Found this on another message board. The guy seems to be serious.
Disclaimer: not verified yet by any of the antivirus companies.
Disclaimer2: he types “c:\windows\system32 on win2k boxes”, but win2k puts the OS in c:\winnt\system32
[quote]Heads up…this appears to be a nasty one. I haven’t been able to find any info on it anywhere, so it’s a 0-day hit.
It appears to be spreading through DCOM/RPC, this INCLUDES patched machines. It’s slicing through shit here like a blowtorch through butter. It’s payload is an executable named “mntcgf032.exe”, and it dumps it in c:\windows\system32 on win2k boxes and c:\windows\prefetch<wherever past here>\ on xp boxes. Check startup registry entries; it adds itself there.
Like I said…including patched machines. It’s smacking machines that were definitily patched with the latest sets of patches for XP and 2k.
Win2k3 appears to be “immune”; when the virus tries to propogate to those machines, it crashes RPC and just kills the box. It doesn’t infect them, but it does kill them.
All you IT types, heads up…I haven’t seen jack shit from Symantic on this…nothing’s catching it so far. We’re cleaning things manually, and it’s re-infecting machines we’ve cleaned (and verified clean.)[/quote]