Wormy bots exploiting Windows Server flaw


Network administrators noticed an increase this week in scans for Windows computers vulnerable to the Windows Server service flaw fixed by Microsoft last month.

The scans are due, at least in part, to a variant of the SDBot program also known as rBot and Randex that has been modified to use the Microsoft flaw and set to spread automatically. It took less than a week for underground programmers to modify their bot software to take advantage of the latest Windows flaw, described in security bulletin MS06-040.

Network administrators reported the increase in scans to port 139, which is one of the standard addresses used by Microsoft network applications, on mailing lists and to the SANS Institutes's Internet Storm Center. On Thursday, the ISC confirmed that it had received a copy of the bot software from an administrator whose machine had been infected. Wormy bots exploiting Windows Server flaw

Linked by shanmuga Saturday, 2nd September 2006 1:43AM