resource center
  See your link here
|
IDG News Service - One day after Microsoft issued a rare emergency Windows security patch, the bad guys have a few new ways to take advantage of the bug.
By today, security researchers had identified a new worm, called Gimmiv, which exploited the vulnerability, and a hacker had posted an early sample of code that could be used to exploit the flaw on the Web.
Microsoft issued the patch more than two weeks ahead of its next security updates because the bug could be used to create an Internet worm attack and Microsoft had already seen a small number of attacks that exploited the flaw.
This vulnerability lies in the Windows Server service used to connect with other devices on networks. Although the firewall software that ships with Windows will block the worm from spreading, security experts are worried that the flaw could be used to spread infections between machines on local-area networks, which are not typically protected by firewalls.
And that's exactly what the Gimmiv worm is designed to do, according to Ben Greenbaum, a senior research manager at Symantec Corp. "It is downloaded onto a target machine via social engineering and then proceeds to scan and exploit machines on the same network, using this newly disclosed vulnerability in the [Windows Server] service," he said.
The worm then loads software that steals passwords, security experts say.
Both Symantec and McAfee Inc. said today that they had seen only a very small number of attacks based on this exploit, but Symantec says that, starting yesterday evening, it found a 25% jump in network scans looking for potentially vulnerable machines. That could be a sign that more attacks are coming.
That scenario becomes more likely, too, as more tools that exploit the flaw are released to the public. Sample exploit code was posted to the Milw0rm.com hacker site today, and over the next few days hackers are expected to move that code into attack tools that are easy to use.
Greenbaum predicted that the attack code will soon be used to build botnet networks of infected computers. "What we are going to see is this attack being added to the arsenal of botcode," he said.
"Once it evolves to the point where people really don't have to know much about the exploit ... those are the situations where people write the worms that do a lot of [damage]," said McAfee researcher Craig Schmugar.
Does he expect a damaging worm to emerge from this latest bug? "If history is a lesson, then yes," he said.
IDG.net
Share our Strength
Download Now
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!
The Commercialization of ITIL: Lessons Learned
Register for this event today!
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
