We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
74,960 News Articles

New Botnet exploits patched Windows bug

Dangeours botnet growing rapidly, say researchers

A new botnet is being built with the help of a worm that exploits a Windows vulnerability Microsoft fixed with an emergency patch in October, said security researchers.

Trend Micro researcher Ivan Macalintal has dubbed the worm 'Downad.a' although Microsoft gave it the moniker 'Conficker.a' and Symantec prefers 'Downadup'. Macalintal also said the worm forms part of a new botnet that criminals are creating.

"We think 500,000 is a ball-park figure," said Macalintal when asked the size of the new botnet. "That's not as large as some, such as [the] Kraken [botnet], or Storm earlier, but it's still starting to grow."

Last week, Microsoft warned that the worm was behind a spike in exploits of a bug in the Windows Server service, which is used by the operating system to connect to network file and print servers. Microsoft patched the service with an emergency fix it issued on October 23, shortly after it discovered a small number of infected PCs in Southeast Asia .

However, the new worm is a global threat, said Macalintal. "This has real potential to do damage," he said. Trend Micro has spotted infected IP addresses on the networks of Internet service providers (ISPs) in the US, China, India, the Middle East, Europe and Latin America.

Macalintal also said that it appears the botnet is being built by a new group of cyber-criminals, not one of the gangs that lost control of compromised computers when McColo, a US hosting company, was yanked off the internet. When McColo went offline, crooks lost access to the command-and-control servers which gave marching orders to some of the world's biggest botnets, including 'Srizbi' and 'Rustock'.

One result of the McColo takedown was a temporary slump in spam; some message security vendors said last week that they had seen a sharp increase in spam as the hackers managed to regain control of their botnets.

Security experts, including those at Trend Micro, are co-ordinating efforts, said Macalintal, to pass along their lists of worm-infected PCs to ISPs, who have been asked to contact the computers' owners and urge them to clean their machines of the worm.

"But that's an uphill climb," admitted Macalintal.

Users who haven't applied the emergency patch - labeled MS08-067 by Microsoft - should do so as soon as possible, Macalintal said.

<a href="http://www.computerworld.com " target="_blank">Computerworld </a>


IDG UK Sites

Amazon 3D smartphone release date, price and spec: The hologram phone?

IDG UK Sites

You're never alone with a clone: How the App Store got taken over by copycats

IDG UK Sites

PCs vs consoles: PCs still pwn when it comes to gaming (and everything else)

IDG UK Sites

The art of rebranding: Creative agency The Neighbourhood explains how & why it rebranded