Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Worm Adds MS06-040 To Four-Bug Attack Kit

A network-aware worm that's added the MS06-040 vulnerability to its bag of exploitable bugs is on the make, Symantec said Tuesday.

Dubbed "Randex.gel," the worm opens a back door on any compromised computer, then tells the system to listen for additional commands over an IRC (Internet Rely Chat) channel.

"It looks like it's a derivative of other Randex variants," said Oliver Friedrichs, director of Symantec's security response group. "But it's added the MS06-040 vulnerability."

Earlier variations of the Randex worm clan exploited other patched flaws in Windows, including three fixed by MS04-007, MS05-017, and MS05-039. The last of those, a patch that quashed a bug in Windows' Plug and Play service, was used by the Zotob worm to hammer enterprises, in particular media companies, in 2005.

Randex.gel adds the vulnerability in the Windows Server service that Microsoft patched Aug. 8 to the three-some. "It's usually just hours before [attacks] plug in new exploit code to existing worms to build something new," said Friedrichs. The exploit in Randex.gel appears to be identical, or if not, very similar to the code released two weeks ago by HD Moore of Metasploit.

  • 1