INDEPENDENT NEWS

Symantec discovers malicious code

By: Symantec
Published: Wed 28 Apr 2004 03:57 PM
Symantec discovers malicious code targeting Microsoft PCT vulnerability
Wed, 28 April 2004
Symantec has discovered malicious code that targets the Microsoft Windows Private Communications Transport Protocol (PCT) vulnerability. This vulnerability is present on unpatched Windows NT, 2000, XP and Windows Server 2003 systems.
The malicious code -- currently called backdoor.mipsiv -- opens ports on the victim's system, implements a denial-of-service attack against a third-party DNS server system and also receives command/control instructions via Internet Relay Chat (IRC) channels.
Symantec has detected attempts at compromising systems on our monitored global sensor network and has raised its ThreatCon Rating to Level 3 as a precautionary measure. Symantec Security Response experts are currently analyzing the heavily encrypted code and will provide more details as they become available. The team is also determining if the code is a worm or a bot. Bot -- short for roBot -- is a program used on the Internet that performs repetitive functions including searching for news or information.
"Symantec is currently analyzing automated sample code that takes advantage of the MS PCT vulnerability," said Vincent Weafer, senior director, Symantec Security Response. "We're seeing an increase in the number of exploits attempts and an increase in reconnaissance attacks through our DeepSight sensors and Managed Security Services devices . We highly encourage our customers to expedite their patching if they haven't already."
The Microsoft PCT vulnerability affects all IIS Web servers running Microsoft IIS with SSL enabled. Windows 2003 server is not vulnerable unless the PCT protocol has been enabled by the administrator. Users should install the patch immediately. If it is not possible, they can disable the PCT protocol in the registry. Additionally, vulnerability assessment and intrusion detection systems can be deployed to detect the presence of the vulnerability and/or the presence of the exploit. For more information about this vulnerability: http://securityresponse.symantec.com/avcenter/security/Content/10116.html.
ENDS

Next in Business, Science, and Tech

Business Canterbury Urges Council To Cut Costs, Not Ambition For City
By: Business Canterbury
The Business Canterbury submission addresses concerns over a 'rates hump' and the need for the Council to maintain affordability while managing cost pressures.
Wellington Airport On Track For Net Zero Emissions By 2028
By: Wellington Airport Limited
This progress is a highlight of the airport’s annual Kaitiakitanga report released today, outlining efforts to support the environment, people and communities.
ANZAC Gall Fly Release Promises Natural Solution To Weed Threat
By: Landcare Research
A Kiwi-Australian collaboration with a difference is underway this ANZAC Day week on Bikini Atoll in the Marshall Islands.
Auckland Rat Lovers Unite!
By: NZ Anti-Vivisection Society
On World Day for Animals in Labs, NZAVS is launching a new program to rehome rats bred or used for science with the University of Auckland.
$1.35 Million Grant To Study Lion-like Jumping Spiders
By: University of Canterbury
A University of Canterbury animal behaviour expert is part of a global team launching pioneering research into the predatory behaviour of jumping spiders.
Government Ends War On Farming
By: Federated Farmers
The changes to unworkable and expensive regulations mark the end of the war on farming, says Colin Hurst from Federated Farmers. Federated Farmers strongly believe that winter grazing, stock exclusion and on-farm biodiversity can be better managed through ...
View as: DESKTOP | MOBILE
Scoop Contact About Services Newsagent Login
Connect Submit News Social Media Scoop Network
Ethical Paywall Accredited Orgs. Licensing Terms of Use
© Scoop Media