Worm Adds MS06-040 To Four-Bug Attack Kit - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:57 PM

Worm Adds MS06-040 To Four-Bug Attack Kit

The nasty "Randex.gel" worm opens a back door on any compromised computer and appears to be a derivative of other Randex variants, only with the MS06-040 vulnerability added.

A network-aware worm that's added the MS06-040 vulnerability to its bag of exploitable bugs is on the make, Symantec said Tuesday.

Dubbed "Randex.gel," the worm opens a back door on any compromised computer, then tells the system to listen for additional commands over an IRC (Internet Rely Chat) channel.

"It looks like it's a derivative of other Randex variants," said Oliver Friedrichs, director of Symantec's security response group. "But it's added the MS06-040 vulnerability."

Earlier variations of the Randex worm clan exploited other patched flaws in Windows, including three fixed by MS04-007, MS05-017, and MS05-039. The last of those, a patch that quashed a bug in Windows' Plug and Play service, was used by the Zotob worm to hammer enterprises, in particular media companies, in 2005.

Randex.gel adds the vulnerability in the Windows Server service that Microsoft patched Aug. 8 to the three-some. "It's usually just hours before [attacks] plug in new exploit code to existing worms to build something new," said Friedrichs. The exploit in Randex.gel appears to be identical, or if not, very similar to the code released two weeks ago by HD Moore of Metasploit.

The new Randex variant can spread in several different ways, Symantec's analysis reported, including via the MSN Messenger, AOL Instant Messenger, Yahoo Messenger, and ICQ instant messaging clients. It will also propagate through network shares and Microsoft SQL servers. If Randex.gel finds an SQL server, it will try to execute a job to infect any databases on the system.

In addition, the worm tries to steal account information when users of the eGold electronic payment system log onto the egold.com Web site.

But although Randex packs a punch, it's not the doomsday worm some were expecting after Microsoft patched the Server service with MS06-040.

"There are a good number of systems that have been infected [by MS06-040 exploits]," said Friedrichs. "But it's not reached epidemic proportions.

"For the most part, if you've taken an aggressive approach to patching, which has been much improved on the part of both businesses and consumers, the overall impact has been low."

Friedrichs also answered the general criticism that security companies and the media overplay potentially-harmful vulnerabilities, sometimes to the point of turning them into scares that end up all sizzle, no steak.

"What would happen if we didn't cry wolf?" he asked. "If we sat back, there's a good change that this might have played out to be more than it was," he argued.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Why 2021 May Turn Out to be a Great Year for Tech Startups
John Edwards, Technology Journalist & Author,  2/24/2021
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll