, not sure if you are kidding or not, but just in case....No, there is absolutely zero chance that this kit was used to make or implement Conficker. So the Chinese are now just publicly selling malware kits…amazing. In response to #8, not sure if you are kidding or not, but just in case….No, there is absolutely zero chance that this kit was used to make or implement Conficker.

]]> By: John N http://blogs.mcafee.com/mcafee-labs/exploit-ms08-067-bundled-in-commercial-malware-kit/comment-page-1#comment-19570 John N Mon, 23 Mar 2009 17:19:08 +0000 http://www.labs.com/research/blog/?p=746#comment-19570 Any indications this package was used to create Conficker? Any indications this package was used to create Conficker?

]]> By: Matthew Wollenweber http://blogs.mcafee.com/mcafee-labs/exploit-ms08-067-bundled-in-commercial-malware-kit/comment-page-1#comment-19563 Matthew Wollenweber Sun, 16 Nov 2008 21:06:43 +0000 http://www.labs.com/research/blog/?p=746#comment-19563 Did you guys look into the commercial version of the app? From what I see above, it looks like they probably just re-packaged code existing elsewhere (Milw0rm/Metasploit/CANVAS). Are they using the exact same code? Do they alter any of the encoding to bypass signatures? Likewise with the toolkit version, what software are they dropping on the target box? Do the tools match known signatures? Did you guys look into the commercial version of the app? From what I see above, it looks like they probably just re-packaged code existing elsewhere (Milw0rm/Metasploit/CANVAS). Are they using the exact same code? Do they alter any of the encoding to bypass signatures?

Likewise with the toolkit version, what software are they dropping on the target box? Do the tools match known signatures?

]]>