Widespread Malware Attacks Target Windows 7, Vista SP1 and XP SP3 Vuln

By Ci7
in Back Page News

 Share

Recommended Posts

Grand Master

Ci7

Posted
Posted
Microsoft confirmed not only that malware attacks designed to take advantage of a Server Service vulnerability, affecting both Windows client and server versions of the platform, were no longer isolated and targeted cases, but also that infections with malicious code had been detected.

On November 25, Bill Sisk, Microsoft Security Response Center communications manager, and Ziv Mador, senior program manager and response coordinator, revealed that the company was aware of a new wave of attacks, targeting a vulnerability rated as Critical, for which Microsoft Security Bulletin MS08-067 had been released in October as an out-of-band patch.

The security update was designed to integrate with a variety of Windows operating systems, including Windows Vista SP1, Windows XP SP3 and even Windows 7. ?During the weekend, we started receiving customer reports for new malware that exploits this vulnerability. During the last two days, that malware gained momentum and, as a result, we see an increased support call volume,? Mador revealed.

?Recently we?ve received a string of reports from customers that have yet to apply the update and are infected by malware. These most recent reports have a common malware family, and the folks in the Microsoft Malware Protection Center (MMPC) have provided detailed information regarding this latest threat,? Sisk added.

Microsoft pointed out that there were two pieces of malware associated with attacks exploiting the Server Service vulnerability: Win32/Conficker.A (also TA08-297A, CVE-2008-4250, VU827267 W32.Downadup (Symantec)) and Win32/IRCbot.BH (Win32/IRCBot.worm.Gen (AhnLab); Win32/IRCBot!generic (CA); WIN.IRC.WORM.Virus (Dr.Web); Exploit-DcomRpc.gen (McAfee); Mal/IRCBot-B (Sophos); Purple Exploit).

The first is a worm that exploits computers with vulnerable SVCHOST.EXE across a network, the latter is a Backdoor Trojan horse, which gets its commands from an attacker via an IRC server. Backdoor:Win32/IRCbot.BH is used by boots attempting to exploit MS08-067.

Worm: Win32/Conficker.A ?mostly spreads within corporations, but also was reported by several hundred home users. It opens a random port between port 1024 and 10000, and acts like a web server. It propagates to random computers on the network by exploiting MS08-067. Once the remote computer is exploited, that computer will download a copy of the worm via HTTP, using the random port opened by the worm. The worm often uses a .JPG extension when copied over, and then it is saved to the local system folder as a random named dll,? Mador revealed.

According to Microsoft, Win32/Conficker.A even patches the very API vulnerability, which it uses to infect machines, in order to prevent any further exploits to take advantage of the security hole. Mador explained that the majority of infection reports were generated in the U.S., but that the worm was also detected in Germany, Spain, France, Italy, Taiwan, Japan, Brazil, Turkey, China, Mexico, Canada, Argentina and Chile. At the same time, Win32/Conficker.A completely avoids to exploit and infect Ukrainian computers.

source

Grand Master

+Nik Louch Subscriber²

Posted
  • Subscriber²
Posted
regardless of OS, clueless people need to leave the auto-updater on.

There is a certain level of arrogance when a user turns this off (unless certain cases - eg: development/testing server).

Grand Master

Raa

Posted
Posted
There is a certain level of arrogance when a user turns this off (unless certain cases - eg: development/testing server).

Unfortunately I have an entire team of people i'm trying to convince otherwise.

In the meantime, auto updates are off at the directors demand.

Grand Master

cork1958

Posted
Posted
I thought Ballmer said that Vista was secure without Antivirus / more secure by design. More secure than what?!

Seems as leaky as Windows XP and all the previous versions.

Duh! Where'd you get that crazy idea from?

Vista has so much extra absolute crap in it, it could only be LESS secure than other versions of Windows! That's just a simple given!!

Experienced

Maximum Error

Posted
Posted
I thought Ballmer said that Vista was secure without Antivirus / more secure by design. More secure than what?!

Seems as leaky as Windows XP and all the previous versions.

could you have made a more uneducated comment? Vista is more secure by design and it is true that an engineer once said it was ok without anti virus(a comment he quickly withdrew) but he was only taking about the fact that programs have a much harder time elevating their permissions thanks to UAC.

The vulnerability in question was handled brilliantly by MS and this is no fault of theirs.

Grand Master

mad_onion

Posted
Posted
Duh! Where'd you get that crazy idea from?

Vista has so much extra absolute crap in it, it could only be LESS secure than other versions of Windows! That's just a simple given!!

lol ,vista is much more secure than previous versions. the number of security updates related updates that come out each month is lower under vista. but anyway people try and complain to microsoft about security and then turn off auto updates.

Grand Master

Ci7

Posted
  • Author
Posted
lol ,vista is much more secure than previous versions. the number of security updates related updates that come out each month is lower under vista. but anyway people try and complain to microsoft about security and then turn off auto updates.

not mentioning it has lower severity vulnerabilities

Mentor

Denholm

Posted
Posted
could you have made a more uneducated comment? Vista is more secure by design and it is true that an engineer once said it was ok without anti virus(a comment he quickly withdrew) but he was only taking about the fact that programs have a much harder time elevating their permissions thanks to UAC.

The vulnerability in question was handled brilliantly by MS and this is no fault of theirs.

I guess you didn't pick up on the 'sarcasm' :laugh:

Ballmer says some pretty stupid stuff. I bet I do too, but I'm not a CEO of a Multi-Billion dollar company.

What I believe is that Windows is vulnerable by design, and only because Windows is such a successful product, so Microsoft can't hope to fix intrinsic design faults because doing so would break App Compatibility. Two edged sword, it's a no win for Microsoft.

Grand Master

ViperAFK

Posted
Posted
Duh! Where'd you get that crazy idea from?

Vista has so much extra absolute crap in it, it could only be LESS secure than other versions of Windows! That's just a simple given!!

Would you stop posting clearly false information? It is a fact. Vista with uac is a much more secure operating system than xp.

@Denholm, if you have ever seen this guy's posts he is serious.

Veteran

Athernar

Posted
Posted
Would you stop posting clearly false information? It is a fact. Vista with uac is a much more secure operating system than xp.

@Denholm, if you have ever seen this guy's posts he is serious.

Looking at his signature, are you REALLY surprised?

Grand Master

Ricardo Gil

Posted
Posted
Unfortunately I have an entire team of people i'm trying to convince otherwise.

In the meantime, auto updates are off at the directors demand.

Auto updates should always be OFF when it comes to mission critical machines. It's up to those who manage it to decide what gets installed and what doesn't.

Proficient

profets

Posted
Posted
That font size is impressive, I'll give you that, but it's still obvious you don't know what I'm talking about or what mission critical actually means.

exactly... i dont think they get it

automatic updates or windows update is not a simple on & off switch. there are multiple options. but keeping it set as auto update on servers or critical systems isnt a good idea, neither is having it disabled altogether.. you think critical system/server should have auto update on and let them reboot at 3am without being notified? at least they should be set to notify or download then notify.. or prob in bigger organizations they have wsus or system managers that manage higher numbers of systems/servers together.

Mentor

franzon

Posted
Posted (edited)
it's still obvious you don't know what I'm talking about or what mission critical actually means.

very often, the exploits come out within few hours after the patch is released on Windows Update... oh yeah let your mission critical machine to be exploited because it's mission critical... while your administrator is still testing the patches (which are already tested by Microsoft) you're pwned!

Edited by franzon
Proficient

profets

Posted
Posted
often the exploits come out within few hours after the patch is released on Windows Update... oh yet let your mission critical machine to be exploited because it's mission critical... while your administrator is still testing the patches (which are already tested by Microsoft) you're pwned!

you still dont get it do you

you think all administrators should immediately install updates when theyre released and reboot servers that are in a production environment?

Grand Master

Ricardo Gil

Posted
Posted
often the exploits come out within few hours after the patch is released on Windows Update... oh yet let your mission critical machine to be exploited because it's mission critical... while your administrator is still testing the patches (which are already tested by Microsoft) you're pwned!

You should write a book on Systems Administration (Y)

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.