News

DNS Exploit Used to Plant Backdoor on Windows Servers

By Scott M. Fulton, III | Published April 18, 2007, 6:58 PM

Security engineers are confirming that customers whose Windows servers were confirmed penetrated by a version of the recent DNS service exploit, were infected by any of three variants of backdoor worms identified by Sophos as W32/Delbot.

Sophos believes this to be a variant of the same worm that infected systems susceptible to vulnerabilities discovered in Symantec Anti-virus software late last year. In fact, versions of the worm that infect systems through the DNS service exploit are capable of spreading themselves via the Symantec exploit as well, along with other buffer overflow exploits.

The discovery is in indicator that the perpetrator may be more interested in identity theft and corporate electronic voyeurism than in disturbing the domain name system itself, as some sources earlier reported.

DNS services on Windows Server-based computers provide routing within company domains, not on the broader Internet.

In an update to its advisory today, Microsoft promised customers that something would be ready to address the DNS problem by May 8 -- the next Patch Tuesday -- although it wasn't explicit as to what that something was.

"We have teams around the world working on it twenty-four hours a day," reads the Security Response Center blog, "and hope to have updates no later than May 8, 2007 for the May monthly bulletin release." It went on to remind customers that the company has to write these updates in 133 languages, and tested independently.

Comments

View comments by with a score of at least

Anastasia2007
Apr 19, 2007 - 1:27 PM

Or just don't allow RPC over the internet. Port 53 is not affected.

Score: 0

|
Post Reply
DeadFly
Apr 19, 2007 - 10:52 PM

I can't fathom why someone would have RPC open to the world in the first place (other than being an idiot).

Score: 0

|
Post Reply
Super.Alberto
Apr 20, 2007 - 1:45 PM edited

Internet facing only allow port 53.
What about all the internal AD DC servers?
Could be fun if the virus is unleashed on the internal network?

Score: 0

|
Post Reply
GCoder
Apr 19, 2007 - 10:58 AM

Its good to be on the greener side of the fence...

Score: 0

|
Post Reply
extremely well
Apr 19, 2007 - 2:56 AM

And I remind MS that probably 90% of their Windows Server machines are running the English version, so releasing the patch ASAP for English should be the highest priority, then later add support for the rest...

Score: 0

|
Post Reply
Paul Skinner
Apr 19, 2007 - 5:31 AM

It's probable that they will if there are continued attacks.

Score: 0

|
Post Reply

Microsoft's Ray Ozzie: 'Nobody's going to be 100% open'

The mobile apps ecosystems of the world may converge over time, led by apps being ported over across platforms, according to the Chief Software Architect.

Nearly half the money spent at US retail on desktop PCs goes to Apple

Shocking, isn't it?

Will Firefox beat IE9 to Direct2D rendering?

Just days after Microsoft executives gave conference attendees a peek at a new rendering technology, a Mozilla contributor revealed he's working on the same thing.

Where there's smoke: Apple warranty stance raises troubling questions

Carmi Levy | Wide Angle Zoom: Smoking can be dangerous not only for your lungs, it appears, but for your Apple hardware warranty.

The fallacy of Facebook privacy

Carmi Levy | Wide Angle Zoom: If an insurance company learns something interesting about its client through the Internet, is that snooping?

Microsoft 'worked with Apple' for Silverlight on iPhone, says Goldfarb

By not making such a big deal out of trying to stream video to the iPhone, Microsoft got a big deal out of it, revealed the Silverlight product manager.

Clicker.com cuts through the Web video chaos

In a world where homemade video and Hollywood movies travel the same pipeline, it's good to have a real search engine to cut through the clutter.

A case study in improving software: What Office 2010 can learn from Notion 3

A music composition product gambles with a complete overhaul, in an effort to make headway against two well-known competitors in a tough market.

Kindle 2 update adds battery life, native PDF reader

Amazon has pushed out an update to the Kindle 2 e-reader that lengthens battery life and adds a native PDF viewer.

Safari on iPhone gets competition from a $1 browser app

Apple likes to say it gives iPhone users a full browsing experience, but a new competitor tries to incorporate more desktop browser features.

Action Replay maker sues Microsoft for Xbox 360 'predatory technological barriers'

Third-party video game accessory maker Datel has filed an antitrust lawsuit against Microsoft over the Xbox 360's recent Dashboard update.