Internet worm exploits Windows vulnerability

A worm dubbed Win32/Conficker.A is making the rounds on Windows machines, exploiting a security hole that Microsoft released a patch for in October, Microsoft said on Wednesday.

The number of attacks have increased over the past couple of days, exploiting a critical vulnerability that was addressed by security update MS08-067.

The malware mostly was spreading inside corporations, but also hit several hundred home PCs, Microsoft said in a posting on the Microsoft Malware Protection Center Blog.

"It opens a random port between port 1024 and 10000 and acts like a Web server. It propagates to random computers on the network by exploiting MS08-067. Once the remote computer is exploited, that computer will download a copy of the worm via HTTP using the random port opened by the worm. The worm often uses a .JPG extension when copied over and then it is saved to the local system folder as a random named dll," the posting said.

"It is also interesting to note that the worm patches the vulnerable API in memory so the machine will not be vulnerable anymore. It is not that the malware authors care so much about the computer as they want to make sure that other malware will not take it over too," Microsoft said.

Most of the infections are in U.S. PCs, but there have been reports from Germany, Spain, France, Italy, Taiwan, Japan, Brazil, Turkey, China, Mexico, Canada, Argentina, and Chile. The worm avoids infecting Ukrainian computers, for some reason, Microsoft said.

Several bots, under the generic name Backdoor:Win32/IRCbot.BH, also are exploiting the security hole. They drop a backdoor Trojan that connects to an IRC server to receive commands.

[Mr. Dee]

The obligatory 'YAWN'. Another day, another Microsoft Windows vulnerability. The problem doesn't seem to be the Windows code itself, just TCP/IP aspects of the OS. Will we see similar news when Windows 7 is released? Yes.

[ncalishome]

"exploiting a security hole that Microsoft released a patch for in October" You mean will some IT departments still be lazy about patching their machines once Windows 7 is released?.. Yes

I agree. Well stated.

[MSSlayer]

More ignorance from Dee Dee Dee.

The TCP/IP implementation is part of the OS. It was written by MS.

[Penguinisto]

@Mr. Dee.... you do know that MSFT is responsible for the network stack in Windows, yes? That sort of makes it Windows code. ;)

/P

[Vegaman_Dan]

And note that this exploit is for a vulnerability that was patched over a month ago. Really, please do keep up with the times.

It's simple. Keep your system up to date and there is no issue.

That's a good point.

[Penguinisto]

The discussion centered on who owns the code, not how old/new it is. Do try to keep up - 'k? :)

[Vegaman_Dan]

Penguinisto wrote:

"The discussion centered on who owns the code, not how old/new it is. Do try to keep up - 'k? :) "

The discussions here appear to be about admins taking proper measures to protect their network by rolling out patches in a timely manner. There are dozens of comments about this in the discussion already - even YOU commented as such.

Here's the difference, Penguinisto- I *read* both the article and the discussion here before commenting. You may want to follow your own advice and... "do try to keep up."

Happy Thanksgiving.

[Penguinisto]

...yep, I commented as such, but you butted in with an offtopic reply to a thread that covered code ownership.

I reiterate what I wrote before in this thread. ;)

[Seaspray0]

@penguin. The "owner of the code" released a patch in October and you're complaining about them rather than the owner of the computer who should have kept up to date? Of course you are! That's because you're jelous that the OS you use didn't capture 90% of the market. What a whinny baby you are!

[Hugmup]

This isn't really newsworthy. It's the equivalent of an article entitled "The Sun Scheduled to Set in the West this Evening."

A headline like "Windows Invulnerable to New Internet Worm" would really be newsworthy.

[The_happy_switcher]

In today's other news of the obvious, Windows sucks and you should use a different OS, like OS X , LInux, etc.

I like Windows.

[ferretboy88]

I was just playing Fallout3 with my custom made pc. Can you do that with OS10 or Linux? Nope. Not at the same graphic display I can. My other hard drive has Fedora on it.

[Brian]

Yes, it is very obvious that more and more people are switching to the Mac.

Consumers everywhere are sick and tired of using a stone-age computer.

Some things will change, some things will never change.

Will you change by switching to the Mac?

[ferretboy88]

I like to be different and since Apple is taking over the world and everyone will look like clones I will use LInux.

[CrashPad63]

Apple has sent out more security patches for OSX than Xp and Vista. Vista of the three is the least vulnerable. No this tripe of Apple being less vulnerable is dated. So just go away with this tired old crap. Nobody believes it.

[dwinks]

What I don't understand is how ANYONE manages to STAY a upper-level IT/IS manager with crap like this. It seems like every place I worked not only wasted a crap-load of money for hardware and software/windows licenses, but they also "played it safe" and don't roll out MS updates until they have been "tested" for a few months. This is a prime example as to why all updates should be applied immediately, and when the occasional problem pops up, it can be dealt with then.

[Vegaman_Dan]

There was a time when you would want to wait for a bit before applying updates in an enterprise environment to make sure there wouldn't be any compatibility issues with other patches or software that you might have had on your system. Those days are long gone now and when the patch is released, it's already good to go at that point.

Sysadmins who delay are doing so mostly out of ignorance these days. And that sort of behavior will bite them.

[Penguinisto]

@Dan:

...of course, sometimes you have to wait for a custom/in-house software vendor to write a patch, so that the custom app/service will survive the OS patch. In the meanwhile you do workarounds on the affected systems as best you can.

Man - you help-desk folks really don't think things through much, do you?

[kenlms]

I guess some of you weren't workign in the IT business or have forgotten when microsoft released a certain service patch for Windows NT 4.0 that caused the OS to blue screen.

dwinks, I also assume that you've never have had corporate applications break after applying MS patches without testing.

[Vegaman_Dan]

Penguinisto wrote:

"...of course, sometimes you have to wait for a custom/in-house software vendor to write a patch, so that the custom app/service will survive the OS patch. In the meanwhile you do workarounds on the affected systems as best you can."

How long will you wait for? How incompetent are your in house developers? That becomes the question. Since the development process for the patches is one thaat those same vendors are involved in from the start, it becomes a question of how quick they are. If they aren't able to keep up, then you may need to find better people.

Are you familiar with how patches are created? The testing that goes on? The compatibility process? Your comments demonstrate a great deal of ignorance of the subject. I can't blame you for that however. If you don't know, then you don't know.

I do think things through. And if you did that too, you wouldn't have made such an ignorant post in the first place.

[SenorFrog]

@Vegaman_Dan: I'm not so sure that isn't part of the issue here. I've experienced several updates/patches that have broken something else. Maybe some of these sysadmins are in a position of damned if the do, damned if they don't, so they delay, hoping they won't get hit while they're testing.

[Penguinisto]

@Frog: I suspect that Dan only works help desk, which prevents him from seeing the larger picture.

It has nothing to do with competence on the part of the development teams or vendors - it has to do with their patch/test cycle, which is more often than not far longer than merely a month. I also suspect that he has no clue as to how patches are created, tested, then distributed, else he wouldn't have stood up and shouted about how vendors magically can patch complex products in far less time than it likely took Microsoft to write their own patch for the flaw.

Such is life, I guess...

/P

[Seaspray0]

@penguin. Go ahead. Try and tell me that a patch to linux has never broken anything. You're living in a world of swiss cheese linux programs that can break each other, much less with a patch thrown in. You're a hypocrite!

[Hugmup]

I work in a Microsoft shop. I have told coworkers, who are .NET developers, that I strongly recommend that they NOT buy a Mac, because they will like it and it will ruin Windows for them. (I say this with my MacBook Pro and my iPhone on my desk.) As a result, a lot of them come to me for help in connecting their iPhones to the Exchange server. And I've noticed in conversations that a lot of the ones who don't already use Ubuntu at home have started to use Macs.

[Dalmatian28]

Blog alert!!!!!!
Mr. Hugmup is trying to do some of the Apple's dirty work... go and recruit somewhere else man, let the people chose what ever they want to run...it is free country!!! Just because you pretend to be Microsoft Employee...you think people will NOT see through your BS. If you are frustrated that many companies will not write software for Mac because of the small market share...you can always emulate Windows haha. Darn French...they write the best design software on the planet ( CAD -CATIA) and yet it doesn't run on Mac ...how sad is that???? I own both Mac and Windows and...I can care less what others will run!!! It is free society....stop turning nice blogs like this into recruiting tools!!!

[NikEst]

Dude, calm down. It's probably true. I know people that work for MS that do or would rather own Macs. It's a job that pays, doesn't mean they drink the kool-aid. The bottom line is that no matter what OS you use, keep it updated.

[ferretboy88]

I use all three. I have Linux(Fedora, Ubuntu), windows(xp, Vista) and Apple(OS10.5).

[Vegaman_Dan]

Whatever works for you is the OS you should use. It's as simple as that.

[Dalmatian28]

hehe ...whaao what a coincidence!!! The worm will not infect Ukrainian computers and we all wander why!!!! What is this...computer program is being humanized and its mutations are totally unpredictable!
Come on...the stupid program is doing exactly what was designed to do!!! If hits everyone else but computers with IP addresses linked to Ukraine... there is peace of code that is making sure of that!!!
I would bet my last dollar that the writer of this worm is sitting somewhere in Ukraine and counting money right now!!! I am impressed with level of sophistication that this worm has...I hate to say it but this guy is good!!!!!

[Dalmatian28]

Blog alert!!!!!!
Mr. Hugmup is trying to do some of the Apple's dirty work... go and recruit somewhere else man, let the people chose what ever they want to run...it is free country!!! Just because you pretend to be Microsoft Employee...you think people will NOT see through your BS. If you are frustrated that many companies will not write software for Mac because of the small market share...you can always emulate Windows haha. Darn French...they write the best design software on the planet ( CAD -CATIA) and yet it doesn't run on Mac ...how sad is that???? I own both Mac and Windows and...I can care less what others will run!!! It is free society....stop turning nice blogs like this into recruiting tools!!!

[MSSlayer]

Here is yet another example of a Windows flaw that requires no assistance from the hapless user.

This is why Windows is so crappy. It gets raped and the user doesn't even know about it.

[Seaspray0]

Yet another example of someone who doesn't know what they're talking about. This was patched over a month ago. Since automatic updates is on by default, it DOES require an action on the users part... turning off the updates. Otherwise, the computer would have already been patched AUTOMATICALLY and never infected. Take your crappy posts elsewhere, slayer.

[Brian]

It's time for Microsoft to admit defeat and funnel resources towards building apps for Linux and Apple.

Microsoft can do its customers a favor and help them migrate over to either Ubuntu or OS X.

Goodbye Windows, R.I.P.

[burny420]

MS isn't going anywhere, and mac is a joke for emo kids college kids with too much of their parents money. Windows will run 90%+ of all pcs until the end of us, and there isn't anything wrong with that. Its their own damn faults that they get infected with this stuff in the first place, I've had that patch since day one, along with any other self respecting pc user.
<br />
<br />Mark my words: By the year 2015 protecting your pc will be a law, like having car insurence. Idiots that know nothing about computers, that don't update their os, or even have secruity software installed should have their pc's revoked. They do billions of dollars in damage to our economy every year and drive up prices in general for the rest of us. Either require these morons to fix their pc and learn to use it right. (make them get a license) or just take it away.
</p><p>
[Content edited to remove personal attack.]

[Seaspray0]

Yep, Brian. A company that sells more operating systems than anyone else should admit defeat to one that has less than 1% of the market and another that has less than 10%. That 90% market share just doesn't cut the mustard, let alone all the other business applications where they dominate.

R I P, brian.

[Brian]

In response to Seaspreay0:

Apple has much more market share now (I will not speculate percentage numbers here, it would not be accurate to do so).

Since many Apple customers dual boot into Windows on their Macs (including universities and many other businesses including small enterprise) means that while Apple is gaining ground, the dual boot means that Microsoft will continue to do well in the Operating System business, but has lost allot of ground in certain demographic markets.

Ubuntu may be gaining market share as some PC manufacturers are selling PC systems running Ubuntu as opposed to Windows.

While no operating system is perfect (Windows, OS X and Ubuntu), you take certain risks, hence why the dual boot option on the Apple platform is not just a trend here, but more importantly a strategy.

My prediction for 2009 is for Google to release an operating system for desktop and notebook computers.

[pctec100]

I hope my PII isn't held by any of these companies that are not patching their systems, running A/V and firewalling their client systems to prevent this sort of thing. Really, it's been over a month and a half since that patch was released. There is no excuse for such irresponsible business practices on the part of the companies impacted by this.