A dangerous vulnerability is identified and patched
by Microsoft in Windows 2000, Windows XP and Windows
2003 versions, which can lead to potential attacks in
the scale of the 2003 MS Blaster worm in the next few
days, says Security Analysts at MicroWorld Technologies.
Vulnerability-MS06-040, one among the 23 security
holes patched by Microsoft in its latest security
bulletin on August 08, is highly critical and poses
a direct and dire threat to computers on the Windows
platform. Patch for this vulnerability is available
at MS06-040
(http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx)
on the Microsoft website.
While some of the exploits aimed at the flaw is already
available on the web and can be used by malware authors,
MicroWorld's Security Analyst informs a new backdoor
variant named 'Win32.IRCBot.st' can attack the vulnerability
in order to spread in networks.
"Win32.IRCBot.st" is a PE executable that's
packed with MEW. It appears as "wgareg.exe"
in the Windows System folder with a description "Windows
Genuine Advantage Registration Service". The
backdoor changes the security settings of the computer,
turns off firewall and connects to the remote attacker
via IRC channels. While its first spreading routine
is via the AOL Messenger, the second one uses MS06-040
vulnerability to infect remote computers. A hacker
can scan for vulnerable IPS as the Backdoor sends
out the exploit and infect the targeted machine.
"This is just one of the exploits aimed at the
vulnerability in question, which can well be a curtain
raiser for more attacks in days to come," says
Arti Taru, Assistant Manager, R&D, MicroWorld
Technologies. "An exploit code pushed through
Metasploit Framework can pave way for large scale
Denial of Service attacks against unpatched computers.
We strongly recommend users to update their Windows
versions to prevent any further assaults through this
security hole."
The gravity of the situation can be estimated from
the fact that the Department of Homeland Security
of the US government has issued an unusual warning
on this issue, which says "Windows users are
encouraged to avoid delay in applying this security
patch. Attempts to exploit vulnerabilities in operating
systems routinely occur within 24 hours of the release
of a security patch."
"Increasing incidents of Zero-Day attacks like
these call for a high level of alertness and awareness
from all computer users, home segment and Enterprises
alike. While we at MicroWorld continue to insulate
computers against every new Virus and Worm, it's extremely
important that users too patch their Operating Systems
and other software swiftly, to shut the Window of
opportunity on the face of the attackers," affirms
Govind Rammurthy, CEO, MicroWorld Technologies.
MicroWorld
MicroWorld (www.mwti.net
) is the developer of the world's first Real-Time
Anti-Virus and Content Security software eScan
for desktops and servers. Its communication security
software,
MailScan is the first comprehensive e-mail
scanner for your SMTP/POP3 Mail Server. MicroWorld
Winsock Layer (MWL) is the revolutionary technology
underlying these products, powering them to several
certifications and awards by some of the most prestigious
testing bodies, notable among them being Virus Bulletin,
Checkmark, TUCOWS, Red Hat Ready, and Novell Ready.
Combining their powerful scanner with MWL technology,
MicroWorld solutions provide a Real-Time Proactive
security for your systems. For network security of
enterprises, eConceal Firewall is the latest powerful
offering from MicroWorld.
To learn more, kindly visit http://www.mwti.net.
