Reports of MS09-039 in the wild
We have read in several places about a report of MS09-039 being actively exploited in the wild. Nothing has been verified, but according to the ISC and their DShield data, there has been a HUGE increase in port 42 being targeted. Looking at the graph, port 42 as the destination hovers around 1,000-2,000 targets a day normally. On the 17th of August, there were nearly 70,000 targets.
That's a 70x increase. Just a coincidence? I don't think so, but unfortunately this is our only fact so far. Hopefully someone can get a malware sample to add more credibility to the lone report of active exploitation.
That's a 70x increase. Just a coincidence? I don't think so, but unfortunately this is our only fact so far. Hopefully someone can get a malware sample to add more credibility to the lone report of active exploitation.
posted by Network Sentry at
9:32 AM
0 Comments
Links to this post
