|
Wednesday, 28 January 2009 23:28 |
Among other methods, Downadup infects other machines via a remote procedure call (RPC) exploit against the MS08-067 vulnerability. Using the vulnerability, the worm injects shellcode that connects back to the infecting machine. This is known as a back-connect. The back-connect works via HTTP on a randomly selected port and the infecting machine responds to incoming requests by providing the entire worm file. The shellcode receives this file and executes it on the remote host, causing it to then become infected.
Source : https://forums.symantec.com/t5/Malicious-Code/Downadup-Playing-with-Universal-Plug-and-Play/ba-p/383244
|
Security Alerts 
