Worm surge exploits Microsoft vulnerability

Worm surge exploits Microsoft vulnerability

Summary: Both US-CERT and security organization F-Secure have issued warnings, urging IT professionals to apply a Microsoft patch.

Business systems are being attacked by a worm exploiting a known Microsoft vulnerability, IT security experts have warned.

Both US-CERT and security organization F-Secure have issued warnings, urging IT professionals to apply the Microsoft patch.

The malware attacks the vulnerability outlined in MS08-067, a Windows Server service flaw that was patched in October. The worm launches a dictionary attack to attempt to crack user passwords, and uses server-side polymorphism and modification to the Access Control Lists (ACL) "to make network disinfection particularly difficult", F-Secure said in a blog post.

A sign of infection is that user accounts get locked out of the Active Directory domain as the worm tries to crack passwords, said F-Secure.

A removal tool is available at the F-Secure website, as is a detailed description of the malware F-Secure calls Downadup.AL.

Topics: Microsoft, Malware, Security


Colin Barker is based in London and is Senior Reporter for ZDNet. He has been writing about the IT business for some 30-plus years. He still enjoys it.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Economic tremors and MS

    With Economic tremors abounding us right now, I do not see how a Company could withstand the money lost from an exploit like this plus all of the time spent by staff and lost productivity due to insecure software. I do not see how MS based solutions can help a companies bottom line, due the massive overhead in licensing, anti-virus, firewall, spyware/malware/trojan fiasco's how could any company go forward thinking ROI will be great with this solution.

    In my opinion in the year 2009 MS still has the same problems as they did 10 years ago. What has changed, prices maybe however the viruses/malware/trojans continue on a relentless rampage taking the MS Ship down to the bottom.

    The amount of money that it takes to keep the MS ship afloat is not a given, with tight economic times open source solutions will be on the radar to get out of renewing licensing that is not needed. With a support Enterprise grade of Linux solution the ROI is far greater with less security vulnerabilities and downtime associated with the platform.

    I think they will hit a peak at MS, and once this is achieved the amount of money that is required to keep it at the top will erode like a small drip, that will eventually turn in a small stream in due time. I for see a downsizing of MS in the future the amount of money it requires to keep their insecure/expensive environment is clearly not worth it.
    • Same-ole same-ole

      Another prediction of Microsoft's demise. Perhaps a new term should be coined for this common occurrence.

      YAPME = Yet Another Prediction of Microsoft's End
      YAPMEOL = Yet Another Prediction of Microsoft's End Of Life
      YAMAP = Yet Another Microsoft Annihilation Prediction
      YAPMA = Yet Another Prediction of Microsoft's Annihilation

      Face it people, Microsoft is going to be around long after we've been buried and forgotten.

      Look it is now 2009. Microsoft is no closer to going under than it was 5 years ago... or 10 years ago... or even 15 years ago.

      Give up the ghost.
      • Re: in time

        I am not speaking from a doom and gloom standpoint but rather from erosion at the base.

        These costly Windows 'Experiences' do damage whether anyone wants to admit it or not. The Open Source movement is actually benefiting from the current economic climate and will continue to grow at a steady pace.

        The Auto makers had their world tilted with the man-made Oil crisis and look what happened. All it would take is some type of shakeup in this realm such as Obama's tax on Coal powerplants that will bankrupt businesses and wreak havoc and we will see where the fall out goes.

        No company is immune and just because they are on top today, does not mean with the electricity man-made shortage on the horizon they will continue to sell software on home machines when the people cannot pay their light bills...
        • Too Much Bias

          Your bias does nothing but show off your lack of understanding about markets and corporations.

          I agree with your thoughts on the ObamaTax but that has precious little to do with your point.

          The fact of the mater is that you can go back to 2005 and read "News" articles talking about the slow adoption rate of WinXP and how corporations don't see any benefit of upgrading... that was 4 years after XP was released. Vista has only been out for 2 years now.

          The only thing being eroded is the mental capacity of those claiming Microsoft is "obviously" dying.
        • COAL TAX ??

          What Obama has said in regards to coal has to with this topic I don't know. I do know you brought it up with incomplete information, as others do. Obama supports the cleaner coal theory. No tax would apply unless, the cola & power industries can't make cleaner coal happen. I agree any upcoming shortage of electrical power will be man made, by a general refusal to conserve And, industries stubborn refusal to embrace renewable technologies that CAN reduce the amount of coal needed be consumed.
      • Forgot one...

        YASP = Yet Another Steaming Pile.

        Something we've come to expect from MS.

        Jack-Booted EULA
      • Ya Dip

        How's this one?



    • So your solution is.....

      To through linux or unix at it and kick back and forget all the best practices that should be used no matter what OS you run. Not a single user in my company runs as an administrator on their desktops including the CEO and President. And guess what, most all problems have gone away since the users can't muck up their system. It really doesn't take much 3rd party software to be secure and cover all your bases. We actually have improved our bottom line by updating our systems and running windows server 2008 for our database servers. They are fast and they require little to no maintenance besides updates. If you have noticed most vulnerabilities for XP or 2003 that are rated critical are only rated important for Vista and 2008. XP and 2003 had shortcomings on security but going forward MS is fixing that with their new security structure on Vista and 2008. I know you don't like that it is that way, but get with reality. Stop the users running as admins and you close up a huge hole in your security. don't turn UAC off like an idiot would and run your updates and things go smooth sailing. The money we pay on licensing our servers in a drop in the bucket to our revenues and having uptimes above 99.99% also does us a huge favor for our bottom line. People like you that have no experience setting up systems right and using best practices do not understand how well these systems work when they are done right. If I didn't have all these projects to work on, I would be bored out of my mind and to me that is a sign of a well running system. Whatever OS route you choice it can be setup to meet your needs, so don't go around making your predictions on some bias you have that you can't seem to let go of. You will never read a post of mine that attacks another OS or idea, because there are many ways to acheive the same results. Open your mind and share your experiences to convince others they have made the wrong decision.
      • Questions.

        1 - Do you leave Active-X enabled?
        2 - Do you leave default services enabled?
        3 - Do you restrict certain websites?
        4 - How do you handle UAC for users?
        5 - What AV are you using?
        6 - Have you ever used a sniffer to see what MS is
        sending back to the mother ship?
    • It is obvious economics is not a strong skill set of yours

      Nor is network administration, it would appear

      I wonder, if you where running Linux or OSX, would you leave those systems unpatched as well?
  • RE: Worm surge exploits Microsoft vulnerability

    Patch has been out since October, and a removal tool is available. This worm is DOA. Anyone who does get affected by this worm, and it will be very very few, are just being negligent with their servers. This probably shouldn't have been an article at all but at ZDNet they need to turn the most minor of things into a huge story.
    Loverock Davidson
    • They took a lesson from you... ]:)

      Linux User 147560
    • OK everybody in the IT world.

      You can stand down. Loverock Davidson has declared the security threat to be a nonevent. Everybody back to work now.
      • Headrock Declares it a 'Nonevent'! "I Feel Safer ALREADY!"

        And three guesses what Vasquez's response to [b][i]that[/b][/i] comment was, Headrock.... >:)