The Channel logo


By | John Leyden 16th December 2005 15:31

Dasher update pierces Windows flaw

Keylogger variant works second time

After an earlier unsuccessful attempt, Virus writers have created the first worm that successfully targets a critical Windows vulnerability (MS05-051) patched by Microsoft in October.

The Dasher-B worm exploits a vulnerability in Microsoft Windows Distributed Transaction Coordinator (MSDTC) to spread across vulnerable systems. Unpatched Windows 2000 computers are particularly at risk. If successful, the worm establishes a backdoor on vulnerable computers and opens up a link to a remote server for further instructions. The server instructs infected machines to download a copy of the worm itself and a keylogger, which hides itself on infected systems by using a rootkit driver. Windows users are strongly urged to apply the latest Microsoft security fixes to guard against attack.

The MS05-051 patch was the subject of early glitches, even after warnings that it was ripe for malware exploitation. "The worry is that the problems with the patch may have prevented it from being successfully rolled out onto some vulnerable computers," said Graham Cluley, senior technology consultant at anti-virus firm Sophos.

Success in spreading (albeit modestly) distinguishes Dasher-B from Dasher-A, samples of which were sent to anti-virus firms earlier this week. Coding mistakes in Dasher-A rendered it inert. ®

alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe