Microsoft patch MS06-040

 

This weekend attackers launched malware against the Windows flaw Microsoft addressed last week in its MS06-040 patch (please previous advisory for description). Security experts sent out warnings Sunday urging enterprises and consumers alike to speed up their patching schedules in response.

 

A Microsoft spokesman said in an email Sunday that the software giant activated its emergency response process following reports of the malware, which attackers are reportedly using to expand their IRC-controlled botnets. Cupertino, Calif.-based Symantec Corp. is calling the malware W32.Wargbot, while Tokyo-based Trend Micro is calling it WORM.IRCbot-JK and Santa Clara, Calif.-based McAfee Inc. has labeled it IRC-Mocbot!MS06-040.

When the malware infects a machine, it downloads a botnet program that then connects to IRC chat servers in China and elsewhere, allowing attackers to control the machine to do "whatever they want," including the ability to flood other systems with a distributed denial-of-service (DDoS) attack.

Even thought the State of RI is monitoring the above flow through the Intrusion Prevension Systems (TopLayer, State's IPS vendor) released the signature update for this flaw on Saturday, Aug 12 2006, Department of Homeland Security and RI DOIT Information Security Office recommends that agencies apply the August security updates as as quickly as possible.

Reference: http://www.dhs.gov/dhspublic/display?content=5789

 

 

See all DOIT InfoSec advisories at http://www.doit.ri.gov/security/advisories web site.