The discovery on 5 August of the Autorooter Trojan (also known
as Troj/Autoroot-A) acts
as a timely reminder to IT administrators to ensure their systems
are patched against the latest security vulnerabilities.
At the time of writing Sophos has received no reports from
customers affected by the Trojan horse, but strongly recommends
that users put in place a Microsoft patch against the vulnerability it exploits as
well as updating their anti-virus software.
Sophos issued detailed advice on the
vulnerability and how system administrators and home users could
protect against it on 31 July 2003.
"Currently we have no reports of this Trojan horse in the wild,"
said Graham Cluley, senior technology consultant for Sophos.
"However, it is important that users patch their systems now to
ensure a future worm exploiting the same vulnerability is not
Sophos recommends that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.asp.
Other vendors offer similar services.