Correction: There is a worm component. (Yes, the trojan itself isn’t a worm. But that overlooks the behavior of a dll, a dll dropped by Gimmiv, which is a worm. Now, that doesn’t mean we’re at a SQL Slammer type worm stage. This Trojan has to get into a system. But, nevertheless, I stand corrected.)
There’s some misinformation going on out there that there is already a worm targeting MS08–067. We haven’t been able to verify this.
Looking at the particular trojan that blog mentioned, it seems to me to be a trojan related to the MS08–067 attacks that I took a quick look at this morning:
You can see it targeting antivirus vendors like Bitdefender, Jiangnmin, Kingsoft, Symantec, Microsoft, Rising and Trend.
And in this screen, you can see some pretty ugly stuff. This is not a nice trojan:
At any rate, I don’t want to de-emphasize the absolutely vital need to patch systems ASAP.
And, we would make an educated guess that a worm will hit soon (maybe in the next day or so).
Alex Eckelberry