Autorooter Trojan reminds users to patch against critical Microsoft vulnerability, says Sophos

The discovery on 5 August of the Autorooter Trojan (also known as Troj/Autoroot-A) acts as a timely reminder to IT administrators to ensure their systems are patched against the latest security vulnerabilities.

At the time of writing Sophos has received no reports from customers affected by the Trojan horse, but strongly recommends that users put in place a Microsoft patch against the vulnerability it exploits as well as updating their anti-virus software.

Sophos issued detailed advice on the vulnerability and how system administrators and home users could protect against it on 31 July 2003.

"Currently we have no reports of this Trojan horse in the wild," said Graham Cluley, senior technology consultant for Sophos. "However, it is important that users patch their systems now to ensure a future worm exploiting the same vulnerability is not successful."

Sophos recommends that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.asp. Other vendors offer similar services.