Internet Worm Attacks Windows...Again
Source: Tom's Guide | Keywords: Internet, Worm, Microsoft, Windows
Because Windows has more holes than a slab of Swiss cheese, another worm has found its way down into the warm, gooey center.
According to a Microsoft blog, the number of attacks from Win32/Conficker.A has increased over the last few days. The funny thing is, Microsoft already addressed the security hole with update MS08-067 released back in October. But despite the recent patch, the malware is currently focusing on corporations, and has even appeared on several hundred home PCs.
"It opens a random port between port 1024 and 10000 and acts like a web server," says Microsoft’s Ziv Mador. "It propagates to random computers on the network by exploiting MS08-067. Once the remote computer is exploited, that computer will download a copy of the worm via HTTP using the random port opened by the worm. The worm often uses a .JPG extension when copied over and then it is saved to the local system folder as a random named dll."
In the blog, Mador explains that the worm patches the vulnerable API in memory so that the current host machine will no longer be vulnerable. While this may sound unusual for malware, this in fact ensures that no other malware will infect the system while the worm resides in the bowels of Windows. Mador also noted that there are several IRC bots exploiting the security hole patched by MS08-067.
"We detect them as Backdoor:Win32/IRCbot.BH," he said.
Win32/Conficker.A creates a copy of itself in the %System% directory, using a random file name, when executed. If the worm infects a Windows 2000 machine, it injects code into the "services.exe" process; if the platform is another Windows operating system, the worm creates a new service called netsvcs. The worm then goes online and connects to trafficconverter.biz and attempts to download and execute loadadv.exe. CA rates its treat assessment as medium in destructiveness and pervasiveness, but low in overall risk; Symantec also rates the worm as medium and low.
Reports surrounding the infestation mainly originate in the States, however other countries include Germany, Spain, France, Italy, Taiwan and eight others are coming in as well. Surprisingly, the worm has avoided Ukrainian altogether, as Microsoft states that no cases of infections have been reported in that country.
Microsoft said that it will continue to monitor the situation, however consumers should install MS08-067 if they have not already done so.
-
Previous News Article
T-Mobile's G1 Android Phone Now... -
Next News Article
Nintendo Launches Mario DS for...
Nothing you can do, plenty of people don't care to get updates even for free.
Kinda unusual to have this kind of news on tomshardware? trying to take over csis or something?
I'm a bit confused. This exploit has been patched already. R U saying that this patch is not effective or only people that don't update can get infected? If the latter is the case then blaming Windows holes for infections is not really fair.
It is most likely that windows update has been turned off by the end user. We see a lot of windows machines come in with the update service turned off or disabled in the services in our shop. I also take note that the badly infected machines all seem to have norton 360 installed so what the point of this program if all it does is take up huge system resources but the system still gets nailed with viruses & spyware. People should save their money on this useless norton product & just use more common sense when on the internet & ban their kids from using any form a P2P program. Even AVG machines seem to be better off than the ones installed with norton & AVG has a free version. We sell a lot of Panda antivirus int he store & it seems that if these machines do come back in 2 or three months for sevice it is not normally related to a virus or spyware unless the end user decided to somehow disable the Panda update process.
On my home machine I do not run antivirus never had to & I do not get viruses or spyware & I spend a huge amount of time on the internet. I also keep all of my machines up to date with windows update as well & use common sense when surfing the internet so it is possible to use the internet & not get viruses or spyware.
Being on a P3 laptop, Windows XP already take up a majority of my computers resources. Enabling auto-updates/windows firewall often brings me to a halt.
Being on the internet roughly 10hrs/day and having absolutely no protection I'm lucky (or rather unlucky) to see a virus once a year. Just be careful what you download, in my opinion that alone reduces your risk more than 90%.
Meh I've always have windows update turn off. I'm just not a idiot so I can tell what's safe and what isn't.
Malware which makes your system more "secure" from other malware, interesting idea.
Long as you surf the internet you will run across an attempt to get infected by some worm or Trojan no matter how careful you are. Common sense will tell you need some kind of a virus scanner just to be on the safe side. I use Avast! home edition and it works well for me. AVG works too.
I do agree Norton 360 sucks balls and should be avoided.
Yay! more biased anti-Windows articles from Tom's!
We should blame Microsoft when I go to free porn site and download a bunch of 'codecs', and allow ActiveX run unattended.
No one blames Ford or Chevy when a drunk drivers kills someone with their car. Microsoft shouldn't take the blame for stupid users.
Most users blame microsoft when they download viruses right before their own eyes. Seriously people, dont blame microsoft, blame yourselves. Windows has billions of lines of code and Microsoft cant take the time nor spend that much money (Yes, That much money) in order to patch up every hole. In fact, it would be impossible.
Windows isn't secure by default. Security is an add-on: http://onecare.live.com
To fix Symantec/Norton use their universal repair tool:
http://service1.symantec.com/Suppo [...] 3108162039
Thats why when I look at porn, i use Sandboxie.
WARNING: Virus Detected!!!
Oh noes!!!! what shall i do????
Right click system tray icon, terminate all programs, Sandbox Defaultbox, Delete Contents.
Just a few click and buh bye worm : )