Cupertino, Calif.-based Symantec Corp. has dubbed the malware W32.Wargbot. Tokyo-based Trend Micro has named it WORM.IRCbot-JK and Santa Clara, Calif.-based McAfee Inc. IRC-Mocbot!MS06-040,
while Kaspersky is referring to it as Backdoor.Win32.IRCBot.st and Sophos W32/Cuebot, Microsoft labeling it as Backdoor:Win32/Graweg.
The malware is the nucleus of a wide spread attack targeting Windows vulnerability addressed with security bulletin MS06-040 by Microsoft on August 8, and the star of a warning from the Department of Homeland Security, that allows for multiple remote code execution and distributed denial of service attacks.
"At this time, the attack does not appear to be self replicating and only impacts computers running Windows 2000, which have not applied the MS06-040 security update," a Microsoft spokesman said, adding that the company has activated its emergency response process to counteract the malware epidemic that is expanding IRC-controlled botnets, "The Microsoft Security Response Center remains on high alert and continues to recommend that customers apply the August security updates."
"Automated botnet malware has been using [the MS06-040 flaw] to infect machines and then scan for new machines to infect," warned Marc Maiffret, chief hacking officer of Aliso Viejo, Calif.-based eEye Digital Security Inc., "If you have not installed the patch for MS06-040, then you're at risk and need to get a move on."
Find us on Google+
No user comments yet.
Be the first to express your opinion!
