By Dan Goodin in San Francisco
24th October 2008
A day after Microsoft released an emergency patch for a critical flaw
that could allow self-replicating attacks, researchers have identified a
nasty trojan that attempts to exploit the vulnerability.
Variants of the data-stealing trojan known by names including Gimmiv.A
and Spy-Agent.da have morphed over the past few weeks to exploit a major
weakness in virtually all versions of the Windows operating system. If
successful, the exploit could transform the malware into a virulent worm
that allows a single infected machine to contaminate any other
vulnerable machine over a local network without requiring any
interaction on the part of the end users.
At the moment, the part of the trojan that exploits the weakness in the
Windows server service isn't especially reliable, researchers said. It
generally succeeds only when code custom-built for a specific version
and language of the OS encounters its intended target. But the limited
success has prompted security experts to take seriously Microsoft's
warning that the vulnerability is wormable.
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!