RSS Alerts

Share

More services

Related Stories

  • Downadup Gathers Steam Amid Vendor Confusion
    As the Downadup worm continued its inexorable spread across the Internet last week, US-CERT issued an advisory claiming that Microsoft instructions for stopping one of its infection techniques were inadequate.
  • BitDefender says zero-day flaws still hitting Internet Explorer and Adobe
    IT security vendor BitDefender claims to have discovered separate, critical zero-day exploits in two of the most heavily used applications in the world: Microsoft's Internet Explorer and Adobe Reader.
  • Internet Explorer zero-day vulnerability spreads to Microsoft Office as fixes surface
    Microsoft has scheduled an out-of-band patch for the zero-day vulnerability in Internet Explorer, just as other fixes for the problem began to surface. The company has also admitted for the first time that the attack could be used to compromise a computer using Microsoft Office.
  • Microsoft fixes browser flaw
    Microsoft’s last Patch Tuesday of the year saw the release of fixes for five flaws in its Internet Explorer browser, including a critical zero-day security vulnerability that was first publicly disclosed three weeks ago.
  • Windows autorun trojan tops November malware chart
    The latest monthly malware chart from BitDefender claims to show that the largest risk to computer users is currently Trojan.AutorunINF.Gen, a generic family of trojan malware abusing the autorun feature in Windows.

Top 5 Stories

News

Worm attacks Windows RPC flaw

20 March 2009

More worm activity has been spotted targeting a recently discovered Windows flaw.

The worm, identified as W32.Downadup by Symantec and F-Secure, and as W.32 Conficker by McAfee, targets the MS-08-067 vulnerability that was discovered by Microsoft in October.

The worm analyses the version of the operating system to determine how it will install itself as a service, according to McAfee, which added that it then downloads more malware, and sets up an HTTP server to listen for communication with the affected system. It also attempts to infect other machines on the local network.

In its post on the subject, Microsoft adds that the malware then patches the exploit, presumably so that other malware cannot infect the target machine and displace it.

The vulnerability, which was considered so severe that Microsoft issued an emergency patch for it, lies in the Windows Server service. A maliciously-coded remote procedure call could enable attackers to execute arbitrary code on the machine, said the software vendor. A patch has been available for a month, leaving bloggers at McAfee Avert Labs shaking their heads in dismay over people that still haven’t applied it.
 

This article is featured in:
Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012