back to article Selfish worm targets month-old Windows flaw

More than a month after Microsoft issued an emergency patch for a Windows vulnerability that allows for self-replicating exploits, researchers have spotted a wave of new attacks in the wild that target the critical flaw. Exploits of MS08-067 have been reported on and off since Microsoft issued the patch in late October, but …


This topic is closed for new posts.
  1. Stephen Vaughan
    Gates Halo

    wot no patch?

    perhaps the unpatched xp pc's did not "qualify" for an update patch from microsoft - not such a genuine advantage!

  2. J


    And this is news... how?

  3. Anonymous Coward
    Anonymous Coward

    The thing is

    the ones who don't patch will never read this :)

    The only solution is a computer licence, and quite frankly if you cannot write your own driver code, reverse engineer applications, you have no business being on the net - oh I can dream :)

  4. Jason Togneri
    Paris Hilton

    Missed opportunity

    "The worm is notable because once it takes hold of a machine it patches the vulnerability to prevent competing attackers from taking hold of the same valuable resource."

    You have to wonder why security companies don't just release their own self-replicating versions of the patcher. The blithering hordes of people with unpatched machines who let these things replicate could them also be used as a great way of spreading countermeasures: "Come to F-Secure and get yourself infected with a 'good' virus!"

    Actually, that's a pretty good biological analogy, taking the virus thing one step further.

    Paris 'cos most computer users these days are as clueless as she is.

  5. Ted Treen
    Thumb Down



    Unless you're a mechanic, no Driving Licence.....

    Unless you're a TV engineer, no telly/TV licence

    Unless you're a pilot and aeronautics engineer, no charter flight holidays.....

    Do I need to continue?

  6. Lee

    I see this news item being referenced sometime in 2010 the NHS and other government bodies are hit by it.

    Lovely :-D

  7. alzain




  8. Chris C

    Infection today - not sure what it is, though

    I got a call from a client today saying their internet was slow. Turns out someone managed to get infected on Monday (24 Nov) by vising .ru porn sites which redirected them to scan [dot] scannerantispyware [dot] com, which then redirected them to repeatedly download "/load/setup_351_6777_.exe" from files [dot] downloadproas2009 [dot] com. Looks like a rootkit because Task Manager and Process Explorer don't show any unusual processes, even though the system started DOSing two websites this morning (26 Nov). The two sites were hq-live [dot] net (DOS from 10:10:02 EST [GMT-5] to 10:55:04), and ruler-cash [dot] com (DOS from 11:10:15 EST to 13:26:56). It was still going with the DOS, but that's when I blocked all traffic to/from the system at the gateway firewall. It looks like the command-and-control site is laleila [dot] com ("/stop/getcfg.php").

    In light of this, the customer finally gave me approval to block all traffic to .ru domains. Not a silver bullet, but it should help.

  9. Anonymous Coward

    Why I have not patched

    I cannot patch my XP machine as everything now wants this WGA thing. If I want to patch, I am stuffed with Windows not working. If I don't, then I just hope for the best that two firewalls (software and Netgear router) and AVG will help.

    Once Microsoft removes the WGA, then I think it will be much better. WGA is the main reason for spambots and other hacks.

  10. Anonymous Coward

    @The thing is

    Re: "the ones who don't patch will never read this " Yes they will; I have forwarded the article to our version of "the ones" drawing attention to the last paragraph.

    We were attacked this week via our Japanese network. Most of our Asian and European sites were infected, but the septics had applied the patch so escaped.

    Worse, the fortune we pay to McAfee was wasted as the virus checker didn't pick up the problem at the time. Their update came out on Tuesday; we were infected on Monday.

  11. Ken Hagan Gold badge


    "The worm is notable because once it takes hold of a machine it patches the vulnerability to prevent competing attackers from taking hold of the same valuable resource."

    Is that notable? Since we're led to believe that most black hats "start* with the patches from Microsoft, and their *motive* is taking control of the machine, it would be quite "unprofessional" if malware didn't do the basic housekeeping step of closing the door behind it.

    In fact, if I were running the botnet, I'd sack the programmer responsible for endangering "company" "assets" in this way.

  12. Loki

    A new generation of virii?

    Maybe there is a new generation of virus writers out there, who getting fed up with all the vulnerabilities are now writing worms/viruses that patch the vulnerability. Maybe once done they leave helpful messages on your screen like:

    "M$ facked ur Windoze installz... we hax0red it and fix3d it for u. Our plezur, no thanx n33ded"

    Next thing will be that spam authors getting fed up with getting spam themselves will agree to put useful things in the title of the message like [SPAM - DELETE ME] so that it is easier for filters to sort.

    Its a strange world we live in....

  13. Anonymous Coward
    Anonymous Coward

    @Stephen Vaughan

    Security updates are exempt from the Genuine Advantage scheme.

    Home users should be running Windows with automatic updates turned on, which I believe is the standard configuration anyway. Enterprise IT departments should be updating their Windows machines regularly.

  14. Mike Groombridge

    @the thing is

    good god no

    "The only solution is a computer licence, and quite frankly if you cannot write your own driver code, reverse engineer applications, you have no business being on the net - oh I can dream :)"

    most of them are worse than the chav argueing on face book. cause coders are so smug all the time. i do think there should be layers to the internet with chavbook and other social sites should be on the bottom with wikipedia. then a layer with shopping sites athen progressive high for the more meaning ful and intelligent (elreg of course at the top) and you'd have to pass some sort of test to prove you deserve access to that layer.

  15. Anonymous Coward
    Anonymous Coward

    @Jason Togneri

    Releasing a virus to patch against a virus/worm would be just as illigal as releasing the virus/worm in the first place and what if it goes wrong? Seriously, if you install software yourself you can see if it works or not, then roll back if there is a problem, if someone covertly installs software on your machine potentially it could knacker a whole host of systems that it could never be tested against and you've got no way of knowing what those machines do.

  16. Anonymous Coward
    Paris Hilton

    @Stephen VAughan

    Why run AU all the time? It just hogs resources and needlessly calls home telling M$ your credit card numbers, which sites you visit etc.

    For these kind of attacks just tell your family/staff that if you do go to p0rn sites that if you see pop-ups/adverts saying you can get a free scan to ignore them and concentrait on the p0rn - you don't go to these sites for intellectual stimulus so don't try and think !!

    Paris - seems to be on m any sites I goto !!!!

  17. Pierre

    Internet layers

    "you'd have to pass some sort of test to prove you deserve access to that layer."

    No way. Just imagine what the test would be to access the pr0n layer. Eww.

    Mine's the Ultraviolet one.

  18. Jamie Kephalas
    Thumb Up


    Too right!

    "Exploits of MS08-067 have been reported" - Sounds like something from a bad hollywood zombie movie...

  19. Anonymous Coward
    Anonymous Coward

    The thing is

    @The thing is

    By Anonymous Coward Posted Thursday 27th November 2008 02:36 GMT

    Dose this mean that you can reverse engineer the car that you drive ,assuming that you are old enough to drive that is,and write new engine management software.If only

  20. Anonymous Coward
    Anonymous Coward

    @Ted Treen, AC0236

    Knowing how to properly administer and even program a computer is not like being a mechanic. It's far more like being the driver. Administering and programming computers is all just part of operating them. Knowing nothing about these subjects and expecting to get away with using a computer isn't the same as driving without knowing how to rewrite your engine management software, it's like driving without knowing traffic laws, or what your mirrors are for.

    Maybe it's too hard for most people still, but this is a technology in its infancy. I hear the Model T was a bastard to drive as well, and when it was brought to the masses a lot of people were killed and injured. If you think learning how to secure your computer (and protect others from it) is too hard, maybe you should just sell it and get something less powerful, complicated and dangerous, like a TV or a games console.

  21. Loki
    Paris Hilton

    Why i dont patch....

    Because i'm on dial up you insensitive clods :-(

    Last time i tried i took one look at the download size for just the critical patches and gave up.

    Hence the dual boot to linux which means i can surf for smut without worrying about being rooted... sure, they may be able to mess with my login (assuming they even have code it place to handle linux) but they would probably have to be very very good to actually get root access (unless im hit by a keylogger and subsequently do a sudo.....).

    On the subject of layers and porn, i dont think we have any worries. Porn will be available at all levels. 99% of the internet is porn... where would it be without it? Hell, my introduction to the fledgling internet via the early university JANET network was downloading pics of Cindy Crawford in swimwear.... (which is what passed for hardcore back in the old days, before the wheel was invented).

This topic is closed for new posts.

Other stories you might like