After additional analysis, said Friedrichs, Symantec figured out that Mipsiv wasn't exploiting the Microsoft PCT vulnerability. But while Mipsiv doesn't contain either worm or bot features, it's still connected to the PCT vulnerability. Exploit code for the vulnerability has been public for about two weeks, and the Trojan could have been placed on the compromised machines only using the PCT exploit code.
Mipsiv, said Symantec, connects to an IRC server via port 443, and uses that channel to listen for instructions. It also includes key logging and network scanning functions.
Both the LSASS and PCT vulnerabilities -- and the large amount of hacker activity related to them -- mean that enterprises and other users should patch their systems immediately, said Huger and Friedrichs.
"The fact that we haven't seen a worm yet [targeting the PCT vulnerability] is no reason to delay patching," said Friedrichs. "It only means that we may have a little more time to patch."
Huger wasn't sure there was as much time to hustle the LSASS patch into place.
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
