The New Microsoft Worm is Out Now subject logo: UNIX
2005-08-14
Posted by: badanov

The Internet Storm Center reports that a new worm has been found in the wild from an exploit discovered and patched just a few days ago by the Microsoft Corporation.

In fact, last night the ISC raised its warning level, which is rare enough, to yellow in expectation of this new worm being released in the wild.

The worm is win32 centric and affects Windows 2000 including SP4, and Windows XP without Service Pack 2. Because XP SP2 requires a valid log-on, it is not thought to be in danger from this new exploit, but security people at Microsoft urge XP users to apply the patch regardless.

According to several reports, the worm uses Unix socket 445 to spread, attacking vulnerable machines by setting up a ftp server, but using a higher (likely non-root ) port number. Port 445 is a port reserved by Microsoft for of its products for remote communications, known as rpc.

Once a machine is infected, it scans random network segments for more machines to infect.

The exploit uses a Plug and Play vulnerability.

Several MS patches were released only days before this worm was discovered, but this new worm, dubbed zotob by F-Secure, was considered the most serious.

If you have something to add, Fire Away!

Number of Comments so far: 0

Click here for a list of stories in the Unix and Computer category