The Security Response Center at Microsoft is warning of a worm that's attacking Windows and networks. The exploit was already patched in the latest Windows update. The worm malware has been reported by several hundred home users already.
By: Rob Adams
Published: Nov 27, 2008
Updated: Jul 1, 2009
Microsoft Corp's Security Response Center and McAfee Inc are warning Windows users of a worm that's exploiting an already patched bug. The patch was issued through Windows update about 11 days ago.
The worm, dubbed W32/Conficker.worm, is a malware that spreads within corporate networks. However, Microsoft said that several Windows home users have been infected.
The Windows worm opens a random port between 1024 and 1000. It then acts like a Web server and propagates to random computers on the network. The worm often uses a JPG extension when transferred from one computer to another via HTTP.
Once the Windows worm is copied, the name of the file is changed to a random file name with a DLL extension. It's usually saved in the local system folder on the user's PC.
There is also something entertaining about this worm. It actually patches the vulnerable API in memory so the user's PC will not be vulnerable anymore. In other words, it fixes a bug for the user.
However, before anyone thanks these malware authors for fixing a bug, they do this so that other competing malware will not take the machine over. It is also used to trick Windows update so that the real patch from Microsoft doesn't apply.
You can share this Microsoft news story with your friends or family from our Technology section. This article can be shared through e-mail or sent to online social Web sites including Twitter, Facebook, MySpace and others. You can choose from one of the options below.
You can catch all the latest news from us @Newsoxy on Twitter.
Get the latest on Hybrid Cars, SUVs, Trucks, and Minivans from our Hybrid Newsletter for free.
