We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Windows malware raises worm fears

Attack code doing the rounds

Attack code exploiting a recently patched vulnerability in Microsoft's Windows OS (operating system) has been posted to the internet, prompting concerns of a widespread attack.

The software was added to the widely used Metasploit project – a favorite of both security researchers and malicious hackers – yesterday, according to HD Moore, the Metasploit project leader. "It works very reliably against Windows 2000 and Windows XP systems that do not have SP2 installed," he said in an email.

Security experts had worried that the Windows Server services vulnerability – described in Microsoft Security Bulletin MS06-040 – could be used in a widespread worm attack. Windows Server services are generally enabled by default on Windows systems, and are used for common network applications like file sharing and printing.

The bug was patched on Tuesday in one of 12 Microsoft security updates.

On Wednesday the US DHS (Department of Homeland Security) took the unusual step of warning PC users to make sure they had installed this patch. The DHS statement warned that the vulnerability "could impact government systems, private industry and critical infrastructure, as well as individual and home users".

"This is a great opportunity for an unskilled hacker to launch a worm," said Marcus Sachs, deputy director with research group SRI International's Computer Science Laboratory. "A skilled hacker will use the vulnerability to quietly infect millions of computers for the purposes of sending spam, stealing credit card numbers, or countless other subversive activities."

Microsoft executives were not immediately available to comment on the Metasploit code. In a blog posting dated early yesterday, Microsoft Security Response Center program manager Christopher Budd said his company was seeing "very, very limited exploitation of the vulnerability".

Microsoft's patch had been downloaded by about 100 million users in the first 30 hours, he added. Budd's post can be found here.

Moore's public comments on the attack code can be found here.

IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 off Retina iMac with new model