Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access. While the app may appear unverified, you can confirm its legitimacy by verifying the App ID provided.
3 entries found.
Exploit:Win32/MS08067.gen!A
Exploit:Win32/MS08067.gen!A is a generic detection for code that attempts to exploit a vulnerability in SVCHOST.EXE. If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled.
On targeted hosts running Windows 2003, XP, 2000 or NT, this remote attack may be performed by an unauthenticated user. Successful exploitation of the vulnerability on systems with default installations of Windows Vista and Windows Server 2008 require authentication due to protections introduced as part of user access control (UAC) that enforce additional levels of integrity.
Microsoft strongly recommends that users apply the update referred to in Security Bulletin MS08-067 immediately.
Alert level:
severe
Backdoor:Win32/IRCbot.gen!O
Backdoor:Win32/IRCbot.gen!O is a generic detection for a trojan that allows unauthorized access and control of an affected machine by a remote attacker using IRC. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from an attacker. This particular detection may trigger on variants of several different IRC bot families, including Win32/Pushbot and Win32/Synigh.
Alert level:
severe
Worm:Win32/Kolabc.C
Worm:Win32/Kolabc.C is a worm that can spread to removable drives and to other networked computers by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-039, MS06-040 and MS08-067. The worm contains backdoor functionality that allows an attacker remote access and control of the infected computer.
Alert level:
severe