Worm surge exploits Microsoft vulnerability

Summary:Both US-CERT and security organization F-Secure have issued warnings, urging IT professionals to apply a Microsoft patch.

Business systems are being attacked by a worm exploiting a known Microsoft vulnerability, IT security experts have warned.

Both US-CERT and security organization F-Secure have issued warnings, urging IT professionals to apply the Microsoft patch.

The malware attacks the vulnerability outlined in MS08-067, a Windows Server service flaw that was patched in October. The worm launches a dictionary attack to attempt to crack user passwords, and uses server-side polymorphism and modification to the Access Control Lists (ACL) "to make network disinfection particularly difficult", F-Secure said in a blog post.

A sign of infection is that user accounts get locked out of the Active Directory domain as the worm tries to crack passwords, said F-Secure.

A removal tool is available at the F-Secure website, as is a detailed description of the malware F-Secure calls Downadup.AL.

Topics: Microsoft, Malware, Security

About

Colin has been a computer journalist for some 30 years having started in the business the same year that the IBM PC was launched, although the first piece he wrote was about computer audit. He was at one time editor of Computing magazine in London and prior to that held a number of editing jobs, including time spent at the late DEC Compu... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.