DNS Exploit Used to Plant Backdoor on Windows Servers

By Scott M. Fulton, III | Published April 18, 2007, 6:58 PM

Security engineers are confirming that customers whose Windows servers were confirmed penetrated by a version of the recent DNS service exploit, were infected by any of three variants of backdoor worms identified by Sophos as W32/Delbot.

Sophos believes this to be a variant of the same worm that infected systems susceptible to vulnerabilities discovered in Symantec Anti-virus software late last year. In fact, versions of the worm that infect systems through the DNS service exploit are capable of spreading themselves via the Symantec exploit as well, along with other buffer overflow exploits.

The discovery is in indicator that the perpetrator may be more interested in identity theft and corporate electronic voyeurism than in disturbing the domain name system itself, as some sources earlier reported.

DNS services on Windows Server-based computers provide routing within company domains, not on the broader Internet.

In an update to its advisory today, Microsoft promised customers that something would be ready to address the DNS problem by May 8 -- the next Patch Tuesday -- although it wasn't explicit as to what that something was.

"We have teams around the world working on it twenty-four hours a day," reads the Security Response Center blog, "and hope to have updates no later than May 8, 2007 for the May monthly bulletin release." It went on to remind customers that the company has to write these updates in 133 languages, and tested independently.

Comments

View comments by with a score of at least

Or just don't allow RPC over the internet. Port 53 is not affected.

Score: 0

|

I can't fathom why someone would have RPC open to the world in the first place (other than being an idiot).

Score: 0

|

Internet facing only allow port 53.
What about all the internal AD DC servers?
Could be fun if the virus is unleashed on the internal network?

Score: 0

|

Its good to be on the greener side of the fence...

Score: 0

|

And I remind MS that probably 90% of their Windows Server machines are running the English version, so releasing the patch ASAP for English should be the highest priority, then later add support for the rest...

Score: 0

|

It's probable that they will if there are continued attacks.

Score: 0

|

PDC 2009: What have we learned this week?

There was the freebie that no one will forget, the heebie-jeebies courtesy of Scott Guthrie, and a teensy bit clearer picture of how this cloud thingie should work.

Live report: Will Google Chrome OS change Linux?

The mysteries of just what Chrome OS is, and how much of an operating system it truly is, may be resolved today.

PDC 2009: Microsoft cares about Web browser performance

The effort to give users of the world's dominant Web browser the impression of quality, is a personal one for the man who leads that battle.

Nokia re-affirms its commitment to Symbian, sort of

Maemo won't necessarily be replacing Symbian in the Nokia N-Series, but that's definitely a place where it will be found.

E-book readers will be in short supply this holiday season

E-readers are hot this year, and a lot of compelling new products have been released, but are there enough electrophoretic displays to go around?

Sony looks to finally open a single storefront for downloads

Sony has had many different download portals for movies, music, e-books, and games, and now it's looking to make a single shop for all of it.

Tuning out the tablet: Time to give the endless speculation a rest

Wide Angle Zoom: Wishing and hoping and thinking and praying....won't put an iTablet on the market.

Five improvements for IT managers in 2010

If businesses are to improve their efficiency for next year, they need to stop and reassess the basic tenets of their job.

AOL's spinoff from Time Warner to shed 2,500 jobs

As AOL moves toward become an independent company again, it will cut nearly a third of its workforce.

Gartner: SMS-based money transfer will be bigger than mobile browsing, search

Gartner issues its predictions for the 10 things our phones will be doing in 2012.

Don't forget to upgrade to Firefox 3.6 beta 3 today

Mozilla has released the latest beta its Firefox 3.6 browser software, just over one week after beta 2.