Another worm on the loose again..
Almost 12,000 Web servers have been infected by a new Internet worm that takes advantage of a security flaw in Microsoft software to deface sites, security experts said Wednesday. The worm could also help attackers identify infected computers and gain control of them. Known as the Code Red worm because of evidence that it may have been launched from China, the self-spreading program infects servers using unpatched versions of Microsoft's Internet Information Server software and defaces the Web sites hosted by the servers. |
The code is still being analyzed to see if it does any further damage. But the way the worm is written, it could allow online vandals to build a list of infected systems and later take control of them, said Marc Maiffret, chief hacking officer with eEye Digital Security.
"It is a very slick worm," Maiffret said. "Until all these people go out and patch their systems, it will keep going."
eEye found the vulnerability in Microsoft's software--the so-called index-server flaw--last month and reported it to the software giant, which acknowledged the flaw June 18 and posted a downloadable fix on its Web site. Microsoft urged people to patch the hole before the Internet underground could produce tools to take advantage of the estimated 6 million vulnerable systems.
"Obviously, not a lot of people patched it," Maiffret said. "Even with the press, a lot of people didn't hear about it."
Read the whole story Here
Source: Cnet
