jump to navigation

Hackers target latest Windows fix August 16, 2006

Posted by grhomeboy in Internet Safety, Microsoft.
trackback

Hi-tech hackers have started to produce malicious programs that target the latest bugs in Microsoft’s Windows.

A worm has been spotted in the wild that tries to use vulnerabilities to hijack home computers.

Any computer compromised by the worm will become part of a large botnet set up to send out junk mail.

At the same time Microsoft is re-issuing a recent security patch which has made the Internet Explorer browser crash on some computers.

Spam sender

On 8 August Microsoft released a bumper collection of security patches for 23 separate flaws in Windows and programs in the Office software suite.

One of the problems identified in the August update was deemed so serious that the US Department of Homeland Security (DHS) issued a warning urging users to download the patch and apply it as soon as possible. The DHS has a role in securing America’s critical infrastructure which includes the internet.

Now security companies have caught copies of a worm travelling the net that tries to infect Windows machines via this loophole.

The Mocbot worm attacks machines running Windows 2000 or XP that only have Service Pack 1 installed.

“As Microsoft only issued a patch against this vulnerability last week, many Windows computers probably remain unpatched and vulnerable to these threats,” said Carole Theriault, senior security consultant at Sophos in a statement.

Computer security firms have seen two variants of this worm circulating online. Analysis by Joe Stewart at security firm Lurhq show that, once installed, it tries to download a trojan known to act as a spam proxy.

These are networks of compromised machines that junk mailers have been forced to use because so few net service firms will host companies that send out millions of unwanted messages.

Microsoft said it would be re-issuing one of the security patches because, in certain circumstances, it can cause the Internet Explorer browser to crash.

The problem occurs with the MS06-42 update which tried to fix eight separate vulnerabilities in the IE browser.

Relatively few users are thought to be suffering from the clash between IE and the security patches. Microsoft said it affected IE with Service Pack 1 installed but only if visiting websites that use data compression and the widely used version 1.1 of the HTTP web protocols.

Microsoft said it expected to have the new version of the MS06-42 update ready by 22 August. However, a “hotfix” has been made available but Microsoft said this should only be installed on those computers crashing because of the update.

RELATED INTERNET LINKS

Microsoft security bulletin for August 2006

Microsoft Security Response Center (MSRC) blog

MSRC on crashes caused by security update

Microsoft on browser crashes following security update

MS06-42 Security update

DHS warning on Windows bugs

US Department of Homeland Security (DHS)

Sophos

Lurhq

Lurhq analysis of Mocbot

Source: BBC

Advertisements
%d bloggers like this: