New worm exploiting Microsoft vulnerability

Share this article:

A new worm, “Win32/Wecorl.A,” is actively exploiting the patched Microsoft Windows Server Service vulnerability, researchers said this week.

The malware is spreading slowly, however, and does not seem to have moved out of Asia.
The exploit is based on proof-of-concept binaries published online last week, according to an F-Secure blog.

The worm can spread without any user interaction and is able to search for computers to infect on its own, Patrik Runald, chief security adviser at F-Secure, told

Microsoft posted information on its Malware Protection Center Web portal about the worm, saying that is being used to download trojans that may be hosted on malicious websites.

Once the worm, which F-Secure refers to as “Exploit.Win32.MS08-067.g,”  infects a user's computer, it drops two malicious files onto the victim's PC, “Trojan-Dropper.Win32.Agent.yhi” and “Rootkit.Win32.KernelBot.dg” which carry out the exploit.

The worm has infected users in China and Taiwan, and the DDoS-bot attacks also have only impacted those regions, Runald said.

Last week, a different trojan called Gimmiv was discovered that also takes advantage of the same vulnerability, which was patched on Oct. 23, out of cycle to Microsoft's normally scheduled security update on the second Tuesday of the month.

The target of that trojan is confidential data from the infected user's PC, including login credentials for Outlook and Window's Live Messenger. Runald said he thinks the two exploits are unrelated.

The new exploit is troubling because worms have the potential of becoming a bigger problem by self replicating, he said. But Gimmiv is more harmful to the end-user because it attempts to steal sensitive information.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in News

Sign up to our newsletters


More in News

Millenials improve security habits, more interested in cyber careers, still need guidance

Millenials improve security habits, more interested in cyber ...

Raytheon's second annual survey on the online and security behavior of Millennials shows improvement but still a long way to go.

Pakistani man indicted over spyware app creation

Hammad Akbar created StealthGenie, which allowed the purchaser to secretly monitor a cell phone's communications.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.