A team of security researchers have reported a new worm that exploits a known bug, which was supposed to be fixed in Microsoft’s emergency security patch that was released a couple of weeks back.
Codenamed as ‘Wecorl’ by Symantec, and ‘MS08-067.g’ by Microsoft and Kaspersky labs, the new worm is characteristically different from the Trojan horse that prompted the software giant to release emergency security patch on October 23.
Kevin Haley, a director with security response team from Symantec, said, “It may have come out of China”, as it seemed to target the Chinese language versions of Windows 2000.
The worm installs numerous malicious components on targeted PCs, which include a Trojan downloader and rootkit code to cover it from security applications, Haley reported.
Haley further notified that if the worm somehow intrudes into a Windows PC, it also attempts to attack all the systems on the same subnet.
Earlier, while releasing the out-of-cycle security patch, Microsoft claimed that “standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter”.
Addendum from Microsoft PR : Computer users, who have downloaded MS08-067 through Windows Update and Microsoft Update are protected from this Wecorl worm and any other attacks attempting to exploit the vulnerability. In addition, the Microsoft Malware Protection Center (MMPC)has added detections identifying this threat along with several others.