The ASN.1 Microsoft vulnerability is still alive and well. If you check your IIS logs you probably see this activity on a regular basis. ASN.1 seems to be the Code Red and Nimda of today – it simply just won’t die.
Patches for ASN.1 have been available for quite some time, and the malware using this mechanism to spread is easily identified by proper IDS/IPS and anti-virus rules. With so many easily available options for protecting against it, it seems to be very robust at hanging in there.
Perhaps an organized effort should be arranged through some online forum to identify systems spreading very old malware such as this and to contact the system owners to inform them. Maybe an incident response effort for “aging worms, exploits and malware” or the like.
Any volunteers to head the effort?