Security news
Security news17 April 2007
Worm spreads via zero day Microsoft DNS vulnerability Hackers attack unpatched flaw in Microsoft code to penetrate business servers
Infected PCs become part of a zombie network
Sophos, a world leader in IT security and control, has warned businesses of a worm that is exploiting an unpatched zero day vulnerability in Microsoft's software.
The W32/Delbot-AI worm (also known as Nirbot or Rinbot) is taking advantage of a vulnerability in the way Microsoft Windows DNS Server's Remote Procedure Call (RPC) interface has been implemented. The hackers' worm has been able to exploit the flaw by sending a crafted RPC packet to vulnerable PCs.
If the worm successfully infects a PC it allows hackers to gain access over the computer, giving them the ability to control what it does and steal information from the unsuspecting user.
"This flaw in Microsoft's code has only been known about for a handful of days, and already there is a worm which is taking advantage of the problem in its attempt to infect as many PCs as possible. Time and time again hackers are forcing companies like Microsoft to scrabble around to develop, test and roll-out a software patch," said Graham Cluley, senior technology consultant for Sophos. "Businesses should ensure that their computers are properly configured, and protected with up-to-date anti-virus software, hardened firewalls and patches."
The worm can also exploit a vulnerability present in Symantec's anti-virus product line, which was patched a year ago.
Microsoft has published an advisory on its website giving guidance to companies who may be affected by the flaw in its software.
The news of the worm comes a week after Microsoft patched a series of other critical vulnerabilities in its software.
"The computer underground appear to be revelling in waiting until Microsoft has released its monthly batch of patches, before unleashing their latest attacks," continued Cluley. "It's not just businesses who are being affected by this, but Microsoft will not be enjoying having the security of their software brought into question again."
Customers using Sophos anti-virus solutions have been automatically updated to protect against the W32/Delbot-AI worm, but are advised to consult Microsoft's knowledgebase article for further information and roll out Microsoft's patch when it becomes available.
Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend that all organizations protect their email with an integrated security solution to thwart malware, spyware, hackers and spam threats.
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
