Microsoft Warns Of Attack Exploiting Windows Vulnerability
November 26, 2008 3:52 PM ET
Microsoft is warning users of a malicious Internet worm after detecting a wave of attacks exploiting a recent critical Windows security vulnerability.
The worm has the potential to infect other computers across a network by exploiting a critical vulnerability in the Windows Server service.
Microsoft released an emergency patch last month repairing the error. However, if successfully exploited, the vulnerability could enable remote attackers to execute arbitrary code via a malicious file that would allow them to completely take control of a user's PC.
Microsoft researchers first detected attacks exploiting the vulnerability last week. Since then, the number of successful exploits grew to significant levels over the weekend. Researchers reported in a blog that they noticed that the malware "gained momentum" over the last two days, when they saw a significant increase in support calls.
Specifically, the worm deletes any use-created System Restore points, and attempts to contact numerous sites, including those of Google, Yahoo, MSN and ask.com, to obtain the current date, according to researchers at the SANS Institute. The worm then uses the date information to generate a list of domain names, which it then contacts in an attempt to download additional malicious files onto a user's affected computer.
The malware mostly spreads within businesses, however it has also been reported by individual home users, Microsoft said.
Unlike other exploits, the malware actually repairs an API vulnerability on users' unpatched computers.
"It is not that the malware authors care so much about the computer as they want to make sure that other malware will not take it over too," said Microsoft researchers in a blog post.
Reports of active exploits have come primarily from the U.S. However exploits have also been found in Germany, Spain, France, Italy, Taiwan, Japan, Brazil, Turkey, China, Mexico, Cana, Argentina and Chile.
To avoid being affected by the malware, experts recommend that its customers install the necessary update on their machines, which can be found on the Microsoft Web site.
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
|
10 Security Predictions For 2012 CRN looks into its crystal ball and sees Android, hactivisim and cyber-espionage as some of the top 10 security threats in 2012. |
|
10 Biggest Security Breaches Of 2011 The Top 10 Security Breaches of 2011 show hackers were relentless in their pursuit of profit, compromising computer systems of universities, video-game makers and the largest banks. |
 More
Slide Shows |
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
- Remote Management and IT Security: Building Profits While Reducing Costs
