The worms exploit a critical Microsoft security
vulnerability.
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned
computer users of malware that is exploiting a critical security
vulnerability in Microsoft software.
The W32/Cuebot-L and W32/Cuebot-M worms spread
via AOL instant messenger, exploiting the vulnerability described
in Microsoft's MS06-040 security
bulletin.
"Microsoft only issued a patch against the security hole used by
these worms in the last few days, and yet already malware is being
written that exploits this vulnerability to attack computer
systems. This is a real headache for Microsoft as they try and
reassure people that their operating system is becoming more
secure," said Graham
Cluley, senior technology consultant for Sophos. "There will be
many Windows computers that will not have been patched yet and may
be vulnerable to infection and compromise. We wouldn't be surprised
if more worms were released which exploited this security hole in
Microsoft's software. Everyone should act swiftly to ensure their
PCs are properly protected with anti-virus software, firewall
software and up-to-date security patches."
Once the Cuebot-L or Cuebot-M worms have infected a PC they turn
off the Windows firewall and open a backdoor, allowing remote
hackers to gain access and control over the computer.
Sophos advised
customers to patch against the latest security vulnerabilities
in Microsoft's software last week.
Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for
critical Microsoft security vulnerabilities.
Sophos suggests that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend companies protect their desktops
and servers with automatically updated
protection against viruses, spyware, and spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.