Slashdot Mirror
Botnet Herders Attack MS06-040 Worm Hole
Laljeetji writes "eweek reports that the first wave of malicious attacks against the MS06-040 vulnerability is underway, using malware that hijacks unpatched Windows machines for use in IRC-controlled botnets. The attacks, which started late Aug. 12, use a variant of a backdoor Trojan that installs itself on a system, modifies security settings, connects to a remote IRC (Internet Relay Chat) server and starts listening for commands from a remote hacker. On the MSRC blog, Microsoft is calling it a very small, targeted attack that does not (yet?) have an auto-spreading mechanism. LURHQ has a detailed analysis of the backdoor."
...to think some of this stuff is officially sanctioned, state sponsored or at least allowed to continue?
Patches are one thing but if people just used a firewall (even the built in one in Windows XP) or even just turned off the Server service (most home users don't need it) most of these worms would not have anywhere to go.
I'm amazed at the number of PCs that are are still blindly connected to the Internet with no firewall. Crank up NMap and run it over your ISPs dyanmic address range and have a look.
Does that mean that if someone reverse-engineers the bot command set, maybe we can send them all a command to shutdown the service?
I don't know the meaning of the word 'don't' - J
I know that the patching after you're infected may not do you much good, except to prevent reinfection after you clean your system, but why don't viruses and worms start doing things like pretending to be a firewall and blocking sites like microsoft.com, or monitor what you search for and prevent you from searching for its own name?
This is a great idea, right until a patch breaks something. I can't remember the exact patch, but back in April MS released a patch that messed with IE's ability to automatically correct a URL's format. Id est, "google.com" doesn't get changed to "http://www.google.com". The patch conflicted with some HP software (Share-To-Web or something like that), and broke the URL correction.
I had a couple clients (residential, not commercial, mind you) who had me correct the problem. One of these clients had ben prior customer... and I had stressed updating Windows on a regular basis. Let me tell you... that was a fun conversation. "Yes, an update to Windows broke your system. Yes, I do have to charge you for this service. Yes, I realize I told you a few months ago to make sure you updated Windows regularly. No, unfortunately I cannot fix this for free since Microsoft screwed up the patch."
Danged if you do, darned if you don't...
MS06-040 is a vulnerability that allows an attacker to take over a PC whose only crime is running Windows while connected to the internet. No user action required.
It looks like the blog on technet calls the current attack "extremely small" and "extremely targeted" - to only those PCs running W2K, which as I understand it, is millions of bidniz PCs.
This is like calling 911 and having the dispatcher say "It can't be a very bad fire if it's only in the kitchen! Call us back when it gets to attic."
Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
Whats normal? American soldiers raping indiginous folk in whatever part of the world they are fucking up (Iraq)?
Stop being such an ignorant twat. The US also turns a blind eye to crimes far worse if they a bit of an embarrasment overseas.
The US also point blank refuses to allow their soldiers to be subject to any laws except thier own when they are serving overseas. So why should any other nations hand criminals over to the US if they wont do the same in return.
I dont read