Dasher worm on the prowl


The Dasher.b worm attacking Windows machines still vulnerable to a bug patched in October has infected at least 3000 systems so far, security company Symantec said Friday. Dasher.b the first worm to successfully attack the MSDTC flaw disclosed and patched 11 October was detected Thursday by honeypot PCs, with several security vendors rushing out alerts that same day.

According to Symantec, once Dasher.b has infected a PC, it first contacts a central command and control server located at IP address 222.240.219.143. In turn, that server then via TCP tells the compromised computer to download a malicious payload from a remote FTP server at 159.226.153.2


Source: Dasher worm on the prowl - Security - www.itnews.com.au

Linked by shanmuga Monday, 19th December 2005 6:33AM