Home > Security News > New malware exploits Microsoft RPC flaw
Security News:
EMAIL THIS

New malware exploits Microsoft RPC flaw

By Robert Westervelt, News Editor
06 Nov 2008 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Microsoft said Wednesday that it is continuing to track new malware attempting to exploit the remote procedure call (RPC) flaw and gain access to critical files.

None of these attacks are the broad, fast-moving, self-replicating attacks people usually think of when they hear the word "worm," they do underscore the importance of deploying this update.
Christopher Budd,
security program manager, Microsoft Security Response Center

Christopher Budd, security program manager in the Microsoft Security Response Center, said the malware in the wild represents a significant threat, but most customers have deployed the patch relatively quickly.

"And while so far, none of these attacks are the broad, fast-moving, self-replicating attacks people usually think of when they hear the word 'worm', they do underscore the importance of deploying this update if you haven't already," Budd said in the MSRC blog.

The software giant warned in its MS08-067 emergency bulletin that the flaw could be used by an attacker to craft a wormable exploit. Hours after an out-of-cycle patch was released, researchers discovered a new Trojan exploiting the flaw in the wild.

Researchers have discovered at least seven variants of the Trojan in the wild. The Trojans focuses on loading malware onto a vulnerable system. The flaw is rated critical on Windows 2000, XP and Windows Server 2003 and is given an important rating on Windows Vista and Windows Server 2008.

"The largest of these attacks are those associated with Clort family and we've seen well below fifty attacks worldwide," Budd said.

Clort family is a group of Trojan variants that execute another dropped Trojan to exploit the RPC flaw. After a successful attack, other malware and adware is downloaded on a victim's machine.

SearchSecurity radio:

Symantec's Security Response research team warned users this week that it was tracking a new worm, W32.Wecorl, that was targeting vulnerable machines in China. A second worm, W32 Kernelbot.A, has the ability to make a victim's machine a zombie, connecting it to a botnet.

"It currently contains locations for downloading additional modules (including the propagation and exploit unit) and instructions to perform DDoS attacks against various websites," Symantec said on its Security Response blog.



Tags: Emerging Information Security ThreatsMalware, Viruses, Trojans and SpywareWindows Security: Alerts, Updates and Best PracticesVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Emerging Information Security Threats
Antispyware buying guide for Indian enterprises
ATM malware lets attackers take over machines
FTC shutters rogue ISP for hosting malicious content, botnets
The failing war against cybercriminals
White House cybersecurity czar faces major hurdles
Cybercrime and threat management
The Pipe Dream of No More Free Bugs
Face-off: Who should be in charge of cybersecurity?
Federal efforts to secure cyberinfrastrucure
Adobe working on patch to correct new zero-day flaw

Malware, Viruses, Trojans and Spyware
How to defend against rogue DHCP server malware
New Trojan stealing FTP credentials, attacking FTP websites
Cybercriminals exploit Michael Jackson, Farrah Fawcett deaths
When BIOS updates become malware attacks
Antispyware buying guide for Indian enterprises
PCI compliance requirement 5: Antivirus
Hacker attack techniques and tactics: Understanding hacking strategies
Rootkit Hunter demo: Detect and remove Linux rootkits
Botnet threats and countermeasures
Conficker worm much smaller than feared

Windows Security: Alerts, Updates and Best Practices
When BIOS updates become malware attacks
Microsoft patches WebDAV security vulnerability in bevy of updates
Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities
Hackers targeting unpatched Microsoft DirectShow flaw
Microsoft warns of IIS zero-day vulnerability
Microsoft updates Office to address serious PowerPoint vulnerabilities
Microsoft to patch critical PowerPoint zero-day flaw
How to perform Microsoft Baseline Security Analyzer (MBSA) scans
Microsoft patches serious Excel zero-day, Windows flaws
Microsoft Stirling Beta 2 release includes Exchange SaaS offering

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
DNS rebinding attack  (SearchSecurity.com)
drive-by pharming  (SearchSecurity.com)
JavaScript hijacking  (SearchSecurity.com)
man in the browser  (SearchSecurity.com)
phlashing  (SearchSecurity.com)
polymorphic malware  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts