Released on a security mailing list earlier this week, the program takes advantage of a flaw in Microsoft's Messenger Service to cause Windows-based computers to crash. The vulnerability affects almost every current Microsoft Windows system, leaving security experts concerned that independent hackers will quickly find a way to take control of a large number of computers by exploiting the flaw.
"I think we are going to see a repeat of the (MSBlast worm)," said Vincent Weafer, senior director of Symantec's antivirus research centre, referring to the program that spread across the Internet in August. The program used a similarly widespread Windows flaw to break through computers' security. "It took three weeks (for hackers) to figure out a working worm in that case."
Programs that illustrate how to take advantage of such holes are known as "exploit code" and are seemingly being developed faster, coming out soon after the first notification of a flaw, a recent study by Symantec found.
This isn't the first time the Windows Messenger feature has been the source of users' pain. Not to be confused with Microsoft's instant messaging services, the Messenger feature allows Windows applications to communicate and send data among themselves. The feature has already been exploited by some spammers to send messages directly to users' desktops.
The flaw that led to the MSBlast worm affected another Windows service, known as the distributed component object model (DCOM), which allows components of the operating system to communicate. The software is a fundamental piece of the operating system, so the flaw affected all versions of Windows.
Microsoft announced the latest flaw a week ago as one of several security problems it highlighted in its first monthly security update. At the time, the software giant said all the flaws could be exploited to create a worm. "All of the five critical (vulnerabilities) are, of course, critical, so that means they are wormable," Jeff Jones, senior director of Microsoft's security business unit, said last week.
On Monday, a researcher released source code to a security mailing list, showing how to crash a computer using the flaw. Because the issue affects so many computers, companies should patch the issue quickly, said Craig Schmugar, virus research engineer for Network Associates.
"The greater the number of vulnerable systems out there, the greater the concern," he said. "We definitely take the demo code seriously."
Information on how to protect your PC can be found here.
Talkback
why's nothing been mentioned about the viruses spread by MSN messenger? Had to buy a router box to protect my dads computer from them!
Good article but not clear what windows feature your talking about here. Is it the messenger service on a windows machine that allows small pop up messages to be sent to any windows terminal on a ntw? Anywhere I can read more about this?
And what about those zillions of Windows95/98 pc's out there with IE 5.5 Sp1, no patches, no info if they are vunerable, no solutions other then 'upgrade'. Its easy for MS to EOL ('forget') they're products but I simply find it shameless and totally unresponseble !
Do you ever read the feedback?
This article is nothing but useless hype about nothing without the details as to what weakness it refers to and a link to the relevant Microsoft web page.
There have been some many critical patches of recent how are supposed to know which one is referd to?