Report of 15.08.2006 13:13
Malware attacks Windows vulnerabilities:
"Two variants of the Mocbot IRCbot, which exploits a hole in the Windows server service, are making the rounds. [..] Both IRCbot variants establish themselves as
wgareg.exe and
wgavm.exe in the Windows system. These files are then registered as
Windows services Windows Genuine Advantage Registration Service and
Windows Genuine Advantage Validation Monitor respectively, and start with system rights when the infected computer is booted up. [..] Antivirus software makers have begun delivering updated signatures that recognise these worms.
Meanwhile, additional malicious code has surfaced for the security holes closed on Patch Tuesday. The Internet Storm Center has reported malware that exploits the leak in the Windows help system.
Users are warned against opening any unknown files, including Windows help files that arrive by email, for example."
Unpatched computers, please close your ports 139 and 445 to protect your server service against worms.
"Also, Microsoft has described a problem in which the installation of Update 918899 causes Internet Explorer 6 Service Pack 1 to exit unexpectedly."
