Anti-virus vendor Symantec warns against a new worm that spreads through a serious, recently patched security hole inside Windows. Downadup.B, re: http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-123015-3826-99&tabid=1
This is a variant of the version first seen on Nov 23-rd and it made that the av vendor raised the Internet security alarm phase. The malware’s attack vector is the MS08-067 “worm-hole” for which Microsoft brought out an out-of-band patch recently:
Once actively running on a system the worm removes system restore points and disables the Windows Update service.
Then it searches for ADMIN$ shares for the local network and tries to perform brute-force dictionary attacks.
According to the ISC the worm is trying to infect as many systems as possible, but from to-morrow onwards it will download a newer version unto a number of websites.
Re: http://isc.sans.org/diary.html?storyid=5596
You two have this out of band patch, haven’t you, so you are protected anyway, what new variant or whatever it can not any longer use the exploit to infect you two, and while I have patched in time as well, it can not harm me either, comforting thought, not?
Yes my Windows machine has the patch. What I am referring to are all the unpatched systems, like the ones running XP SP0 or SP1. Im always amazed at the number of systems that are that far behind in updates.
