There's an exploit for MS08-067 recently posted at Milw0rm that I was testing out tonight. Out of sheer curiosity, I uploaded the precompiled binary to VirusTotal and it had already been uploaded so there was an analysis waiting on me. The previous analysis showed 8 out 36 AV engines detecting it. Now, there's 9.
What I thought was most interesting is this:
eTrust-Vet 31.6.6176 2008.10.28 Win32/MS06-040!exploitThat seems pretty darn close to me. Since the source is available for the exploit, I'll leave it to someone to dig up the old source of exploits for MS06-040 and see if there was some code sharing between the two or if the similarity of the vulnerability is causing eTrust to identify it this way.
No comments:
Post a Comment