Internet Worm Attacks Windows...Again
Because Windows has more holes than a slab of Swiss cheese, another worm has found its way down into the warm, gooey center.
According to a Microsoft blog, the number of attacks from Win32/Conficker.A has increased over the last few days. The funny thing is, Microsoft already addressed the security hole with update MS08-067 released back in October. But despite the recent patch, the malware is currently focusing on corporations, and has even appeared on several hundred home PCs.
"It opens a random port between port 1024 and 10000 and acts like a web server," says Microsoft’s Ziv Mador. "It propagates to random computers on the network by exploiting MS08-067. Once the remote computer is exploited, that computer will download a copy of the worm via HTTP using the random port opened by the worm. The worm often uses a .JPG extension when copied over and then it is saved to the local system folder as a random named dll."
In the blog, Mador explains that the worm patches the vulnerable API in memory so that the current host machine will no longer be vulnerable. While this may sound unusual for malware, this in fact ensures that no other malware will infect the system while the worm resides in the bowels of Windows. Mador also noted that there are several IRC bots exploiting the security hole patched by MS08-067.
"We detect them as Backdoor:Win32/IRCbot.BH," he said.
Win32/Conficker.A creates a copy of itself in the %System% directory, using a random file name, when executed. If the worm infects a Windows 2000 machine, it injects code into the "services.exe" process; if the platform is another Windows operating system, the worm creates a new service called netsvcs. The worm then goes online and connects to trafficconverter.biz and attempts to download and execute loadadv.exe. CA rates its treat assessment as medium in destructiveness and pervasiveness, but low in overall risk; Symantec also rates the worm as medium and low.
Reports surrounding the infestation mainly originate in the States, however other countries include Germany, Spain, France, Italy, Taiwan and eight others are coming in as well. Surprisingly, the worm has avoided Ukrainian altogether, as Microsoft states that no cases of infections have been reported in that country.
Microsoft said that it will continue to monitor the situation, however consumers should install MS08-067 if they have not already done so.
- Networking,
- Internet ,
- Worm ,
- Microsoft ,
- Windows
- BlackBerry OS v4.5 Officially Released
- Judge: Papermaster Could Cause Irreparable Damage to IBM
- Second UK iPhone Ad Banned by Advertising Authority
- Gamestop expects Wii shortages
- Lenovo Unveils SMS Laptop Executions
- Microsoft Snags "The Guild" Season 2
- Nintendo Caves In to Wii Speak Complaints
- Lexar Releases Inexpensive Crucial DDR3 Memory Kits
- Overclocking Competition: Germany Edges Past USA 8-2
- Apple MacBook Battery-less Performance Comparison
- Nokia Withdraws From Japan
- Pretend to Know Future; Make Money
- Black Friday Sales Booming Despite Recession
- Xbox 360 GPU Hits 65nm With "Jasper"
- Via to Release Dual Core Nano in 2010
- Intel's Q8300; May be Last Quad Core
- Microsoft Expands Testing of Vista SP2
- Netbooks Fly Off Shelves on Cyber Monday
Thats a non story really, worm exploits idiots who dont install updates, you cant blame MS for that
I got this Virus. One week ago my services.exe file became hyper active a lot.
I update my windows automatically, although i still got this worm on my system 3 days ago.
my system became sluggish and i contantly got a site come up when i clicked the mouse when ie7 was used.
would u believe that AVG would not detect it and windows firewall in vista was useless.
the only software that detected somthing wrong was Tuneup utilities 2008, when it detected a change in my startup files, 2 random .dll files were impossible to remove apart from the recovery tool in windows,
all is great now but stll, this was the only infection i have had with vista in the 1 year it was installed.
recovered and updated before ie7 was used again.
There are still people who use windows ???
Hug> most of the world.
I´ve never had a virus or worm in my computers at home or work (total 2@home and 6 workstations@work: yeah I´m the DIY IT-guy). XP pro in both cases and 4+ years running. Only once in work I had to clean up a workstation, because some idiot had downloaded cracked software, porn and whatever. Needles to say he was sacked.
Thanks TOM for this info.
Now I know what has infected my system, I need to know how to detect it so I can get rid of it.