Dark Reading
Risky Business
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Big New Botnet Growing Out Of Windows Worm
Around 500,000 infected bots spotted around the globeDec 02, 2008 | 12:19 PM
By Kelly Jackson HigginsDarkReading
Researchers at Trend Micro have spotted a new botnet populating via a new Windows worm attack. The botnet has reached 500,000 infected machines so far.
The worm, which Trend Micro named WORM_DOWNAD.A, exploits the MS08-067 vulnerability that Microsoft patched in its Windows Server service in late October. Microsoft malware researchers last week noticed a new wave of attacks exploiting the bug, which Microsoft calls Worm:Win32/Conficker.A. At the time, the attacks were mostly targeted and aimed at corporations, but it has now spread to consumer machines as well.
Ivan Macalintal, an advanced threats researcher for Trend Micro, reported that the attack has spread around the world, to the U.S., China, India, the Middle East, Europe, and Latin America. Several residential broadband providers also have a large number of infected customers, he said.
In a published report, Macalintal said the botnet is unrelated to those displaced by the shutdown of malicious hosting provider McColo. The new botnet is the work of a separate cybercriminal operation, he said.
Meanwhile, Microsoft last week urged customers to install the MS08-067 update, which protects against the worm attack and bot infection.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message
New Banking Trojan Discovered Targeting Businesses' Financial Accounts 02/09/2010
China Nudges Out U.S. For Most Bot-Infected Machines 02/09/2010
The Evolving Malware Threat: Is Your Organization Protected from All Angles? 02/17/2010
Daily log review sucks, here's how to make it easier 01/28/2010
DIGITAL ASSETS
The Tangled Web: Silent Threats & Invisible Enemies
02/02/2010
From the Field: A Hacker's Story
02/01/2010
Subscribe to RSSChina Nudges Out U.S. For Most Bot-Infected Machines
China Shutters Hacker 'Boot Camp'
GAO Report: NASA Still Facing Weaknesses In IT Security
MORE KEYHOLE
Published:2010-01-22
Severity:High
Description:SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
Published:2010-01-22
Severity:High
Description:The URL validation functionality in Microsoft Internet Explorer 7 and 8 does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
Published:2010-01-22
Severity:Medium
Description:ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.
|
