Subject: new virus/worm: drsch.exe
we have the file drsch.exe appearing in our C:\windows\system32\driver
s folder. It then spreads to other machines that aren't patched with ms08-067. It also drops the file i.ini onto the root of C: It appears to spread through the network via weak passwords, and appears to somehow accesses a list of accounts. It attempts to logon with these accounts, and failing, locks them out of active directory.
This seems to be the same creature. All google searches indicate this thing begin around the 27th:
Anyone seen this before/yet or can anyone point me to a link where Symantec or Trend or someone have a description of it?
Also, Symantec Endpoint network control alerts to the presence of this virus with the following:
MS RPC DDE BO detected