Botnet herders pounce on Windows DNS RPC flaw

Online criminals have pounced on the unpatched Windows DNS Server service vulnerability, using the security hole to seed and replenish for-profit botnets.

The latest twist in the ongoing attacks comes less than a week after Microsoft's pre-patch advisory provided clues for hackers to write and release detailed exploit code.

Anti-virus researchers have detected signs of a variant of the talkative Nirbot Trojan squirming through the worm hole created by the vulnerability.

McAfee's analysis describes the latest Nirbot mutant as an IRC (internet relay chat) controlled backdoor, which provides an attacker with unauthorized remote access to the compromised computer.

An attacker can gain control over the compromised computer and use it to send spam, install adware, distribute illegal content or launch a DDos attack on internet systems.

Microsoft has confirmed the worm-centric bot attack, noting that the Trojan opens and listens on TCP port 57660 to receive  commands from remote attackers.

These commands could include instructions to initiate network scanning in search of other vulnerable computers.

According to data from Arbor's ATLAS threat monitoring portal, the bulk of the attacks are coming from the U.S., China, India and Korea.