Worm fears raised after release of Windows malware
Bug patched in latest update, but concerns persist
IDG News Service - Attack code exploiting a recently-patched vulnerability in Microsoft Corp.'s Windows operating system has been posted to the Internet, prompting concerns of a widespread attack.
The software was added to the widely used Metasploit project -- a favorite of both security researchers and malicious hackers -- at around 1 a.m. Thursday morning Pacific Time, according to H.D. Moore, the Metasploit project leader. "It works very reliably against Windows 2000 and Windows XP systems that do not have SP2 [Service Pack 2] installed," he said in an e-mail.
Security experts had worried that the Windows Server services vulnerability -- described in Microsoft Security Bulletin MS06-040 -- could be used in a widespread worm attack. Windows Server services are generally enabled by default on Windows systems, and are used for common network applications like file sharing and printing.
The bug was patched on Tuesday in one of 12 Microsoft security updates.
On Wednesday the Department of Homeland Security (DHS) took the unusual step of warning PC users to make sure they had installed this patch. The DHS statement warned that the vulnerability "could impact government systems, private industry and critical infrastructure, as well as individual and home users."
"This is a great opportunity for an unskilled hacker to launch a worm," said Marcus Sachs, deputy director with research group SRI International's Computer Science Laboratory. "A skilled hacker will use the vulnerability to quietly infect millions of computers for the purposes of sending spam, stealing credit card numbers, or countless other subversive activities," he said in an e-mail interview.
Microsoft executives were not immediately available to comment on the Metasploit code. In a blog posting dated early Thursday, Microsoft Security Response Center Program Manager Christopher Budd, said his company was seeing "very, very limited exploitation of the vulnerability." Microsoft's patch had been downloaded by about 100 million users in the first 30 hours, he added.
Metasploit's Moore believes that any worm based on the MS06-040 vulnerability will probably not be as widespread as the Zotob worms, which made headlines last year after taking down computers at Cable News Network LP LLLP, SBC Communications Inc. and American Express Co.
The vulnerability exploited by Zotob "was actually much more reliable and affected a wider range of systems," Moore said. With this latest malware, "the only shops that really need to worry are those running older XP clients or 2000/NT desktops," he said.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer... All Malware and Vulnerabilities White Papers | Webcasts