MS08-067 Vulnerability Attracting Malware Families

The trio of researchers at Microsoft - Elda Dimakiling, Scott Wu and Francis Allan Tan Seng - analyzed MS08-067 related malware attacks in a presentation at the Virus Bulletin 2009 conference. They discovered that the gangs of cybercriminals continue to exploit the vulnerability to implant data-stealing trojans on vulnerable Windows systems, as reported by zdnet.com on September 23, 2009.

Security experts commented that even before the Conficker worm erupted, they identified three different malware groups, Gimmiv, Clort and Arpoc that exploited the flaw. These malware families adopted different techniques to exploit naïve netizens. Only the criminals behind Conficker were professional in approach.

However, besides Conficker, at least three malware families were there exploiting MS08-067 flaw to propagate. This included Neeris, which spread through IM programs, such as AOL Instant Messenger and Live Messenger.

Synigh is yet another malware family which spreads via Instant Messenger programs and has IRC backdoor functionalities.

Furthermore, various other backdoor Trojan groups, like Mocbot and IRCbot, have included MS08-067 abuse in their functionalities. It therefore proves that after more than a year since Microsoft patched the flaw, there are still considerable amount of vulnerable systems that offer a complete business model for malware distributors.

While explaining about the consequences, research team stated that one of the chief applications of the vulnerability in discussion is that it enables the malware to cause further damage by installing several other threats. These threats primarily include backdoors, spyware, trojans used to steal information, adware and scareware.

Malware authors can make huge bucks from this; for instance, they can sell important data stolen by means of malicious payload. Researchers further explained that as the number of such attacks is considerably high, even a small profit earned from each infected system gets exaggerated by the degree of its infection.

However the research team denied giving exact statistics on the current number of attacks, but according to a Conficker Working Group's spokesperson, around 5 Million Windows systems constitute the botnet at present, as reported by zdnet.com on September 23, 2009.

Finally, to conclude, security experts said that the industry is up in opposition to a highly professional and skilled malware gang.

Related article: Mac OS X Devoid of Malware, Vexing Experts

» SPAMfighter News - 10/14/2009