Virus Builds Botnet by Exploiting Security Flaw in Microsoft Software
According to a statement given by researchers at Trend Micro, a security company, during the 1st week of December 2008, a computer virus dubbed "W32.Downadup" that exploits a patched vulnerability in MWSS (Microsoft's Windows Server Service) is the prime component in developing a botnet.
In fact, the creator of W32.Downadup would be in a position to write a malware that helps in building rather formidable botnets.
The security researchers at Trend Micro said that this worm has infected nearly 500,000 distinct host PCs all over the world. In a statement, Research Project Manager Ivan Macalintal at Trend Micro said that this was due to the characteristic behavior of the virus, as reported by SCMagazine on December 2, 2008.
According to Macalintal, the new virus is a threat facing the whole world, with a huge potential to cause widespread damage, as reported by ComputerWorld on December 1, 2008. Macalintal further said that he expects the botnet to grow bigger from where more variants would emerge.
Moreover, Trend Micro has identified infected IP addresses on the ISP networks in China, India, the US, Latin America, Europe and the Middle East.
Security specialists said that the malware first appeared during the end week of November 2008, and since then, it has been spreading vigorously just before Thanksgiving.
In addition, it appears that a new gang of cyber criminals is building the botnet. This gang is not any of those who lost command and control of their zombie PCs when a California hosting company McColo Corp., went offline.
Moreover, security specialists warned that the botnet along with its large volume of spam messages are not likely to subside anytime soon. Therefore, it is important that computer users deploy effective anti-virus applications. In addition, Microsoft has recommended that computer users immediately install the available update for the vulnerable software.
Meanwhile, security experts of many companies, including Trend Micro, are coordinating to equip ISPs with lists of PCs infected with the virus, and asking them to notify those PCs' owners for removing the malware from their systems.
Related article: Virus Infects Through USB Drives
» SPAMfighter News - 18-12-2008