Internet Worm ‘Win32/Conficker.A’ Exploiting Windows Vulnerability
Dec 02, 2008
What's your opinion?
What's your opinion?
Microsoft has warned users of a rise in attacks on a vulnerability in Windows. It is able to trigger a worm infestation on networks. The software giant encourages companies to apply the emergency patch released in October. The worm dubbed Win32/Conficker.A, is an Internet worm. It is currently in the wild and infecting PCs across the globe. Attacks have increased over the last week, exploiting the critical vulnerability that was addressed by security update MS08-067.
The vendor recommends users to apply the patch as soon as possible. It was released more than two weeks after Microsoft's monthly patch cycle called 'Patch Tuesday'. The last emergency patch released was in April.
Win32/Conficker.A infects computers across a network by exploiting the vulnerability in the Windows Server service (SVCHOST.exe). Microsoft says that the worm takes advantage of a known vulnerability that if successfully exploited, could enable remote code execution when file sharing is enabled.
In a post on the Microsoft Malware Protection Center Blog, Microsoft said that the malware was spreading not only inside corporations, but also hit hundreds of home PCs.
The post also said that the way the worm works is that it opens a random port between port 1024 and 10000 and acts like a Web server. It propagates to random computers on the network by explo
iting MS08-067. Once the remote computer is exploited, that computer downloads a copy of the worm through HTTP by using the random port opened by the worm. The post reported that the worm frequently uses a .JPG extension when copied over. Then it is saved to the local system folder as a random named dll,".
It is also interesting to note that the worm patches the vulnerable API in memory. Thus, the computer will not be vulnerable anymore. It is not that the malware authors care very much about the computer, they just want to make sure that other malware is not going to take it over as well.
Resources:
Windows vulnerability is exploited by the internet worm
Internet malware attacks computers by exploiting Windows vulnerability
Warning! Windows vulnerability is exploited by the new malware attacking PCs
LATEST ARTICLES
LATEST COMMENTS
Mar 10, 2010
Different people in the world get the <a... moreMar 05, 2010
XRumer 5 Palladium is the BEST program for promo! Learn more: URL is... moreFeb 28, 2010
XRumer 5.0.12 Palladium is the BEST program for advertisement!Read more:URL... moreFeb 26, 2010
Hello,You have to install an ad blocking program on your computer as it... moreFeb 26, 2010
thanks I have also been looking for a firewall and deciding which one is best... moreFeb 26, 2010
Hey there, I have found out that this suite includes antivirus product,... more
more comments »
Comments
State your case