With security vendors warning of malware that exploits a recently patched flaw in Windows, Microsoft is saying attacks are not on the rise.
Earlier this week, two malicious programs popped up, both of which took advantage of the MS06-040 Windows Server service vulnerability. This prompted Symantec to raise its ThreatCon rating to 2 last Thursday, an indication that users should be at a heightened level of security awareness.
But on Friday Microsoft said that even with these variants, the total number of computers being attacked was unchanged. "We're not seeing an increase in attacks, just minor variations," said Stephen Toulouse, security programme manager with Microsoft's Security Response Center.
Symantec's Oliver Friedrichs agreed that "the overall volume of attack attempts is fairly consistent". But he said the fact that hackers had continued to pound away at the MS06-040 vulnerability is troubling. "That we are seeing more threats exploiting these vulnerabilities is disconcerting in itself," said Friedrichs, a director of emerging technologies at Symantec Security Response.
Symantec has counted six variants of the MS06-040 attacks to date. Symantec rates the two new programs spotted this week, W32.Dasher.G and W32.Spybot.AKNO, as low risks.
A security bulletin on MS06-040, which affects most versions of Windows, can be found here.
The MS06-040 patch has to do with Windows' Server services, which are used for a variety of networking tasks, such as filesharing and printing. Because the flaw relates to widely used and network-enabled features, security experts have warned that it is a likely candidate for a widespread worm. Shortly after the patch was released, the US Department of Homeland Security took the unusual step of warning users of the flaw, saying it could put the nation's infrastructure at risk.
To date, however, no widespread outbreak has appeared.