Hackers target latest Windows fix
Hi-tech hackers have started to produce malicious programs that target the
latest bugs in Microsoft's Windows.
A worm has been spotted in the wild that tries to use vulnerabilities to hijack
home computers.
Any computer compromised by the worm will become part of a large botnet set up
to send out junk mail.
At the same time Microsoft is re-issuing a recent security patch which has made
the Internet Explorer browser crash on some computers.
On 8 August Microsoft released a bumper collection of security patches for 23
separate flaws in Windows and programs in the Office software suite.
One of the problems identified in the August update was deemed so serious that
the US Department of Homeland Security (DHS) issued a warning urging users
to download the patch and apply it as soon as possible. The DHS has a role in
securing America's critical infrastructure which includes the internet.
Now security companies have caught copies of a worm travelling the net that
tries to infect Windows machines via this loophole.
The Mocbot worm attacks machines running Windows 2000 or XP that only have
Service Pack 1 installed.
"As Microsoft only issued a patch against this vulnerability last week, many
Windows computers probably remain unpatched and vulnerable to these threats,"
said Carole Theriault, senior security consultant at Sophos in a statement.
Computer security firms have seen two variants of this worm circulating online.
Analysis by Joe Stewart at security firm Lurhq show that, once installed,
it tries to download a trojan known to act as a spam proxy.
These are networks of compromised machines that junk mailers have been forced
to use because so few net service firms will host companies that send out
millions of unwanted messages.
Microsoft said it would be re-issuing one of the security patches because, in
certain circumstances, it can cause the Internet Explorer browser to crash.
The problem occurs with the MS06-42 update which tried to fix eight separate
vulnerabilities in the IE browser.
Relatively few users are thought to be suffering from the clash between IE and
the security patches. Microsoft said it affected IE with Service Pack 1
installed
but only if visiting websites that use data compression and the widely used
version 1.1 of the HTTP web protocols.
Microsoft said it expected to have the new version of the MS06-42 update ready
by 22 August. However, a "hotfix" has been made available but Microsoft said
this should only be installed on those computers crashing because of the update.
http://news.bbc.co.uk/1/hi/technology/4797949.stm
Vikas Kapoor,
MSN ID:
[EMAIL PROTECTED]
Yahoo ID:
[EMAIL PROTECTED]
Skype ID: dl_vikas
Mobile: (+91) 9891098137.
To unsubscribe send a message to [EMAIL PROTECTED] with the subject unsubscribe.
To change your subscription to digest mode or make any other changes, please
visit the list home page at
http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in
