Vulnerability still causing problems.
There have been further reports of malware spreading using the MS06-040 vulnerability, announced and patched three weeks ago on
Microsoft
‘s latest ‘Patch Tuesday’. Despite considerable activity involving the bug in the past few weeks, spikes of attacks are continuing, although not believed to be spreading widely.
Though many reports state only older
Windows NT
systems are affected by the latest generation of worms, some say
Windows 2000
users may also be at risk. One worm, variously dubbed an ‘SDbot’ or a ‘Randex’, is reported by
SANS
to be using the vulnerability, among others, but is widely detected by AV software and can easily be kept at bay by blocking port 139.
Symantec
has also issued an alert for a ‘Spybot’ using the vector.
See the
SANS
report
here
, and
Symantec
‘s Spybot alert
here
. Read more on the latest fears
here
.
Posted on 1 September 2006 by
Virus Bulletin
Leave a Reply