madison
Home / News & Blogs

Worm surge exploits Microsoft vulnerability

Colin Barker ZDNet.co.uk | January 7, 2009 9:21 AM PST

Summary

Both US-CERT and security organization F-Secure have issued warnings, urging IT professionals to apply a Microsoft patch.

Topics

Microsoft Corp., F-Secure Corp., Business System, Cyberthreats, Security, Viruses And Worms, CERT, Microsoft, worm, vulnerability, Spyware, Adware & Malware, Colin Barker ZDNet.co.uk
Business systems are being attacked by a worm exploiting a known Microsoft vulnerability, IT security experts have warned.

Both US-CERT and security organization F-Secure have issued warnings, urging IT professionals to apply the Microsoft patch.

The malware attacks the vulnerability outlined in MS08-067, a Windows Server service flaw that was patched in October. The worm launches a dictionary attack to attempt to crack user passwords, and uses server-side polymorphism and modification to the Access Control Lists (ACL) "to make network disinfection particularly difficult", F-Secure said in a blog post.

A sign of infection is that user accounts get locked out of the Active Directory domain as the worm tries to crack passwords, said F-Secure.

A removal tool is available at the F-Secure website, as is a detailed description of the malware F-Secure calls Downadup.AL.

Talkback Most Recent of 14 Talkback(s)

  • Economic tremors and MS
    With Economic tremors abounding us right now, I do not see how a Company could withstand the money lost from an exploit like this plus all of the time spent by staff and lost productivity due to insecure software. I do not see how MS based solutions can help a companies bottom line, due the massive overhead in licensing, anti-virus, firewall, spyware/malware/trojan fiasco's how could any company go forward thinking ROI will be great with this solution.

    In my opinion in the year 2009 MS still has the same problems as they did 10 years ago. What has changed, prices maybe however the viruses/malware/trojans continue on a relentless rampage taking the MS Ship down to the bottom.

    The amount of money that it takes to keep the MS ship afloat is not a given, with tight economic times open source solutions will be on the radar to get out of renewing licensing that is not needed. With a support Enterprise grade of Linux solution the ROI is far greater with less security vulnerabilities and downtime associated with the platform.

    I think they will hit a peak at MS, and once this is achieved the amount of money that is required to keep it at the top will erode like a small drip, that will eventually turn in a small stream in due time. I for see a downsizing of MS in the future the amount of money it requires to keep their insecure/expensive environment is clearly not worth it.
    ZDNet Gravatar
    Christian_<><
    7th Jan 2009
  • Same-ole same-ole
    Another prediction of Microsoft's demise. Perhaps a new term should be coined for this common occurrence.

    YAPME = Yet Another Prediction of Microsoft's End
    YAPMEOL = Yet Another Prediction of Microsoft's End Of Life
    YAMAP = Yet Another Microsoft Annihilation Prediction
    YAPMA = Yet Another Prediction of Microsoft's Annihilation


    Face it people, Microsoft is going to be around long after we've been buried and forgotten.

    Look it is now 2009. Microsoft is no closer to going under than it was 5 years ago... or 10 years ago... or even 15 years ago.

    Give up the ghost.
    ZDNet Gravatar
    mikefarinha
    7th Jan 2009
  • Re: in time
    I am not speaking from a doom and gloom standpoint but rather from erosion at the base.

    These costly Windows 'Experiences' do damage whether anyone wants to admit it or not. The Open Source movement is actually benefiting from the current economic climate and will continue to grow at a steady pace.

    The Auto makers had their world tilted with the man-made Oil crisis and look what happened. All it would take is some type of shakeup in this realm such as Obama's tax on Coal powerplants that will bankrupt businesses and wreak havoc and we will see where the fall out goes.

    No company is immune and just because they are on top today, does not mean with the electricity man-made shortage on the horizon they will continue to sell software on home machines when the people cannot pay their light bills...
    ZDNet Gravatar
    Christian_<><
    7th Jan 2009
  • Too Much Bias
    Your bias does nothing but show off your lack of understanding about markets and corporations.

    I agree with your thoughts on the ObamaTax but that has precious little to do with your point.

    The fact of the mater is that you can go back to 2005 and read "News" articles talking about the slow adoption rate of WinXP and how corporations don't see any benefit of upgrading... that was 4 years after XP was released. Vista has only been out for 2 years now.

    The only thing being eroded is the mental capacity of those claiming Microsoft is "obviously" dying.
    ZDNet Gravatar
    mikefarinha
    7th Jan 2009
  • COAL TAX ??
    What Obama has said in regards to coal has to with this topic I don't know. I do know you brought it up with incomplete information, as others do. Obama supports the cleaner coal theory. No tax would apply unless, the cola & power industries can't make cleaner coal happen. I agree any upcoming shortage of electrical power will be man made, by a general refusal to conserve And, industries stubborn refusal to embrace renewable technologies that CAN reduce the amount of coal needed be consumed.
    ZDNet Gravatar
    westks
    8th Jan 2009
  • Forgot one...
    YASP = Yet Another Steaming Pile.

    Something we've come to expect from MS.

    :o)
    ZDNet Gravatar
    Jack-Booted EULA
    7th Jan 2009
  • Ya Dip
    How's this one?

    Yet
    Another

    Damned
    Incorrect
    Prediction

    devil
    ZDNet Gravatar
    MGP2
    7th Jan 2009
  • So your solution is.....
    To through linux or unix at it and kick back and forget all the best practices that should be used no matter what OS you run. Not a single user in my company runs as an administrator on their desktops including the CEO and President. And guess what, most all problems have gone away since the users can't muck up their system. It really doesn't take much 3rd party software to be secure and cover all your bases. We actually have improved our bottom line by updating our systems and running windows server 2008 for our database servers. They are fast and they require little to no maintenance besides updates. If you have noticed most vulnerabilities for XP or 2003 that are rated critical are only rated important for Vista and 2008. XP and 2003 had shortcomings on security but going forward MS is fixing that with their new security structure on Vista and 2008. I know you don't like that it is that way, but get with reality. Stop the users running as admins and you close up a huge hole in your security. don't turn UAC off like an idiot would and run your updates and things go smooth sailing. The money we pay on licensing our servers in a drop in the bucket to our revenues and having uptimes above 99.99% also does us a huge favor for our bottom line. People like you that have no experience setting up systems right and using best practices do not understand how well these systems work when they are done right. If I didn't have all these projects to work on, I would be bored out of my mind and to me that is a sign of a well running system. Whatever OS route you choice it can be setup to meet your needs, so don't go around making your predictions on some bias you have that you can't seem to let go of. You will never read a post of mine that attacks another OS or idea, because there are many ways to acheive the same results. Open your mind and share your experiences to convince others they have made the wrong decision.
    ZDNet Gravatar
    OhTheHumanity
    7th Jan 2009
  • Questions.
    1 - Do you leave Active-X enabled?
    2 - Do you leave default services enabled?
    3 - Do you restrict certain websites?
    4 - How do you handle UAC for users?
    5 - What AV are you using?
    6 - Have you ever used a sniffer to see what MS is
    sending back to the mother ship?
    ZDNet Gravatar
    Joe.Smetona
    8th Jan 2009
  • It is obvious economics is not a strong skill set of yours
    Nor is network administration, it would appear

    I wonder, if you where running Linux or OSX, would you leave those systems unpatched as well?
    ZDNet Gravatar
    GuidingLight
    7th Jan 2009
  • RE: Worm surge exploits Microsoft vulnerability
    Patch has been out since October, and a removal tool is available. This worm is DOA. Anyone who does get affected by this worm, and it will be very very few, are just being negligent with their servers. This probably shouldn't have been an article at all but at ZDNet they need to turn the most minor of things into a huge story.
    ZDNet Gravatar
    Loverock Davidson
    7th Jan 2009
  • They took a lesson from you...
    ZDNet Gravatar
    Linux User 147560
    7th Jan 2009
  • OK everybody in the IT world.
    You can stand down. Loverock Davidson has declared the security threat to be a nonevent. Everybody back to work now.
    ZDNet Gravatar
    kozmcrae
    7th Jan 2009
  • Headrock Declares it a 'Nonevent'! "I Feel Safer ALREADY!"
    And three guesses what Vasquez's response to that comment was, Headrock.... >:)
    ZDNet Gravatar
    drprodny
    9th Jan 2009

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity