.

Microsoft Braces for Worm Attack

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Aug 10, 2006 10:30 pm

Microsoft Braces for Worm Attack

A network worm attack exploiting a critical Microsoft Windows vulnerability appears inevitable, security experts warned Aug. 10.

Just days after the Redmond, Wash., software maker issued the MS06-040 bulletin with patches for a "critical" Server Service flaw, Microsoft's security response unit is bracing for the worst after exploit code that offers a blueprint for attacks began circulating on the Internet.

Even before the release of Microsoft's patch, the US-CERT (Computer Emergency Readiness Team) warned that the flaw was being used in targeted attacks and that the appearance of public exploits is a sure sign that a worm attack is imminent.

An exploit module was added to the HD Moore's Metasploit Framework that could launch attacks against all unpatched Windows 2000 systems and some versions of Windows XP.

Two penetration testing companies, Immunity and Core Security Technologies, have already created and released "reliable exploits" for the flaw, which was deemed wormable on all Windows versions, including Windows XP SP2 and Windows Server 2003 SP1.

Dave Aitel, a researcher at Immunity, said his exploits are capable of launching attacks against firewall-protected Windows XP SP2. "A worm is coming. This bug is just too easy to exploit," Aitel said in an interview with eWEEK.


For full story:
http://www.eweek.com/article2/0,1895,2002142,00.asp

Don
CISSP, MCSE, CSTA, Security+ SME
<<

LSOChris

Post Thu Aug 10, 2006 10:48 pm

Re: Microsoft Braces for Worm Attack

didnt he say the worm would be only a DOS for XP SP2 and 2k3 SP1?
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Mon Aug 14, 2006 2:32 pm

Re: Microsoft Braces for Worm Attack

The current bot/worm is MocBot is supposedly spreading on unpatched 2K boxes using the MS-040 vuln, but still getting conflicting reports about how serious it will be.
<<

Hug_It

Newbie
Newbie

Posts: 28

Joined: Thu Feb 23, 2006 4:21 pm

Post Mon Aug 14, 2006 3:00 pm

Re: Microsoft Braces for Worm Attack

I've seen about ten of these in the wild so far today. Symantec reports it as W32.Wargbot with the newest definitions and Backdoor.IRC.Bot with definitions older than August 13th. The Common Malware Enumeration number is CME-482.

So far I have only seen it attack W2K machines on networks comprised of XP and 2003 Server also. All infections appear to have been contained by antivirus, even with out of date definitions.

The payload appears to be a typcial IRC bot that listens for instructions on port 18067 although I can't confirm that being no machines have been infected.
CISSP
<<

LSOChris

Post Mon Aug 14, 2006 4:36 pm

Re: Microsoft Braces for Worm Attack

if it doesnt wreck semi current XP and 2k3 boxes i dont see how it can be "that" bad.
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Tue Aug 15, 2006 10:40 am

Re: Microsoft Braces for Worm Attack

Yeah, its really wierd, seeing tons of reports about, while certain vendors are saying it is a non-event. We've still only seen a few, that were non-managed systems. Old dats were detecting it as IRCbot or SDbot. Looks like it won't be that bad for most, but should serve to announce loudly which machines on your networks are unpatched/unmanaged.

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software