Sunday, August 13, 2006

Botnet Herders Attack MS06-040 Worm Hole

Ryan Naraine writes on eWeek:

The first wave of malicious attacks against the MS06-040 vulnerability is underway, using malware that hijacks unpatched Windows machines for use in IRC-controlled botnets.

The attacks, which started late Aug. 12, use a variant of a backdoor Trojan that installs itself on a system, modifies security settings, connects to a remote IRC (Internet Relay Chat) server and starts listening for commands from a remote hacker, according to early warnings from anti-virus vendors.

The MSRC (Microsoft Security Response Center) described the attack as "extremely targeted" and said it appears to be specifically targeting unpatched Windows 2000 machines.

"[This is] very much unlike what we have seen in the past with recent Internet-wide worms," said MSRC program manager Stephen Toulouse. "In fact, our initial investigation reveals this isn't a worm in the "auto-spreading" classic sense," he added.

More here.

0 Comments:

Post a Comment

<< Home