The worm takes over office networks by exploiting a Microsoft flaw
Experts at security company Trend Micro have warned of a new worm that spreads by exploiting a known vulnerability in Windows.
The DOWNAD.A worm exploits the MS08-067 patch, which was released out of cycle after reports that the flaw was being exploited in the wild.
The vulnerability affects all currently supported versions of Windows and Windows Server.
"A few days ago, Trend Micro got wind of a .DLL worm detected as WORM_DOWNAD.A that exploits the MS08-067 vulnerability. Its routines have led our security analysts to postulate that it is a key component in the development of a new botnet," said the company.
"Initially thought to be working in conjunction with a Networm variant, WORM_DOWNAD.A is now believed to be an updated version of an attack from the same criminal botnet gang."
Fresh reports suggest that the threat has extended its reach around the globe. "More than 500,000 unique hosts have since been discovered to have fallen victim to this threat," said Trend Micro.
The worm spreads within other malware packages but, once activated, it takes over office networks by exploiting the Microsoft flaw on unpatched systems, allowing it to build up large numbers of infections quickly.
Trend Micro claimed that it has found cases of the worm in the US, China, India, the Middle East, Europe and Latin America, and that several home broadband networks have been infected.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Hit by Worm ?
I have twice in the last two
days had a Windows virus alert that started loading a
programe immediately I switched off. I then did comp
check and found 78 registry
entries in less than 4hr.
all now seems right.
Posted by W. Lamming, 05 Dec 2008