A new worm has emerged, which targets Windows 2000 systems. It is based on an exploit for a recently patched bug in Microsoft Distributed Transaction Coordinator.
The co-ordinator is essentially a component of the operating system that is used by database software to help manage transactions. The worm, dubbed Dasher, already has three variants, and Microsoft has rated the bug as ‘critical’ for Windows 2000 systems.
Proof-of-concept code that could be used to make a worm like Dasher first began circulating after Microsoft issued a patch in early October. Security specialists speculated that it could be used to create a worm similar to Zotob, which brought down hundreds of thousands of systems worldwide in August.
The variants of Dasher install software that then tries to infect other vulnerable systems and can also be used to log keystrokes and turn the computer into a remotely controlled bot system.
The three versions of Dasher have so far infected around 3,000 systems worldwide. There are also fears that a patch issued in October may be ineffective.
You can bet that with the demands of the Christmas season upon us, it is only a matter of time before the wiles of social engineering create a message with that ‘must-click’ seasonal attachment that spells ‘headache’ for IT staff.