New Worm Attacks on Microsoft Vulnerability

November 27, 2008

(ChattahBox) — A new Microsoft Bulletin, MS08-067, warns users of a new wave of malicious attacks that aim to exploit a vulnerability that was outlined in the firm’s security bulletin. The company advised all users to patch their PCs, if they have not already done it.

The new malicious worm has been dubbed as W32/Conficker, which is making rounds on Windows machines exploiting the hole that Microsoft released a patch for in October. The number of attacks have increased in past few day and Microsoft has marked the threat as ‘Critical’ and ‘Important.’

A posting on the Microsoft blog says, “”It opens a random port between port 1024 and 10000 and acts like a Web server. It propagates to random computers on the network by exploiting MS08-067. Once the remote computer is exploited, that computer will download a copy of the worm via HTTP using the random port opened by the worm. The worm often uses a .JPG extension when copied over and then it is saved to the local system folder as a random named dll.”

One of the remarkable things about the threat is that it patches the vulnerable API so that other threats do not overtake it too. Several bots, under the generic name Backdoor:Win32/IRCbot.BH, also are exploiting the security hole. They drop a backdoor Trojan that connects to an IRC server to receive commands.


Comments

Got something to say? **Please Note** - Comments may be edited for clarity or obscenity, and all comments are published at the discretion of ChattahBox.com - Comments are the opinions of the individuals leaving them, and not of ChattahBox.com or its partners. - Please do not spam or submit comments that use copyright materials, hearsay or are based on reports where the supposed fact or quote is not a matter of public knowledge are also not permitted.