Redmond (WA) – Microsoft is warning users about a new wave of malicious attacks that
aim to exploit a vulnerability that was outlined in the firm’s security
bulletin MS08-067 . If you haven’t patched your PC yet, it is a good
idea to do so asap, the company advises.
Microsoft said that there is another “wave” of exploits coming your way, in addition to more than 50 that have been identified last week. And while initial attacks were mostly targeted at specific systems, there appear to be more general attacks in the wild now. Microsoft stated that the malware was detected as Worm:Win32/Conficker.A.
According to the company, this worm mostly spreads within corporations, but also was reported by several hundred home users. It opens a random port between port 1024 and 10000 and acts like a web server. Once the remote computer is exploited, that computer downloads a copy of the worm via HTTP using the random port opened by the worm. The worm often uses a .JPG extension when copied over and then it is saved to the local system folder as a random named dll file, Microsoft said.
Interestingly enough, the malware also patches the vulnerable API in memory so the machine will not be vulnerable anymore. The purpose of this move? Simple: The patch makes sure the system cannot be taken over by any other malware.
Microsoft said that most reports about infections come from users in the United States, but we also received reports from other countries/regions such as Germany, Spain, France, Italy, Taiwan, Japan, Brazil, Turkey, China, Mexico, Canada, Argentina and Chile. We leave it up to you to conclude why the worm “avoids” infecting Ukrainian computers and why Microsoft has not received reports from that country.