[ISN] Uptick in Windows attacks reported

From: InfoSec News (alerts@private)
Date: Fri Sep 01 2006 - 02:14:30 PDT


http://news.com.com/Uptick+in+Windows+attacks+reported/2100-7349_3-6111583.html

By Joris Evers
Staff Writer, CNET News.com
August 31, 2006

Several security experts are warning of increased cyberattacks targeting 
Windows PCs, but Microsoft says all is calm on the attack front.

The SANS Internet Storm Center, Symantec, McAfee and several other 
security companies are warning of a new worm that wriggles into Windows 
PCs by way of a security flaw for which Microsoft issued a patch with 
security bulletin MS06-040 on Aug. 8.

On Thursday, Symantec raised its ThreatCon to Level 2, which means an 
outbreak is expected. In an alert to customers, the Cupertino, 
Calif.-based company said it is seeing "ongoing and frequent attacks" 
that utilize the MS06-040 flaw. There are now six variants of malicious 
code that exploit the vulnerability, Symantec said.

"The potential impact of these threats is exaggerated due to reports of 
successful compromise of Windows NT systems, for which there is no patch 
available," Symantec said in its alert. Windows 2000 and Windows XP are 
also at risk, according to Symantec.

Symantec was joined in its alert by the other security watchers. The 
SANS Internet Storm Center, which monitors network threats, noted on its 
Web site that several people had reported increased malicious activity. 
Analysis of the threat, however, found that attacks should be 
"relatively easy to catch." Most antivirus software detects the bad 
code.

Microsoft, however, has not seen an increase in malicious activity 
associated with MS06-040, a security hole in a Windows component related 
to file and printer sharing.

"Microsoft has been watching diligently since the release of MS06-040 
for any increase in malicious activity...At this time we are not seeing 
an increase over the already existing limited attacks attempting to 
exploit that vulnerability," a Microsoft representative said in a 
statement Thursday.

Security tools from Microsoft and third parties offer protection against 
all current exploits of the flaw, according to Microsoft. Still, those 
users who have not yet applied the Aug. 8 update are encouraged to do so 
immediately, Microsoft said.

Malicious code that exploits the Windows hole has already led to 
significant growth in the number of hijacked PCs, CipherTrust said last 
week. The messaging-security company has seen a 23 percent growth in the 
total number of so-called zombie PCs it has detected and attributed that 
to the spread of Mocbot worm variants that exploit MS06-040.

If a PC is hijacked, SANS Internet Storm Center recommends completely 
erasing the hard drive and reinstalling the computer's operating system. 
"That sounds drastic...but it gets rid of the worm, gets rid of the 
botnet, and plus you have a brand new box," according to the ISC.


_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/



This archive was generated by hypermail 2.1.3 : Fri Sep 01 2006 - 02:29:04 PDT