Widespread Malware Attacks Target Windows 7, Vista SP1 and XP SP3 Vuln

By Ci7
in Back Page News

 Share

Recommended Posts

Grand Master

Ci7

Posted
Posted
Microsoft confirmed not only that malware attacks designed to take advantage of a Server Service vulnerability, affecting both Windows client and server versions of the platform, were no longer isolated and targeted cases, but also that infections with malicious code had been detected.

On November 25, Bill Sisk, Microsoft Security Response Center communications manager, and Ziv Mador, senior program manager and response coordinator, revealed that the company was aware of a new wave of attacks, targeting a vulnerability rated as Critical, for which Microsoft Security Bulletin MS08-067 had been released in October as an out-of-band patch.

The security update was designed to integrate with a variety of Windows operating systems, including Windows Vista SP1, Windows XP SP3 and even Windows 7. ?During the weekend, we started receiving customer reports for new malware that exploits this vulnerability. During the last two days, that malware gained momentum and, as a result, we see an increased support call volume,? Mador revealed.

?Recently we?ve received a string of reports from customers that have yet to apply the update and are infected by malware. These most recent reports have a common malware family, and the folks in the Microsoft Malware Protection Center (MMPC) have provided detailed information regarding this latest threat,? Sisk added.

Microsoft pointed out that there were two pieces of malware associated with attacks exploiting the Server Service vulnerability: Win32/Conficker.A (also TA08-297A, CVE-2008-4250, VU827267 W32.Downadup (Symantec)) and Win32/IRCbot.BH (Win32/IRCBot.worm.Gen (AhnLab); Win32/IRCBot!generic (CA); WIN.IRC.WORM.Virus (Dr.Web); Exploit-DcomRpc.gen (McAfee); Mal/IRCBot-B (Sophos); Purple Exploit).

The first is a worm that exploits computers with vulnerable SVCHOST.EXE across a network, the latter is a Backdoor Trojan horse, which gets its commands from an attacker via an IRC server. Backdoor:Win32/IRCbot.BH is used by boots attempting to exploit MS08-067.

Worm: Win32/Conficker.A ?mostly spreads within corporations, but also was reported by several hundred home users. It opens a random port between port 1024 and 10000, and acts like a web server. It propagates to random computers on the network by exploiting MS08-067. Once the remote computer is exploited, that computer will download a copy of the worm via HTTP, using the random port opened by the worm. The worm often uses a .JPG extension when copied over, and then it is saved to the local system folder as a random named dll,? Mador revealed.

According to Microsoft, Win32/Conficker.A even patches the very API vulnerability, which it uses to infect machines, in order to prevent any further exploits to take advantage of the security hole. Mador explained that the majority of infection reports were generated in the U.S., but that the worm was also detected in Germany, Spain, France, Italy, Taiwan, Japan, Brazil, Turkey, China, Mexico, Canada, Argentina and Chile. At the same time, Win32/Conficker.A completely avoids to exploit and infect Ukrainian computers.

source

Grand Master

+Nik Louch Subscriber²

Posted
  • Subscriber²
Posted
regardless of OS, clueless people need to leave the auto-updater on.

There is a certain level of arrogance when a user turns this off (unless certain cases - eg: development/testing server).

Grand Master

Raa

Posted
Posted
There is a certain level of arrogance when a user turns this off (unless certain cases - eg: development/testing server).

Unfortunately I have an entire team of people i'm trying to convince otherwise.

In the meantime, auto updates are off at the directors demand.

Grand Master

cork1958

Posted
Posted
I thought Ballmer said that Vista was secure without Antivirus / more secure by design. More secure than what?!

Seems as leaky as Windows XP and all the previous versions.

Duh! Where'd you get that crazy idea from?

Vista has so much extra absolute crap in it, it could only be LESS secure than other versions of Windows! That's just a simple given!!

Experienced

Maximum Error

Posted
Posted
I thought Ballmer said that Vista was secure without Antivirus / more secure by design. More secure than what?!

Seems as leaky as Windows XP and all the previous versions.

could you have made a more uneducated comment? Vista is more secure by design and it is true that an engineer once said it was ok without anti virus(a comment he quickly withdrew) but he was only taking about the fact that programs have a much harder time elevating their permissions thanks to UAC.

The vulnerability in question was handled brilliantly by MS and this is no fault of theirs.

Grand Master

mad_onion

Posted
Posted
Duh! Where'd you get that crazy idea from?

Vista has so much extra absolute crap in it, it could only be LESS secure than other versions of Windows! That's just a simple given!!

lol ,vista is much more secure than previous versions. the number of security updates related updates that come out each month is lower under vista. but anyway people try and complain to microsoft about security and then turn off auto updates.

Grand Master

Ci7

Posted
  • Author
Posted
lol ,vista is much more secure than previous versions. the number of security updates related updates that come out each month is lower under vista. but anyway people try and complain to microsoft about security and then turn off auto updates.

not mentioning it has lower severity vulnerabilities

Mentor

Denholm

Posted
Posted
could you have made a more uneducated comment? Vista is more secure by design and it is true that an engineer once said it was ok without anti virus(a comment he quickly withdrew) but he was only taking about the fact that programs have a much harder time elevating their permissions thanks to UAC.

The vulnerability in question was handled brilliantly by MS and this is no fault of theirs.

I guess you didn't pick up on the 'sarcasm' :laugh:

Ballmer says some pretty stupid stuff. I bet I do too, but I'm not a CEO of a Multi-Billion dollar company.

What I believe is that Windows is vulnerable by design, and only because Windows is such a successful product, so Microsoft can't hope to fix intrinsic design faults because doing so would break App Compatibility. Two edged sword, it's a no win for Microsoft.

Grand Master

ViperAFK

Posted
Posted
Duh! Where'd you get that crazy idea from?

Vista has so much extra absolute crap in it, it could only be LESS secure than other versions of Windows! That's just a simple given!!

Would you stop posting clearly false information? It is a fact. Vista with uac is a much more secure operating system than xp.

@Denholm, if you have ever seen this guy's posts he is serious.

Veteran

Athernar

Posted
Posted
Would you stop posting clearly false information? It is a fact. Vista with uac is a much more secure operating system than xp.

@Denholm, if you have ever seen this guy's posts he is serious.

Looking at his signature, are you REALLY surprised?

Grand Master

Ricardo Gil

Posted
Posted
Unfortunately I have an entire team of people i'm trying to convince otherwise.

In the meantime, auto updates are off at the directors demand.

Auto updates should always be OFF when it comes to mission critical machines. It's up to those who manage it to decide what gets installed and what doesn't.

Proficient

profets

Posted
Posted
That font size is impressive, I'll give you that, but it's still obvious you don't know what I'm talking about or what mission critical actually means.

exactly... i dont think they get it

automatic updates or windows update is not a simple on & off switch. there are multiple options. but keeping it set as auto update on servers or critical systems isnt a good idea, neither is having it disabled altogether.. you think critical system/server should have auto update on and let them reboot at 3am without being notified? at least they should be set to notify or download then notify.. or prob in bigger organizations they have wsus or system managers that manage higher numbers of systems/servers together.

Mentor

franzon

Posted
Posted (edited)
it's still obvious you don't know what I'm talking about or what mission critical actually means.

very often, the exploits come out within few hours after the patch is released on Windows Update... oh yeah let your mission critical machine to be exploited because it's mission critical... while your administrator is still testing the patches (which are already tested by Microsoft) you're pwned!

Edited by franzon
Proficient

profets

Posted
Posted
often the exploits come out within few hours after the patch is released on Windows Update... oh yet let your mission critical machine to be exploited because it's mission critical... while your administrator is still testing the patches (which are already tested by Microsoft) you're pwned!

you still dont get it do you

you think all administrators should immediately install updates when theyre released and reboot servers that are in a production environment?

Grand Master

Ricardo Gil

Posted
Posted
often the exploits come out within few hours after the patch is released on Windows Update... oh yet let your mission critical machine to be exploited because it's mission critical... while your administrator is still testing the patches (which are already tested by Microsoft) you're pwned!

You should write a book on Systems Administration (Y)

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • This Samsung T7 external SSD deal lasts less than a day

      By Jaybonaut · Posted

      Looks like no official TBW rating, which should be a required listing in my opinion for sites like Amazon (hell, put it on the box too.)
    • Creative Sound Blaster AE-X PCIe review: your headphones will love it

      By Jaybonaut · Posted

      So fake surround sound basically
    • Why you need to take back control of your synced passwords and how to go about doing that

      By Nick H. · Posted

      I think I understood the article fine. Online password managers open users up to more possibilities of getting hacked, and due to KeePass being offline and local it reduces the idea of getting hacked. If someone chooses to put their database online they're kinda missing the point. With regards to the idea of the on-prem idea, I would have two issues. I'm not sure about the first issue, but I wouldn't be surprised about them offering a cloud storage for the passwords that most wouldn't bother to switch off, regardless of if they went for on-prem or not. The second issue is that the on-prem solution for Bitwarden costs money, whereas KeePass is free and open-source (as far as I am aware). The article points out how to sync the database between devices, and I recognise that deficiency in security. But it isn't a necessity. So both services can offer a same idea, but one is free and the other isn't...choices, choices.... But to each their own.
    • AB Download Manager 1.9.2

      By Copernic · Posted

      AB Download Manager 1.9.2 by Razvan Serea AB Download Manager is an open-source, feature-rich download manager designed to accelerate downloads, organize files efficiently, and provide seamless control over downloads. With support for multiple connections, resume capability, and an intuitive interface, it enhances the downloading experience for users seeking speed and reliability. The software integrates with various browsers, enabling quick link grabbing and batch downloading. It supports HTTP, HTTPS, and FTP protocols, ensuring broad compatibility with different file sources. Users can schedule downloads, set speed limits, and categorize files automatically for better organization. AB Download Manager is lightweight yet powerful, making it a great alternative to proprietary download managers. Its open-source nature allows developers to contribute, customize, and improve the software as needed. Whether you're downloading large files, managing multiple downloads at once, or seeking an ad-free experience, this tool offers a practical and efficient solution. Key features of AB Download Manager: Multi-Connection Support – Accelerates downloads by splitting files into multiple segments. Resume Capability – Allows paused or interrupted downloads to be resumed without starting over. Batch Downloading – Supports downloading multiple files at once for improved efficiency. Browser Integration – Captures download links directly from browsers for seamless operation. HTTP, HTTPS, and FTP Support – Ensures compatibility with a wide range of file sources. Download Scheduling – Enables users to automate downloads at specific times. Speed Limiting – Lets users control bandwidth usage for optimized performance. File Categorization – Automatically organizes downloaded files into designated folders. User-Friendly Interface – Simple and intuitive design for easy navigation. Cross-Platform Compatibility – Works on multiple operating systems. Ad-Free Experience – No intrusive ads or tracking for a clean user experience. AB Download Manager 1.9.2 changelog: Added New Twilight theme (#1292) Optional download completion notifications on Android (#1290) Fixed Fixed a crash on some older CPUs on Windows Fixed oversized system tray icon on macOS Improved Updated translations Prevented Android devices from sleeping while downloads are active (#1291) Various UI and UX improvements Download: AB Download Manager 1.9.2 | Portable | ~80.0 MB (Open Source) Download: ARM64 | Portable ARM64 | Android Links: AB Download Manager Website | Github Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • The Light of Life? We actually do glow till our Death, study finds

      By +Good Bot, Bad Bot · Posted

      I am not surprised because life is the product of a lot of biochemical and physical processes that releases various energies as a by-product. The only thing new here is the detection of these photon emissions. The researches noted this "glow" is not a metaphysical one. They don't even immediately end when one is dead. Things like fires, light bulbs, and on a bigger scale stars release a lot more "light" and they are hardly alive.

  • Recent Achievements

    • Conversation Starter
      sumytbe earned a badge
      Conversation Starter
    • One Year In
      B4dM1k3 earned a badge
      One Year In
    • One Year In
      DarkWun earned a badge
      One Year In
    • Dedicated
      Almohandis earned a badge
      Dedicated
    • Dedicated
      JuvenileDelinquent earned a badge
      Dedicated

  • Popular Contributors

    1. 1
      +primortal
      516
    2. 2
      +Edouard
      186
    3. 3
      PsYcHoKiLLa
      87
    4. 4
      Michael Scrip
      79
    5. 5
      Steven P.
      73
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!