General Discussion

[here]

FYI...

- http://preview.tinyurl.com/5wqxqt
08-14-2008 (Symantec Security Response Blog) - "...With infections dating back to January 2007 and a P2P structure largely unchanged in about a year, Peacomm continues to evolve and infect new hosts. In early August our honeypots began capturing a new version of Peacomm. This iteration has been relatively low key as it propagates via users visiting infected Web sites, rather than by spam. Although Peacomm has been distributed via infected Web sites in the past, they were usually Web sites that were spammed to users as opposed to relying on drive-by downloading to gather its new recruits. The attack toolkit used to install Peacomm in these drive-by attacks has changed as well. The infection begins with a user visiting an infectious Web site, which silently -redirects- the user to hostile content on a set of registered domains via an IFRAME. At this point, Kallisto TDS will serve a set of exploits against the victim. These include Acrobat PDF CollectEmailInfo*, ANI Header Size**, and MDAC***..."

* http://www.securityfocus.com/bid/27641/solution

** http://www.securityfocus.com/bid/23194/info - MS07-017

*** http://www.securityfocus.com/bid/17462 - MS06-014

> AKA CME-711 - http://cme.mitre.org/data/list.html#711