Online vandals are using a program to compromise Windows servers and remotely control them through Internet relay chat (IRC) networks, system administrators said Saturday.
Several programs, including one that exploits a recent vulnerability in computers running Windows, have been cobbled together to create a remote attack tool. The tool takes commands from an attacker through the IRC networks and can scan for and compromise computers vulnerable to the recently discovered flaw in Windows.
Files left behind on a compromised server by the worm were posted to a security mailing list. Computer security company Symantec analyzed the files and determined that what was first thought to be a worm was actually an attack program.
"Based on our analysis, the threat does not appear to be a worm," said Oliver Friedrichs, senior manager for Symantec's security response team. "It doesn't go and try to spread." Friedrichs was in Las Vegas attending the Black Hat Briefings and DefCon hacking conferences.
|