A Windows Worm Mockup?
Update, Oct. 24, 9:30 a.m., ET: F-Secure and McAfee now are saying this "Mocbot" thing is in fact exploiting the same flaw that the Zotob worm went after, not the latest Microsoft flaw. Not quite sure how these two companies made the same mistake in their analysis, but none of this changes the fact that the possibility of a worm exploiting these new holes remains high.
My original post from earlier today:
Then on Saturday, evidence emerged that attackers were using the exploit code in a new Trojan horse program designed to turn infected machines into "bots" -- remote controlled machines used mainly to relay spam or attack Web sites. Among the first to detect the new bugger was the Norman Sandbox, a scanning tool that computer forensics experts often use to identify both new and known computer viruses. Anti-virus companies F-Secure and McAfee (and others I'm sure by now) label the new threat as "Mocbot."
Bot programs like Mocbot can be used to scan the Internet for other vulnerable computers, but as a rule they generally don't spread on their own. Still, may be just a matter of time before we see this exploit folded into a self-spreading computer worm. If we do, the results may be similar to what we saw with the Zotob worm, which affected mainly Windows 2000 computers and caused disruptive but isolated outbreaks at large corporations around the world.
If you aren't up to speed on Windows patches yet, visit Microsoft Update ASAP -- there also are exploits circulating on the Internet for three other vulnerabilities that Microsoft detailed earlier this month.
Posted by: Joe Stewart | October 24, 2005 12:57 PM | Report abuse
Posted by: J.D.S | November 1, 2005 8:20 PM | Report abuse
Posted by: Ken L | November 7, 2005 2:10 AM | Report abuse
Posted by: Brian Krebs | November 7, 2005 5:03 PM | Report abuse
The comments to this entry are closed.