Get three services for $100/mo
- Related Stories
-
Microsoft on worm watch
August 11, 2006 -
Homeland Security: Fix your Windows
August 9, 2006 -
Another hefty patch month for Microsoft
August 8, 2006 -
Hacking for dollars
July 6, 2005
The pair of worms surfaced over the weekend, several security companies said in alerts. The malicious software tries to hijack the computer for use in a network of commandeered PCs that can be remotely controlled, popularly called a botnet. The worms also can communicate via AOL's Instant Messenger and may be able to spread via the service.
"This is run-of-the-mill malicious software," said Don DeBolt, director of the Security Advisor group at CA, formerly known as Computer Associates. "The malware purveyors are simply packaging their old wares with the new exploit."
The worms are derivatives of the original Cuebot family that first surfaced last year, DeBolt said. These variants have been programmed to exploit a serious flaw in a Windows component related to file and printer sharing. Microsoft issued a patch for the security hole last week in security bulletin MS06-040. Security experts had already predicted that the flaw would spawn a worm attack.
Neither of the variants is very widespread, according to Microsoft, which calls them "Graweg."
"This appears to be an extremely targeted attack, very much unlike what we have seen in the past with recent Internet-wide worms," Stephen Toulouse, a program manager in Microsoft's Security Technology Unit, wrote on a corporate blog Saturday.
The MS06-040 worms appear to be limited to computers running Windows 2000. That's because the computer code used to exploit the vulnerability is most effective on computers with that older operating system, DeBolt said.
"Windows XP is appearing to be more difficult to exploit than its sister platform Windows 2000," he said.
Some security experts have said the age of the high-impact, Internet-wide worm is over. Instead, increasingly organized cybercriminals are looking to exploit flaws directed at specific companies for financial gain and want to fly under the radar. Criminals use botnets to relay spam, distribute spyware and launch other online attacks. A widespread worm could affect the performance of the Internet--a disruption that could also disrupt their means of business.
For the new worms to propagate, the attacker must instruct a compromised machine to scan for new targets, DeBolt said. A vulnerable computer can be compromised remotely and without any user interaction, he said.
"We are not seeing a widespread epidemic at this time, but we do see increased activity on TCP port 445," DeBolt said, referring to the network port used by the vulnerable Windows service.
Security experts expect that the computer code that exploits the MS06-040 flaw will be perfected and popular among miscreants looking to take over Windows systems. "We will see a number of different viral and spyware packages that utilize this exploit as it reaches a large audience," DeBolt said.
To protect their computers, Windows users are urged to install Microsoft's patch. All Windows versions are vulnerable, the software maker said. The fix is available via the Windows Update and Automatic Updates tools, as well as for download on Microsoft's Web site. The company has workarounds for people who cannot apply the patches yet, because they need to test it first, for example.
See more CNET content tagged:
worm,
malicious software,
flaw,
Computer Associates International Inc.,
malware
look for cme-4
I'm not being critical of the Mac, Apple have produced a great computer with a good OS, but while big business and possibly more importantly, home users in their tens of millions, don't use Macs for their banking, bill paying, shopping (or more importantly, answering surprisingly rich Nigerians with curiously no method of transfering their money) - owners of spam botnets won't be interested in releasing worms for OSX.
If I were a Mac user I would not be trying to persade people to switch, I would just be enjoying the lack of attention.