News

DNS Exploit Used to Plant Backdoor on Windows Servers

By Scott M. Fulton, III | Published April 18, 2007, 6:58 PM

Security engineers are confirming that customers whose Windows servers were confirmed penetrated by a version of the recent DNS service exploit, were infected by any of three variants of backdoor worms identified by Sophos as W32/Delbot.

Sophos believes this to be a variant of the same worm that infected systems susceptible to vulnerabilities discovered in Symantec Anti-virus software late last year. In fact, versions of the worm that infect systems through the DNS service exploit are capable of spreading themselves via the Symantec exploit as well, along with other buffer overflow exploits.

The discovery is in indicator that the perpetrator may be more interested in identity theft and corporate electronic voyeurism than in disturbing the domain name system itself, as some sources earlier reported.

DNS services on Windows Server-based computers provide routing within company domains, not on the broader Internet.

In an update to its advisory today, Microsoft promised customers that something would be ready to address the DNS problem by May 8 -- the next Patch Tuesday -- although it wasn't explicit as to what that something was.

"We have teams around the world working on it twenty-four hours a day," reads the Security Response Center blog, "and hope to have updates no later than May 8, 2007 for the May monthly bulletin release." It went on to remind customers that the company has to write these updates in 133 languages, and tested independently.

Comments

Anastasia2007
Apr 19, 2007 - 1:27 PM

Or just don't allow RPC over the internet. Port 53 is not affected.

Score: 0

|
Post Reply
DeadFly
Apr 19, 2007 - 10:52 PM

I can't fathom why someone would have RPC open to the world in the first place (other than being an idiot).

Score: 0

|
Post Reply
Super.Alberto
Apr 20, 2007 - 1:45 PM edited

Internet facing only allow port 53.
What about all the internal AD DC servers?
Could be fun if the virus is unleashed on the internal network?

Score: 0

|
Post Reply
GCoder
Apr 19, 2007 - 10:58 AM

Its good to be on the greener side of the fence...

Score: 0

|
Post Reply
extremely well
Apr 19, 2007 - 2:56 AM

And I remind MS that probably 90% of their Windows Server machines are running the English version, so releasing the patch ASAP for English should be the highest priority, then later add support for the rest...

Score: 0

|
Post Reply
Paul Skinner
Apr 19, 2007 - 5:31 AM

It's probable that they will if there are continued attacks.

Score: 0

|
Post Reply

Silverlight 3 goes live on Microsoft's servers

Microsoft's answer to Adobe's Flash is (unofficially) here, with prospects of higher-speed, higher-resolution video and for the first time, 3D.

Three Android phones on the way from T-Mobile in 2009

T-Mobile's myTouch 3G, launched Wednesday, will be followed by two more Android phones later this year, but neither of them will be HTC's Hero.

Best Buy-brand TVs to get TiVo

A new alliance will place the retailer's own brand alongide the manufacturers, and could also lead to future partnerships on services.

LTE still lacks a voice

The 4G Wireless standard that Verizon hopes to show off before this year is out is still at a loss for (spoken) words.

Data sharing among online advertisers: Is sanity in sight?

Lockdown with Angela Gunn In the middle of a 15-page plea not to get regulated, a spark of smart thinking.

T-Mobile's strategy to combat Apple's iPhone with Android

With a trio of Android phones now in the pipeline for 2009, T-Mobile hopes to break the iPhone's emerging stranglehold.

EC's Reding: Government should act as broker for media downloads

If Internet media services don't step up and build an attractive way for users to start paying for downloads, a commissioner says, government may do the job instead.

Sony TVs get Netflix, still no PS3

Though it's coming in behind LG, Samsung, and Microsoft, Sony will begin to offer Netflix streaming, too.

Google Chrome OS: Too little, too early

Carmi Levy: Wide Angle Zoom Don't start the revolution just yet, says Carmi, who isn't so certain Chrome OS will be the "Windows Killer."

GAO pen test brings the hammer down on federal rent-a-cops

But are the computers to blame for the contract-guard fiasco at FPS?

What's Next: Chrome OS will have at least some friends in high places

Also: South Korea takes another round of DDoS abuse, and Neelie Kroes and Steve Ballmer may shake hands before she exits stage left.

Report: Evidence of further creativity with Windows 7 upgrade prices

A ZDNet blogger did some serious digging for clues as to a reported price break on multiple Windows 7 Home Premium licenses, and may have found it.

LimeWire for Windows 5.2.5 Beta

July 9 - 6:47 PM ET

Vuze for Windows 4.2.0.4

July 9 - 6:26 PM ET

UltraVNC 1.0.6.4

July 9 - 6:05 PM ET

WildBit Viewer 5.5 Beta 3.0

July 9 - 5:44 PM ET

Bvckup 1.0.0.239 Beta

July 9 - 5:30 PM ET

Microsoft Silverlight for Windows 3.0.40624.0

July 9 - 3:16 PM ET

AOL for Windows 9.5 Refresh Beta 11 (0.4337.74.1)

July 9 - 2:32 PM ET