Slashdot Mirror

← Back to Stories (view on slashdot.org)

Botnet Herders Attack MS06-040 Worm Hole

Posted by ryuzaki0 on from the worming-your-way-through-the-net dept.

Laljeetji writes "eweek reports that the first wave of malicious attacks against the MS06-040 vulnerability is underway, using malware that hijacks unpatched Windows machines for use in IRC-controlled botnets. The attacks, which started late Aug. 12, use a variant of a backdoor Trojan that installs itself on a system, modifies security settings, connects to a remote IRC (Internet Relay Chat) server and starts listening for commands from a remote hacker. On the MSRC blog, Microsoft is calling it a very small, targeted attack that does not (yet?) have an auto-spreading mechanism. LURHQ has a detailed analysis of the backdoor."

6 of 112 comments (clear)

  1. strange hadlines... by imsabbel · · Score: 3, Funny

    Could be right out of a voyager episode or something.
    I really hope they reverse their shield polarity when attackign that wormhole, or it could trigger a tachyon cascade....

    --
    HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
  2. Whats gonna happen when Norton removes WGA? by LiquidCoooled · · Score: 5, Funny

    from the analysis:

    This variant of mocbot copies itself to the system directory as wgareg.exe, and creates an NT service to run at startup called "Windows Genuine Advantage Registration Service". The description given to the service reads "Ensures that your copy of Microsoft Windows is genuine and registered. Stopping or disabling this service will result in system instability.", in an attempt to discourage users from stopping it from running.

    Do we actually know which is the more malicious variant?

    --
    liqbase :: faster than paper
  3. Re:IRC the weakpoint? by mabu · · Score: 2, Funny

    I think it's time we "brought freedom" to China.

  4. Could be by twitter · · Score: 2, Funny

    If you're running norton you've got bigger problems than this worm.

    Is that true? I don't have any of these problems and would like to find out. Is there a Debian version of this Norton? What kinds of problems can I expect if I install it?

    --

    Friends don't help friends install M$ junk.

  5. Re:A Solution... by Ph33r+th3+g(O)at · · Score: 2, Funny

    Nope, wasn't me, but I agree with him totally.

    --
    I too have felt the cold finger of injustice.
  6. Re:Blocking outgoing IRC ports effective? by Jedi+Alec · · Score: 2, Funny

    Yes. Although stupid botnet 'herders' may have their botnet ircds listening on the default port (6667), anyone who is even a half wit is smart enough to change that to something utterly random.

    Besides, why block IRC - IRC is so fun :)

    Indeed, which is why some of us irc admins open up port 8080 so anyone has a fair chance at losing their job.

    --

    People replying to my sig annoy me. That's why I change it all the time.