Botnet Herders Attack MS06-040 Worm Hole 112
Laljeetji writes "eweek reports that the first wave of malicious attacks against the MS06-040 vulnerability is underway, using malware that hijacks unpatched Windows machines for use in IRC-controlled botnets. The attacks, which started late Aug. 12, use a variant of a backdoor Trojan that installs itself on a system, modifies security settings, connects to a remote IRC (Internet Relay Chat) server and starts listening for commands from a remote hacker. On the MSRC blog, Microsoft is calling it a very small, targeted attack that does not (yet?) have an auto-spreading mechanism. LURHQ has a detailed analysis of the backdoor."
strange hadlines... (Score:3, Funny)
I really hope they reverse their shield polarity when attackign that wormhole, or it could trigger a tachyon cascade....
Whats gonna happen when Norton removes WGA? (Score:5, Funny)
This variant of mocbot copies itself to the system directory as wgareg.exe, and creates an NT service to run at startup called "Windows Genuine Advantage Registration Service". The description given to the service reads "Ensures that your copy of Microsoft Windows is genuine and registered. Stopping or disabling this service will result in system instability.", in an attempt to discourage users from stopping it from running.
Do we actually know which is the more malicious variant?
Re:IRC the weakpoint? (Score:3, Funny)
Could be (Score:3, Funny)
If you're running norton you've got bigger problems than this worm.
Is that true? I don't have any of these problems and would like to find out. Is there a Debian version of this Norton? What kinds of problems can I expect if I install it?
Re:A Solution... (Score:2, Funny)
Re:Blocking outgoing IRC ports effective? (Score:2, Funny)
Besides, why block IRC - IRC is so fun
Indeed, which is why some of us irc admins open up port 8080 so anyone has a fair chance at losing their job.