Antivirus software companies are warning customers about a new email worm that targets unpatched Microsoft Windows machines with either of two recently disclosed software vulnerabilities.
The new worm, known as both Plexus and Explet.A, was first detected last Wednesday and spreads by exploiting Windows machines with vulnerabilities used by two recent worms, Sasser and Blaster, according to alerts.
Network Associates' McAfee Antivirus Emergency Response Team and Symantec both said the new worm did not pose a serious threat, but issued software updates on Thursday to detect it.
Like Sasser, Plexus can exploit the recently disclosed hole in the Windows component called Local Security Authority Subsystem Service (LSASS) which Microsoft patched in April. Like the Blaster worm that appeared in August 2003, Plexus can also crawl through a hole in a Windows component called the Distributed Component Object Model (DCOM) interface, which handles messages sent using the RPC (remote procedure call) protocol. (See http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx and http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx.)
Plexus spreads in files attached to email messages with faked sender addresses and vague subjects such as "RE: order", "For you" and "Good offer". When users open the virus file, the worm is launched and alters the configuration of Windows so that the worm program runs each time Windows starts. It also scans the hard drive of infected computers, harvesting email addresses from a variety of files, including stored Web pages written in Hypertext Markup Language.
The worm then uses those email addresses to target other users, sending out a flood of messages using a built-in Simple Mail Transfer Protocol (SMTP) engine. It is also able to spread to other computers on a network using shared folders and the copies itself to the shared folder file on the KaZaa peer-to-peer network using a variety of file names, including Shrek_2.exe, playing on the popularity of the recently released animated film.
Antivirus companies recommended that Windows users who have not done so already apply software patches for the LSASS and DCOM and update their antivirus software to spot Plexus.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Vignette Announces 2008 Excellence Awards 2008-11-21 10:50:00+11
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 2008-11-20 17:34:00+11
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 2008-11-20 12:06:00+11
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 2008-11-20 12:04:00+11
AARNet Brings 4K Digital Cinema to Australia: First 4K HD Video Signal delivered into Australia by AARNet 2008-11-20 12:02:00+11
Still Sneaking In: The Threats Your Security Tools Aren't Telling You About
Web 2.0 applications are all the rage, offering us tremendous value when it comes to collaboration and communication. They also open us up to new kinds of attacks however, and can cause problems in keeping systems and data secure. Read on to learn about the new attack methods and how you can defend yourself and your business.
Buying Guides
Latest Products
