MS06-040

There is now a worm (or worms) that spread by exploiting the Microsoft Windows Server Service Remote Buffer Overflow Vulnerability (Microsoft Security Bulletin MS06-040).

Does avast! have definitions for this yet?

Hi NonSuch,

If you have fully patched your sytem, you are not vulnerable.
Besides XP SP 2 is not vulnerable, it is more Win 2xxx and NT that are concerned, read:
http://www.lurhq.com/mocbot-ms06040.html &
http://blogs.securiteam.com/index.php/archives/category/microsoft/

polonus

Thank you for your response. :slight_smile: However, my system is completely patched; that is not why I was asking the question, nor does your answer address my question which is: Does avast! or does it not have definitions for this problem?

Also, unfortunately, this is no longer felt to be an issue that is confined to Win 2K/NT. Win XP SP2, without the latest security update, is also vulnerable. See this topic for just one group of examples…

http://www.castlecops.com/p817248-.html#817248

Hi NonSuch,

Yes, avast protects against mocbot trj. it is in their definition list, you should also close the vulnerability gap by scanning with stinger.exe or the online Bitdefender scanner or download DrWebCureIt.
Protecting your computer means layered defense now, one av solution and a software fw is n’t enough, it always should be a combination of solutions: one resident av and non-resident av’s, ids, one fw, anti spyware, in-browser security (pre-link scanning, TrustWatch, MacAfeeSiteAdvisor and Netcraft anti-phishing, NoScript etc.) for a better protection, it will never be ultimate, but alas, you then know you gave it all you got,

polonus

Thank you. :slight_smile:

The actuality of your posting is demonstrated here:
http://www.theregister.co.uk/2006/08/23/mocbot_worm_zombie_surge/

polonus