Code attacking Windows flaw posted

A 'great opportunity' for unskilled hacker to launch a worm, worries security researcher.
Written by ZDNET Editors, Contributor on

Attack code exploiting a recently-patched vulnerability in Microsoft's Windows operating system has been posted to the Internet, PC World reports

The software was added to the widely used Metasploit project--a favorite of both security researchers and malicious hackers--at around 1 a.m. Thursday morning Pacific Time, according to H.D. Moore, the Metasploit project leader. "It works very reliably against Windows 2000 and Windows XP systems that do not have SP2 [Service Pack 2] installed," he said in an e-mail.

"This is a great opportunity for an unskilled hacker to launch a worm," said Marcus Sachs, deputy director with research group SRI International's Computer Science Laboratory. "A skilled hacker will use the vulnerability to quietly infect millions of computers for the purposes of sending spam, stealing credit card numbers, or countless other subversive activities," he said in an e-mail interview.

Editorial standards