Various antivirus vendors are reporting that a new worm is taking advantage of the Windows Service Server flaw first announced by Microsoft on August 8 in its Security Bulletin MS06-040. Sdbot (w32.Sdbot.worm!MS06-040) is considered a low threat by most antivirus vendors and is responsible for increased port scanning on port 139. The presence of this new bot, just weeks after the Mocbot worm exploited the same vulnerability, underscores the need for everyone to patch their Windows systems ASAP. In particular, those who are still using Windows 2000 and Windows XP SP1 appear to be most vulnerable to this new attack. Prevention requires blocking ports 139 and 445 at the router/firewall. A few antivirus software companies have updated their signature files to include this bot. For more information, see McAfee, Sophos, and Symantec.

• Read also: security, software
• Email to a friend | Print this post