Worm surge exploits Microsoft vulnerability
![colin-barker.jpg](https://www.zdnet.com/a/img/resize/9cc5531bcc26036147851289556a779d0505acd3/2013/06/13/1f552df4-1175-11e4-9732-00505685119a/colin-barker.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
Business systems are being attacked by a worm exploiting a known Microsoft vulnerability, IT security experts have warned.
Both US-CERT and security organisation F-Secure have issued warnings, urging IT professionals to apply the Microsoft patch.
The malware attacks the vulnerability outlined in MS08-067, a Windows Server service flaw that was patched in October. The worm launches a dictionary attack to attempt to crack user passwords, and uses server-side polymorphism and modification to the Access Control Lists (ACL) "to make network disinfection particularly difficult", F-Secure said in a blog post.
A sign of infection is that user accounts get locked out of the Active Directory domain as the worm tries to crack passwords, said F-Secure.
A removal tool is available at the F-Secure website, as is a detailed description of the malware F-Secure calls Downadup.AL.