Vulnerability-MS06-040, one among the 23 security holes patched by Microsoft in its latest security bulletin on August 08, is highly critical and poses a direct and dire threat to computers on the Windows platform. Patch for this vulnerability is available at MS06-040 (http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx) on the Microsoft website.
Detroit, MI -- (ReleaseWire) -- 08/17/2006 --While some of the exploits aimed at the flaw is already available on the web and can be used by malware authors, MicroWorld’s Security Analyst informs a new backdoor variant named ‘Win32.IRCBot.st’ can attack the vulnerability in order to spread in networks.
“Win32.IRCBot.st” is a PE executable that’s packed with MEW. It appears as "wgareg.exe" in the Windows System folder with a description "Windows Genuine Advantage Registration Service". The backdoor changes the security settings of the computer, turns off firewall and connects to the remote attacker via IRC channels. While its first spreading routine is via the AOL Messenger, the second one uses MS06-040 vulnerability to infect remote computers. A hacker can scan for vulnerable IPS as the Backdoor sends out the exploit and infect the targeted machine.
“This is just one of the exploits aimed at the vulnerability in question, which can well be a curtain raiser for more attacks in days to come,” says Arti Taru, Assistant Manager, R&D, MicroWorld Technologies. “An exploit code pushed through Metasploit Framework can pave way for large scale Denial of Service attacks against unpatched computers. We strongly recommend users to update their Windows versions to prevent any further assaults through this security hole.”
The gravity of the situation can be estimated from the fact that the Department of Homeland Security of the US government has issued an unusual warning on this issue, which says “Windows users are encouraged to avoid delay in applying this security patch. Attempts to exploit vulnerabilities in operating systems routinely occur within 24 hours of the release of a security patch."
“Increasing incidents of Zero-Day attacks like these call for a high level of alertness and awareness from all computer users, home segment and Enterprises alike. While we at MicroWorld continue to insulate computers against every new Virus and Worm, it’s extremely important that users too patch their Operating Systems and other software swiftly, to shut the Window of opportunity on the face of the attackers,” affirms Govind Rammurthy, CEO, MicroWorld Technologies.
MicroWorld (www.mwti.net ) is the developer of the world's first Real-Time Anti-Virus and Content Security software eScan for desktops and servers. Its communication security software, MailScan is the first comprehensive e-mail scanner for your SMTP/POP3 Mail Server. MicroWorld Winsock Layer (MWL) is the revolutionary technology underlying these products, powering them to several certifications and awards by some of the most prestigious testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red Hat Ready, and Novell Ready. Combining their powerful scanner with MWL technology, MicroWorld solutions provide a Real-Time Proactive security for your systems. For network security of enterprises, eConceal Firewall is the latest powerful offering from MicroWorld.
To learn more, kindly visit http://www.mwti.net