Sunday, August 13, 2006

New IRCBot Attacks Unpatched Win2K Systems

Via Microsoft MVP.

A generic IRCbot called MocBot by some AV vendors has been adpated to use a recently developed MS06-040 exploit. The Windows MS06-040 patch fixes critical security issues for a recently discovered "Server" service vulnerability. This protective patch was issued on August 8th by Microsoft. Now five days later, this new IRC-MocBot attack is now in the wild.

It will automatically affect unpatched W/2000 systems (unless firewall controls to block ports 139 and 445 are in place). This IRCbot can also potentially spread through AOL Instant messaging traffic.

On infected systems, it hides as a Windows Genuine Advantage (WGA) Registration service and instability will result with improper removal. Finally, Trend is reporting a 2nd variant so this new malware model may be adaptable to creating new variants to bypass AV detection as it emerges. Please install all available Microsoft security updates (esp. MS06-040) for the best level of protection.

More here.

posted by Fergie @ 8/13/2006 09:30:00 AM

0 Comments:

Post a Comment

<< Home