Dasher update pierces Windows flaw
PrintKeylogger variant works second time
Posted in Software & Security, 16th December 2005 15:31 GMT
Free whitepaper – What Exchange can't do - and Dell can
After an earlier unsuccessful attempt, Virus writers have created the first worm that successfully targets a critical Windows vulnerability (MS05-051) patched by Microsoft in October.
The Dasher-B worm exploits a vulnerability in Microsoft Windows Distributed Transaction Coordinator (MSDTC) to spread across vulnerable systems. Unpatched Windows 2000 computers are particularly at risk. If successful, the worm establishes a backdoor on vulnerable computers and opens up a link to a remote server for further instructions. The server instructs infected machines to download a copy of the worm itself and a keylogger, which hides itself on infected systems by using a rootkit driver. Windows users are strongly urged to apply the latest Microsoft security fixes to guard against attack.
The MS05-051 patch was the subject of early glitches, even after warnings that it was ripe for malware exploitation. "The worry is that the problems with the patch may have prevented it from being successfully rolled out onto some vulnerable computers," said Graham Cluley, senior technology consultant at anti-virus firm Sophos.
Success in spreading (albeit modestly) distinguishes Dasher-B from Dasher-A, samples of which were sent to anti-virus firms earlier this week. Coding mistakes in Dasher-A rendered it inert. ®
Free whitepaper – Straight Talk with Dell: Sending out an SaaS
Analyst Keynote: The Register Agile Data Center Summit
Managing desktop software for fun and profit
Enhancing retail operations with unified communications
Seven ways to lower storage costs
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs