Our comments and trackback policy You Link We Follow, You Comment We Promote

A critical flaw in the October 2008 security patch, MS08-067, has been exploited by the Win32/ConfickerA worm.

The Microsoft Malware Protection Center Blog stated that the number of attacks have increased during the past week, mostly effecting corporations and users based in the U.S., Germany, Spain, France, Italy, Taiwan, Japan, Brazil, Turkey, China, Mexico, Canada, Argentina, and Chile. .

It opens a random port between port 1024 and 10000 and acts like a Web server. It propagates to random computers on the network by exploiting MS08-067. Once the remote computer is exploited, that computer will download a copy of the worm via HTTP using the random port opened by the worm. The worm often uses a .JPG extension when copied over and then it is saved to the local system folder as a random named dll, the posting said.

But there is a positive side to the malware itself, that it does not allow other malware to sneak-in while its there. Here’s Microsoft’s statement.

It is also interesting to note that the worm patches the vulnerable API in memory so the machine will not be vulnerable anymore. It is not that the malware authors care so much about the computer as they want to make sure that other malware will not take it over too.

I think the malware authors should definitely be hired by Microsoft quickly, at least they know how care for the users security!!!