Botnets spike in wake of Windows flaw

Mocbot has hijacked 265,000 machines a day by exploiting the MS06-040 flaw. Meanwhile, a modified Randex worm has set its sights on the flaw.

A security firm says the number of machines hijacked by a bot exploiting the MS06-040 flaw has spiked 23% in the past week. Meanwhile, the Randex worm has been modified to target the vulnerability.

Ed Rowley, technical consultant for Alpharetta, Ga.-based messaging security vendor CipherTrust Inc., said Tuesday that the lab has observed the appearance of 265,000 new zombie PCs a day since variants of Mocbot started going after the Windows Server Service flaw.

"Mail volumes have once again reached a high this week, with spam making up 81% of the traffic," Rowley said in a statement. "Much of this increase can be attributed to the spam originating from the new zombies unleashed by the Mocbot worm."

Mocbot first started targeting machines vulnerable to the Windows Server Service flaw about four days after Microsoft released the MS06-040 patch. Security experts have warned that the flaw is easily exploitable and could be targeted by a superworm on the scale of Blaster.

A superworm has yet to appear, but Cupertino, Calif.-based antivirus giant Symantec Corp. warned Tuesday that the Randex worm has been modified to target the flaw.

According to Symantec's analysis, W32.Randex.GEL is a network-aware worm that opens a back door on compromised machines and programs them to listen for additional commands over an Internet Rely Chat (IRC) channel. This could allow attackers to:

  • Download and execute files
  • List, stop, and start processes and threads;
  • Launch a denial-of-service attack;
  • Open a command shell on the compromised computer;
  • Create a proxy server; and
  • Log keystrokes.

    As nasty as the worm may sound, Symantec considers it a low-level threat at this time. In fact, the company lowered its ThreatCon to Level 1 Tuesday. It had been set at Level 2 for more than a month due to the MS06-040 flaw and exploits against Microsoft PowerPoint and Excel.

  • This Content Component encountered an error

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close