Worm surge exploits Microsoft vulnerability
January 07 2009
Worm surge exploits Microsoft vulnerability
Business systems are being attacked by a worm exploiting a known Microsoft vulnerability, IT security experts have warned. Both US-CERT and security organisation F-Secure have issued warnings, urging IT professionals to apply the Microsoft patch.
The malware attacks the vulnerability outlined in MS08-067, a Windows Server service flaw that was patched in October. The worm launches a dictionary attack to attempt to crack user passwords, and uses server-side polymorphism and modification to the Access Control Lists (ACL) "to make network disinfection particularly difficult", F-Secure said in a blog post.
A sign of infection is that user accounts get locked out of the Active Directory domain as the worm tries to crack passwords, said F-Secure.
A removal tool is available at the F-Secure website, as is a detailed description of the malware F-Secure calls Downadup.AL.
Reproduced from an article published by ZDNet.co.uk
© ZDNet.co.uk
The original article can be viewed here:
http://news.zdnet.co.uk/security/0,1000000189,39588634,00.htm
Permalink Bookmark Digg this story
Get the Industry's top stories delivered straight to your inbox...
