On Aug 8th, Microsoft issued a security warning for a critical security hole
which affects XP, 2000, and 2003 Windows platforms. This security warning was
then updated with new information and a patch on Aug 14th (available at MS06-040
( http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx
) on the Microsoft Web site.)
 If you do not have this patch,
then go to the website and install it as soon as possible, as exploits aimed
at this security hole are already floating around the web, and can be used by
spyware and malware software composers. Interior networks are also at risk,
as a backdoor variant named 'Win32.IRCBot.st' can attack the vulnerability in
order to spread through networks.
'Win32.IRCBot.st' is a PE executable that is packed with MEW. It appears as
'wgareg.exe' in the Windows System folder with a description 'Windows Genuine
Advantage Registration Service'. The backdoor changes the security settings
of the computer, turns off firewall and connects to the remote attacker via
IRC channels.
While its first spreading routine is via the AOL Messenger, the second one
uses MS06-040 vulnerability to infect remote computers. A hacker can scan for
vulnerable IPS as the backdoor sends out the exploit and infect the targeted
machine.
The Department of Homeland Security of the US government has issued an unusual
warning on this issue, which says: “Windows users are encouraged to avoid
delay in applying this security patch. Attempts to exploit vulnerabilities in
operating systems routinely occur within 24 hours of the release of a security
patch."
Despite what you might think about the US Department of Homeland Security,
in this case it is a very wise precaution to update your computer as soon as
possible.
This article may not be copied or distributed in part or in full from this site and is copyright D24 Media Limited.
|
