Mystery W2K attacks show need for patches

Malicious code is being downloaded onto Windows 2000 servers in a series of attacks that bypass anti-virus software and underline...

Malicious code is being downloaded onto Windows 2000 servers in a series of attacks that bypass anti-virus software and underline the importance of keeping up with Microsoft's security patches.

Microsoft is baffled by these latest exploits and will only say that a "significant number" of servers have been affected.

Gunter Ollmann, manager of Internet Security Systems' X-force security assessment service, said the problem does not appear to be a worm but may be an automated brute force attack that searches the Internet for vulnerable servers.

Brute force attacks usually bombard servers with a dictionary of potential passwords to find a victim but Ollmann said this may be a variant that seeks out unsecured ports.

The attacks could be extremely serious because the exploit installs a backdoor to systems for future access and can change Active Directory security permissions to create unauthorised accounts with administrator privileges.

Microsoft's advice on finding and eradicating the problem can be found at http://support.microsoft.com/default. aspx?scid=kb;en-us;Q328691

Read more on Antivirus, firewall and IDS products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close