By Stefanie Hoffman
Microsoft is warning users of a malicious Internet worm after detecting a wave of attacks exploiting a recent critical Windows security vulnerability.
The worm has the potential to infect other computers across a network by exploiting a critical vulnerability in the Windows Server service.
Microsoft released an emergency patch last month repairing the error. However, if successfully exploited, the vulnerability could enable remote attackers to execute arbitrary code via a malicious file that would allow them to completely take control of a user's PC.
Microsoft researchers first detected attacks exploiting the vulnerability last week. Since then, the number of successful exploits grew to significant levels over the weekend. Researchers reported in a blog that they noticed that the malware "gained momentum" over the last two days, when they saw a significant increase in support calls.
Specifically, the worm deletes any use-created System Restore points, and attempts to contact numerous sites, including those of Google, Yahoo and MSN, to obtain the current date, according to researchers at the SANS Institute. The worm then uses the date information to generate a list of domain names, which it then contacts in an attempt to download additional malicious files onto a user's affected computer.
The malware mostly spreads within businesses, however it has also been reported by individual home users, Microsoft said.
Unlike other exploits, the malware actually repairs an API vulnerability on users' unpatched computers.
"It is not that the malware authors care so much about the computer as they want to make sure that other malware will not take it over too," said Microsoft researchers in a blog post.
To avoid being affected, experts recommend customers to install the necessary update on their machines, which can be found on the MS Web site. |