[<prev] [next>] [day] [month] [year] [list]
Message-ID: <B228229EDB49D411B1CB0008C7F7E981018C66E3@PA-EXCHANGE>
From: jkarp at visionael.com (Josh Karp)
Subject: whoch DCOM exploit code are they speaking about here?
http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2003/09/16/nati
onal1842EDT0790.DTL
<http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2003/09/16/nat
ional1842EDT0790.DTL>
Security researchers on Tuesday detected hackers distributing software to
break into computers using flaws announced last week in some versions of
Microsoft Corp.'s Windows operating system.
The threat from this new vulnerability -- which already has drawn stern
warnings from the Homeland Security Department -- is remarkably similar to
one that allowed the Blaster virus to infect hundreds of thousands of
computers last month.
The discovery gives fresh impetus for tens of millions of Windows users --
inside corporations and in their homes -- to immediately apply a free
repairing patch from Microsoft. Homeland Security officials have warned that
attacks could result in a "significant impact" on the operation of the
Internet.
Researchers from iDefense Inc. of Reston, Va., who found the new attack
software being distributed from a Chinese Web site, said it was already
being used to break into vulnerable computers and implant eavesdropping
programs. They said they expect widespread attacks similar to the Blaster
infection within days.
"It's fairly likely," said Ken Dunham, a senior iDefense analyst. "Certainly
we'll see new variants in the next few hours or days."
Microsoft confirmed it was studying the new attack tool.
Last month's Blaster infection spread just days after hackers began
distributing tools for breaking into Windows computers using a related
software flaw. That infection disrupted computers at the Federal Reserve in
Atlanta, Maryland's motor vehicle agency and the Minnesota transportation
department.
The latest Windows flaws, announced Sept. 10, were nearly identical to those
exploited by the Blaster worm. Computer users who applied an earlier patch
in July to protect themselves still must install the new patch from
Microsoft, available from its Web site.
Amy Carroll, a director in Microsoft's security business unit, said 63
percent more people have already downloaded the latest patch than downloaded
the patch for last month's similar vulnerability during the same five-day
period.
"We've continued to beat the drum, to give people better awareness," Carroll
said. "We have seen some success."
The latest hacker tool was relatively polished. It gives hackers access to
victims' computers by creating a new account with the name "e" with a preset
password. iDefense said the tool includes options to attack two Windows 2000
versions that are commonly used inside corporations.
The tool being distributed Tuesday did not include an option to break into
computers running Microsoft's latest operating systems, such as Windows XP
or Windows Server 2003, but iDefense said it expected such modifications to
make it more dangerous.
On the Net:
Microsoft warning:
www.microsoft.com/security/security_bulletins/ms03-039.asp
<http://www.microsoft.com/security/security_bulletins/ms03-039.asp>
Homeland Security warning:
www.nipc.gov/warnings/advisories/2003/Advisory9102003.htm
<http://www.nipc.gov/warnings/advisories/2003/Advisory9102003.htm>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030916/a3564f46/attachment.html
Powered by blists - more mailing lists