It has been a month since the release of the MS08-067 patch by Microsoft, yet there seems to be an awful lot of hosts still out there with it unpatched.

 

Now there have been several worms and other malware released that exploit MS08-067, it started with Win32/Gimmiv.A the proof of concept worm that actually triggered the discovery of the vulnerability and now the latest is a beastie called W32/Conflicker.worm.

So if you didn’t have a reason to patch before today, there is another one for you. This worm will attempt to infect any vulnerable Windows system and depending on the platform may install itself as a service to ensure it has a strong foot hold.

The service it creates is called NETSVCS, once installed it will then attempt to reach out and download other nasties from various rogue Russian based sites. Most of these sites have been shut down now, however expect variants to get released soon as with most malware with new more stable command and control sites.

It is recommended that first thing you do today is make sure everything has MS08-067 installed and has been rebooted since installation. Also make sure your AV signatures are up to date too, McAfee have had detect in place in DAT files since the 24th, most of the other big players have signatures in place too.