Hackers Exploit Microsoft Bug
Posted on: Sunday, 26 October 2008, 09:35 CDT
Just one day after Microsoft distributed a rare emergency security patch, hackers have found new ways to exploit the bug.
Security researchers identified a new trojan called Gimmiv on Friday, after a hacker had posted an early sample of code that could be used to take advantage of the flaw on the Internet.
Since the bug could be used to create an Internet worm attack, Microsoft issued the patch more than two weeks ahead of its next security update. In fact, the software giant said it had already witnessed a small number of attacks that exploited the flaw.
According to a New York Times report, the vulnerability lies in the Windows Server service used to connect with other devices on networks. And while the Windows firewall software will block the worm from spreading, experts worry the flaw could be used to spread infections between machines on a local area network (LAN), which are typically not protected by firewalls.
Indeed, that's precisely what the Gimmiv trojan intends to do, said Symantec’s senior research manager Ben Greenbaum.
"It is downloaded onto a target machine via social engineering and then proceeds to scan and exploit machines on the same network, using this newly disclosed vulnerability in the Server service," he told the New York Times.
Experts believe the worm then loads software that steals passwords.
Both Symantec and McAfee said Friday that they had only seen a very small number of attacks based on Gimmiv. However, Symantec reported a 25 percent jump in network scans searching for vulnerable machines beginning Thursday evening. The searches could signal that more attacks are on the way, Symantec said.
It’s a scenario that becomes more probable as additional tools are released to the broader public. For instance, sample exploit code was posted to the Milw0rm.com hacker site on Friday, and security experts expect hackers to move the code into easy-to-use attack tools over the next few days.
Greenbaum predicts the attack code will soon be used to create botnet networks of infected computers.
"What we are going to see is this attack being added to the arsenal of botcode," he told the New York Times.
"Once it evolves to the point where people really don't have to know much about the exploit ... those are the situations where people write the worms that do a lot of [damage]," Craig Schmugar, a researcher with McAfee, told the New York Times.
When asked if he expects a harmful worm to materialize from the latest bug, Schmugar said: "If history is a lesson, then yes.”
Source: redOrbit Staff & Wire Reports
Related Articles
- The Jewish Channel on Demand Launches on Time Warner Cable's New York City Region
- Symantec Report Reveals Malicious Attacks Focused Toward Trusted Web Sites
- Eos Airlines is in a Category of One As Best On-Time Performer Between New York and London for First Quarter of 2007
- Covelight Systems and Vigilant Partner to Deliver Solutions for Real-Time, Web Channel Data Integrated With Security Information and Event Management (SIEM) Engines
- Eos Airlines is the Best On-Time Performer Between New York and London; UK Civil Aviation Authority Data Shows Eos Outperforming All Airlines
- China Natural Gas, Inc. Completes US$10.4 Million in Equity Financing Through New York Global Securities, Inc. As Placement Agent
- Tarari's New RegEx Engines Scale UTM Appliances From 10 Meg to 10 Gig; Single API Reduces Engineering Time for Incorporating Industry's Leading Network Security Accelerator into Solutions From SOHO to Carrier Class
- TransMedia to Unveil Glide Effortless: Next Generation Interactive Portable Desktop to the Press at The Mandarin Oriental Hotel, Time Warner Center New York City on October 17th at 10AM
- Symantec Press Publishes ''The Symantec Guide to Home Internet Security''; Easy-To-Understand Book Offers Ways For Home Computer Users and Small Businesses To Protect Information From Cyber Attacks
- New York adds security in wake of London blasts
 |
 |
User Comments (0)
RSS Feeds