Rinbot.Q Spreads Exploiting the Windows DNS Server Vulnerability

PandaLabs has detected Rinbot.Q, a worm that spreads by exploiting the vulnerability in the Windows DNS Server. This recently discovered vulnerability has yet to be patched by Microsoft. "Users should be on the alert until the flaw is patched, as new malicious code exploiting this vulnerability could appear. The situation is worse still, as an exploit has already been published for this vulnerability", explains Luis Corrons, technical director of PandaLabs.

Rinbot.Q also operates as a downloader. "This makes it even more dangerous. Once it has entered a computer by exploiting the vulnerability, the worm can download other malicious code. This gives cyber-crooks a quick and silent way of spreading their most dangerous malware", adds Corrons.

When installed on a computer, the worm checks if there is any program, such as Ethereal, for analyzing network traffic. If there is, it eliminates it to prevent detection. Rinbot.Q also alters the registry to ensure it is run on every system startup. The worm can also spread using shared network resources.

"It would be no surprise to see a wave of worms in the coming days, like those of the Spamta family. Very often, these waves of malicious code are just a red herring to distract the attention of users and security companies, while in the meantime new code that exploits the vulnerability is silently propagating", warns Corrons.

write your comments about the article :: 2007 Computing News :: home page