Microsoft RPC worm spreads in corporate networks |
 |
By Robert Westervelt, News Editor
09 Jan 2009 | SearchSecurity.com |
|
|
A Microsoft RPC vulnerability was patched in an out-of-band release in October, but organizations slow to deploy the update are learning the hard way how fast various RPC worm variants can spread through corporate networks.
|
| SearchSecurity.com: |
| To get security news and tips delivered to your inbox, click here to sign up for our free newsletter. |
|
|
|
|
Security vendor F-Secure Corp. said it received reports of additional successful infections of corporate networks. In several F-Secure blog posts, the security vendor said the Downadup/Conficker worms are frustratingly painful to disinfect as they lock out users from their accounts and crack passwords using a built-in dictionary.
Although the worms have spread fairly slowly on the Internet, once a corporate network is infected the worm spreads like wild fire through local area networks, USB drives and other removable media, F-Secure said.
Microsoft said it received reports from customers infected by the worm. It advises customers to deploy the patch as soon as possible. The worm attempts to connect to an IRC server to download more malware and receive additional commands from an attacker.
The software giant issued an emergency patch Oct. 23, repairing the vulnerability which left Windows systems dangerously open to attack. It was only the fourth time that Microsoft released a security patch outside of its monthly cycle. Hours after the patch release, security researchers reported the discovery of the first Trojans in the wild attempting to exploit the flaw.
Disinfection tool released
F-Secure provided a list of domains that should be blocked to prevent a worm infection. The vendor also released a tool to disinfect corporate networks.
"You must clean all of the computers within your network or else you risk reinfections. Servers first, then workstations," F-Secure said. "Disinfect, then use the manual Microsoft update to patch, then manually update your antivirus, then do a full system scan for all files."
|
|
|
|
