Exploit Looks For Unpatched Windows Servers
When both Microsoft and the government say patch your servers, you really shouldn't drag your feet.
Since issuing a patch for a serious vulnerability last Tuesday, a number of exploits have hit the Internet, hoping to take advantage of computers that have not yet been patched to close the vulnerability.
Bulletin MS06-040 is a buffer overflow exploit that allows for remote code execution vulnerability in the Server Service that could allow an attacker to take complete control of the affected system.
Patch Tuesday for August was August 8, and by August 12 the first exploit appeared. As is the case, every antivirus vendor has given it a different name. It's referred to by the names Win32/Graweg.B, IRC-Mocbot!MS06-040, W32.Wargbot and WORM_IRCBOT.JK.
This exploit is variant of a backdoor Trojan that installs itself on a system, modifies security settings, connects to an Internet Relay Chat server and starts listening for commands from a remote hacker, according to analysis from antivirus vendors.
The Microsoft Security Response Center (MSRC) describes the attack as "extremely targeted" and said it appears to be specifically targeted at Windows 2000 machines.