Hackers launch new attack on Windows-based computers
Security researchers detected hackers distributing software to break into computers using flaws announced last week in some versions of Microsoft’s Windows operating system.
The threat from this new vulnerability is remarkably similar to one that allowed the Blaster virus to infect hundreds of thousands of computers last month.
The discovery gives fresh impetus for tens of millions of Windows users - inside corporations and in their homes – to immediately apply a free repairing patch from Microsoft. US Homeland Security Department officials have warned that attacks could result in a “significant impact” on the operation of the Internet.
Researchers from iDefense Inc. of Reston, Virginia, who found the new attack software being distributed from a Chinese website, said it was already being used to break into vulnerable computers and implant eavesdropping programmes. They said yesterday that they expect widespread attacks similar to the Blaster infection within days.
“It’s fairly likely,” said Ken Dunham, a senior iDefense analyst. “Certainly we’ll see new variants in the next few hours or days.”
Microsoft confirmed it was studying the new attack tool.
Last month’s Blaster infection spread just days after hackers began distributing tools for breaking into Windows computers using a related software flaw. That infection disrupted computers at the Federal Reserve in Atlanta, Maryland’s motor vehicle agency and the Minnesota transportation department.
The latest Windows flaws, announced on September 10, were nearly identical to those exploited by the Blaster worm. Computer users who applied an earlier patch in July to protect themselves still must install the new patch from Microsoft, available from its website.
Amy Carroll, a director in Microsoft’s security business unit, said 63% more people have already downloaded the latest patch than downloaded the patch for last month’s similar vulnerability during the same five-day period.
“We’ve continued to beat the drum, to give people better awareness,” she said. “We have seen some success.”
The latest hacker tool was relatively polished. It gives hackers access to victims’ computers by creating a new account with the name “e” with a preset password. iDefense said the tool includes options to attack two Windows 2000 versions that are commonly used inside corporations.
The tool being distributed yesterday did not include an option to break into computers running Microsoft’s latest operating systems, such as Windows XP or Windows Server 2003, but iDefense said it expected such modifications to make it more dangerous.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
