Slashdot Mirror

← Back to Stories (view on slashdot.org)

Botnet Herders Attack MS06-040 Worm Hole

Posted by ryuzaki0 on from the worming-your-way-through-the-net dept.

Laljeetji writes "eweek reports that the first wave of malicious attacks against the MS06-040 vulnerability is underway, using malware that hijacks unpatched Windows machines for use in IRC-controlled botnets. The attacks, which started late Aug. 12, use a variant of a backdoor Trojan that installs itself on a system, modifies security settings, connects to a remote IRC (Internet Relay Chat) server and starts listening for commands from a remote hacker. On the MSRC blog, Microsoft is calling it a very small, targeted attack that does not (yet?) have an auto-spreading mechanism. LURHQ has a detailed analysis of the backdoor."

4 of 112 comments (clear)

  1. Is it a stretch..... by zogger · · Score: 3, Interesting

    ...to think some of this stuff is officially sanctioned, state sponsored or at least allowed to continue?

  2. Re:A Solution... by tymbow · · Score: 4, Interesting

    Patches are one thing but if people just used a firewall (even the built in one in Windows XP) or even just turned off the Server service (most home users don't need it) most of these worms would not have anywhere to go.

    I'm amazed at the number of PCs that are are still blindly connected to the Internet with no firewall. Crank up NMap and run it over your ISPs dyanmic address range and have a look.

  3. Wondering... by Progman3K · · Score: 4, Interesting

    Does that mean that if someone reverse-engineers the bot command set, maybe we can send them all a command to shutdown the service?

    --
    I don't know the meaning of the word 'don't' - J
  4. Re:A Solution... by the_bard17 · · Score: 3, Interesting

    This is a great idea, right until a patch breaks something. I can't remember the exact patch, but back in April MS released a patch that messed with IE's ability to automatically correct a URL's format. Id est, "google.com" doesn't get changed to "http://www.google.com". The patch conflicted with some HP software (Share-To-Web or something like that), and broke the URL correction.

    I had a couple clients (residential, not commercial, mind you) who had me correct the problem. One of these clients had ben prior customer... and I had stressed updating Windows on a regular basis. Let me tell you... that was a fun conversation. "Yes, an update to Windows broke your system. Yes, I do have to charge you for this service. Yes, I realize I told you a few months ago to make sure you updated Windows regularly. No, unfortunately I cannot fix this for free since Microsoft screwed up the patch."

    Danged if you do, darned if you don't...