Posted by Virus Bulletin on Sep 1, 2006
Vulnerability still causing problems.
There have been further reports of malware spreading using the MS06-040 vulnerability, announced and patched three weeks ago on Microsoft's latest 'Patch Tuesday'. Despite considerable activity involving the bug in the past few weeks, spikes of attacks are continuing, although not believed to be spreading widely.
Though many reports state only older Windows NT systems are affected by the latest generation of worms, some say Windows 2000 users may also be at risk. One worm, variously dubbed an 'SDbot' or a 'Randex', is reported by SANS to be using the vulnerability, among others, but is widely detected by AV software and can easily be kept at bay by blocking port 139. Symantec has also issued an alert for a 'Spybot' using the vector.
See the SANS report here, and Symantec's Spybot alert here. Read more on the latest fears here.
Posted on 1 September 2006 by Virus Bulletin
