Botnet Herders Attack MS06-040 Worm Hole

Posted by ryuzaki0 on Sunday August 13, 2006 @09:48AM from the worming-your-way-through-the-net dept.

Laljeetji writes "eweek reports that the first wave of malicious attacks against the MS06-040 vulnerability is underway, using malware that hijacks unpatched Windows machines for use in IRC-controlled botnets. The attacks, which started late Aug. 12, use a variant of a backdoor Trojan that installs itself on a system, modifies security settings, connects to a remote IRC (Internet Relay Chat) server and starts listening for commands from a remote hacker. On the MSRC blog, Microsoft is calling it a very small, targeted attack that does not (yet?) have an auto-spreading mechanism. LURHQ has a detailed analysis of the backdoor."

2 of 112 comments (clear)

Min score:

Reason:

Sort:

Re:A Solution... by tymbow · 2006-08-13 10:36 · Score: 4, Interesting

Patches are one thing but if people just used a firewall (even the built in one in Windows XP) or even just turned off the Server service (most home users don't need it) most of these worms would not have anywhere to go.

I'm amazed at the number of PCs that are are still blindly connected to the Internet with no firewall. Crank up NMap and run it over your ISPs dyanmic address range and have a look.
Wondering... by Progman3K · 2006-08-13 10:40 · Score: 4, Interesting

Does that mean that if someone reverse-engineers the bot command set, maybe we can send them all a command to shutdown the service?

--
I don't know the meaning of the word 'don't' - J