New malware exploits Microsoft RPC flaw |
 |
By Robert Westervelt, News Editor
06 Nov 2008 | SearchSecurity.com |
|
|
Microsoft said Wednesday that it is continuing to track new malware attempting to exploit the remote procedure call (RPC) flaw and gain access to critical files.
|
|
|
|
|
None of these attacks are the broad, fast-moving, self-replicating attacks people usually think of when they hear the word "worm," they do underscore the importance of deploying this update.
Christopher Budd,
security program manager, Microsoft Security Response Center
|
|
|
|
|
|
|
|
|
|
Christopher Budd, security program manager in the Microsoft Security Response Center, said the malware in the wild represents a significant threat, but most customers have deployed the patch relatively quickly.
"And while so far, none of these attacks are the broad, fast-moving, self-replicating attacks people usually think of when they hear the word 'worm', they do underscore the importance of deploying this update if you haven't already," Budd said in the MSRC blog.
The software giant warned in its MS08-067 emergency bulletin that the flaw could be used by an attacker to craft a wormable exploit. Hours after an out-of-cycle patch was released, researchers discovered a new Trojan exploiting the flaw in the wild.
Researchers have discovered at least seven variants of the Trojan in the wild. The Trojans focuses on loading malware onto a vulnerable system. The flaw is rated critical on Windows 2000, XP and Windows Server 2003 and is given an important rating on Windows Vista and Windows Server 2008.
"The largest of these attacks are those associated with Clort family and we've seen well below fifty attacks worldwide," Budd said.
Clort family is a group of Trojan variants that execute another dropped Trojan to exploit the RPC flaw. After a successful attack, other malware and adware is downloaded on a victim's machine.
Symantec's Security Response research team warned users this week that it was tracking a new worm, W32.Wecorl, that was targeting vulnerable machines in China. A second worm, W32 Kernelbot.A, has the ability to make a victim's machine a zombie, connecting it to a botnet.
"It currently contains locations for downloading additional modules (including the propagation and exploit unit) and instructions to perform DDoS attacks against various websites," Symantec said on its Security Response blog.
 |
 |
| |
RELATED CONTENT
 |
Malware, Viruses, Trojans and Spyware |
|
New Zeus spam poses as Social Security statements
|
|
Increase in Gumblar backdoors poses FTP credential problems
|
|
Hackers to sharpen malware, malicious software in 2010
|
|
iPhone worm Rickrolls jailbroken phones
|
|
Israeli Mossad add Trojan Horse to Syrian laptop
|
|
Schneier-Ranum Face-Off: Is antivirus dead?
|
|
Modern malware, stealthy botnets, adapt quickly, expert says
|
|
Computer worm infections up, scareware antivirus down, Microsoft says
|
|
Web-based attacks skyrocket, pirating sites surge, security firms say
|
|
Mini guide: How to remove and prevent Trojans, malware and spyware
|
|
|
|
|
|
