Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Dasher Squirms Through Patched Win2K Worm Hole

    By
    Ryan Naraine
    -
    December 16, 2005
    Share
    Facebook
    Twitter
    Linkedin

      More than two months after Microsoft Corp. issued a critical patch for a Windows 2000 worm hole, malicious hackers are successfully exploiting the vulnerability, confirming fears that patch deployment rates remain frighteningly low.

      The latest network worm attack, identified by anti-virus vendors as W32/Dasher, enters through a flaw in the Microsoft Windows Distributed Transaction Coordinator that was patched in the MS05-051 bulletin released in October.

      Over the last 48 hours, two variants of the worm have been seen scanning for vulnerable Windows 2000 systems through Port 1025.

      If the worm finds a system responding to the port scan, the worm sends an exploit payload that connects to a remote address to wait for instructions.

      The worm, which is clearly seeding botnets for malicious use, connects the infected machine to a server hosted in China and downloads two files, a copy of the worm itself and a keylogger, according to F-Secure Corp. researcher Jarkko Turkulainen.

      The Dasher keylogger hides itself with a rootkit driver and is capable of hijacking sensitive information from victims machines.

      News of the Dasher attack is hardly a surprise. On Patch Day in October, when the fix was released, officials in the MSRC (Microsoft Security Response Center) stressed that MS05-051 should be treated as a high-priority update because it put users at risk of a “remote, unauthenticated attack.”

      Referring to the recent Zotob attack against unpatched Windows 2000 machines, MSRC program manager Stephen Toulouse warned that the flaw presented “a similar attack vector that could have the same impact as [the Zotob worm].”

      “Its hard to predict what will happen, but this is one of those vulnerabilities that could be really dangerous, especially for customers running older versions of the operating system,” Toulouse said at the time.

      “If youre running Windows 2000, you want to apply this update as fast as possible. The concern is that we could be looking at another Zotob, because the attack vector is the same.”

      Two months later, it appears that Toulouses fears have been confirmed by Dasher.

      Shane Coursen, senior technical consultant at Kaspersky Labs U.S. unit, said the early success of Dasher proves that tardy deployment of patches presents a problem.

      “Weve known for the last year that the time between the release of the patch and the creation of an exploit has been getting shorter and shorter, but, at the same time, its taking longer for customers to apply patches,” Coursen said in an interview.

      /zimages/6/28571.gifClick here to read more about botnet attacks carried by a Trojan virus.

      “This attack doesnt surprise me at all because, for a variety of reasons, Windows users are not applying the updates. I dont want to say its irresponsible for customers to take two months to apply a patch because businesses need to test patches properly but, for critical patches that are wormable, theres a certain urgency thats needed,” Coursen added.

      Sunil James, security manager at Arbor Networks Inc.s Security Engineering Response Team, said businesses need to quicken the pace of patch testing and deployment, because network worms like Zotob and Dasher are using the victimized machines in the attack.

      /zimages/6/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

      “We know that these kinds of high-profile vulnerabilities are leading to worms and the payloads are becoming more and more dangerous,” James said, arguing that concerns about patch quality should not be an excuse to leave networks wide open to attacks that require no user action.

      Andrew Jaquith, senior analyst with Yankee Group Research Inc., said some enterprises still make poor choices when it comes to security. “I hear the mantra all the time, Its running just fine so dont touch it. The problem is that its running fine in an unpatched state and is wide open to these types of attacks.”

      /zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×