Australian IT JOBS : Sydney IT jobs, UNIX jobs, Linux jobs, Java jobs, ASP jobs Linux.conf.au Linux.conf.au
Technology news and Jobs arrow Information Technology News arrow Worm spreads via zero day Microsoft DNS vulnerability
Worm spreads via zero day Microsoft DNS vulnerability PDF Print E-mail
Written by Stan Beer   
Wednesday, 18 April 2007
It security specialist Sophos has warned businesses of a worm that is exploiting an unpatched zero day vulnerability in Microsoft's software. The W32/Delbot-AI worm (also known as Nirbot or Rinbot) is taking advantage of a vulnerability in the way Microsoft Windows DNS Server's Remote Procedure Call (RPC) interface has been implemented. The hackers' worm has been able to exploit the flaw by sending a crafted RPC packet to vulnerable PCs.

If the worm successfully infects a PC it allows hackers to gain access over the computer, giving them the ability to control what it does and steal information from the unsuspecting user.

"This flaw in Microsoft's code has only been known about for a handful of days, and already there is a worm which is taking advantage of the problem in its attempt to infect as many PCs as possible. Time and time again hackers are forcing companies like Microsoft to scrabble around to develop, test and roll-out a software patch," said Graham Cluley, senior technology consultant for Sophos. "Businesses should ensure that their computers are properly configured, and protected with up-to-date anti-virus software, hardened firewalls and patches."

The worm can also exploit a vulnerability present in Symantec's anti-virus product line, which was patched a year ago.

Microsoft has published an advisory on its website giving guidance to companies who may be affected by the flaw in its software.

The news of the worm comes a week after Microsoft patched a series of other critical vulnerabilities in its software.

"The computer underground appear to be revelling in waiting until Microsoft has released its monthly batch of patches, before unleashing their latest attacks," continued Cluley. "It's not just businesses who are being affected by this, Microsoft will not be enjoying having the security of their software brought into question again."

Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.{moscomment}

Tags See All Tags


Software  Stan Beer  security 

Get stories like this delivered daily - FREE - subscribe now
When you subscribe get a 12 months license for LiveProject
Valued at $99 USD


LiveWire - Desktop alerts Download the FREE iTWire desktop alert widget LiveWire - Desktop alerts


Del.icio.us!
 
< Prev   Next >
JobsWire Technology Jobs in Sydney
Active Directory  Apache  Software Architect  C#  C++  Cisco  Citrix Cognos  Coldfusion  CRM  Crystal Reports  Software Development  ERP  HTML  IBM  IT Infrastructure  ITIL  J2EE  Java  LAN/WAN  Linux  Lotus Notes  MS Project  .NET  Oracle  SDLC  SQL  IT Support  IT Training  UAT  UML  Unix  XML
JobWire - IT Jobs
Contact , Register , Advertise with iTWire , Links , Register , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging
Industry Releases , Submit your release now , Start submitting to iTWire , How to post video