Infected PCs become part of a zombie network
Sophos, a world leader in IT security and control, has warned
businesses of a worm that is exploiting an unpatched zero day
vulnerability in Microsoft's software.
The W32/Delbot-AI worm (also
known as Nirbot or Rinbot) is taking advantage of a vulnerability
in the way Microsoft Windows DNS Server's Remote Procedure Call
(RPC) interface has been implemented. The hackers' worm has been
able to exploit the flaw by sending a crafted RPC packet to
vulnerable PCs.
If the worm successfully infects a PC it allows hackers to gain
access over the computer, giving them the ability to control what
it does and steal information from the unsuspecting user.
"This flaw in Microsoft's code has only been known about for a
handful of days, and already there is a worm which is taking
advantage of the problem in its attempt to infect as many PCs as
possible. Time and time again hackers are forcing companies like
Microsoft to scrabble around to develop, test and roll-out a
software patch," said Graham Cluley, senior
technology consultant for Sophos. "Businesses should ensure that
their computers are properly configured, and protected with
up-to-date anti-virus software, hardened firewalls and
patches."
The worm can also exploit a vulnerability present in Symantec's
anti-virus product line, which was patched a year ago.
Microsoft has published an advisory on its website giving
guidance to companies who may be affected by the flaw in its
software.
The news of the worm comes a week after Microsoft patched a
series of other critical
vulnerabilities in its software.
"The computer underground appear to be revelling in waiting
until Microsoft has released its monthly batch of patches, before
unleashing their latest attacks," continued Cluley. "It's not just
businesses who are being affected by this, but Microsoft will not
be enjoying having the security of their software brought into
question again."
Customers using Sophos anti-virus solutions have been
automatically updated to protect against the W32/Delbot-AI worm,
but are advised to consult Microsoft's knowledgebase article for
further information and roll out Microsoft's patch when it becomes
available.
Sophos suggests that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend that all organizations protect
their email with an integrated security
solution to thwart malware, spyware, hackers and spam
threats.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.