IT Management Begins With Security
SecurityProNews > News > Security News > Worm Spreads In China Via New Vulnerability In Windows
Search:
[ news_security_news ]

Worm Spreads In China Via New Vulnerability In Windows



Btv Raj
Contributing Writer
2006-08-22

SecurityProNews: News RSS Feed Security News RSS Feed


It's become real. The much feared mass-level attack of the Backdoor-Worm Win32.IRCBot.st is underway in China, affecting thousands using Shanghai Telecom's broadband services since the worm's outbreak on Tuesday evening, inform Security Experts at MicroWorld Technologies.

Known as 'Worm.Mocbot' or 'Devil Wave' in Chinese media, this worm is a variant of 'IRCBot.st' that exploits vulnerability-MS06-040 in order to spread swift and wide in large networks, targeting Windows 2000, XP and 2003 versions. According to Chinese agencies, the worm's proliferation seems to have been perpetrated by malware writers in Shanghai University, though it's now spilling out of the commercial capital of China, to spread fast in other Chinese cities as well.

As MicroWorld Technologies informed earlier, "Win32.IRCBot.st" is a PE executable packed with MEW. It appears as "wgareg.exe" in the Windows System folder with a description "Windows Genuine Advantage Registration Service". IRCBot.st uses the AOL Instant Messenger for its external mode of spreading routine.

Once inside the system, the Backdoor stops the computer's access to the Internet, changes Windows Security settings, turns off firewall and AntiVirus and connects to the remote attacker via IRC channels. In networks, this Backdoor sends out the exploit to infect vulnerable machines, explaining why so many users in China were affected in so less time.

"It's ironic that 'Win32.IRCBot.st' has been invented to exploit an earlier vulnerability in Windows Plug-n-Play Service, tagged as MS05-039," says Sunil Kripalani, Vice President, Global Sales and Marketing, MicroWorld Technologies. "Without much change in code, the Backdoor-worm now trains its guns on MS06-040. While our customers are well safeguarded against this worm, we strongly urge everyone to update their Windows systems with the latest security patches from Microsoft as there's an imminent possibility of fresher exploits targeting the critical vulnerability."

MS06-040 is a Server Service vulnerability that facilitates remote code execution in network computers, while the said Service listens on TCP ports 139 and 445. Now, one can effectively employ the 'eConceal' Firewall from MicroWorld Technologies to safeguard these ports and provide another layer of threat protection, reminds Sunil Kripalani.

Rated as Critical, MS06-040 has even prompted the US Homeland Security to issue a warning, while exploits are already out on the web. To download security patches for Windows, one can log on to http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx.

MicroWorld

MicroWorld (www.mwti.net ) is the developer of the world's first Real-Time Anti-Virus and Content Security software eScan for desktops and servers. Its communication security software, MailScan is the first comprehensive e-mail scanner for your SMTP/POP3 Mail Server. MicroWorld Winsock Layer (MWL) is the revolutionary technology underlying these products, powering them to several certifications and awards by some of the most prestigious testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red Hat Ready, and Novell Ready. Combining their powerful scanner with MWL technology, MicroWorld solutions provide a Real-Time Proactive security for your systems. For network security of enterprises, eConceal Firewall is the latest powerful offering from MicroWorld. To learn more, kindly visit http://www.mwti.net.

Get all the updates in RSS:


About the Author:
To learn more, kindly visit http://www.mwti.net.

Btv Raj is the Content Writer and Creative Visualizer, MicroWorld Technologies.

More news_security_news Articles

SecurityProNews: News RSS Feed Security News RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2008 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds