With security vendors warning of new malware that exploits a recently patched flaw in Windows, Microsoft Corp. is saying that attacks are not on the rise.
Earlier this week, two new malicious programs popped up, both of which took advantage of the MS06-040 Windows Server service vulnerability. This prompted Symantec Corp. to raise its ThreatCon rating to 2 on Thursday, an indication that users should be at a heightened level of security awareness.
But on Friday Microsoft said that even with these new variants, the total number of computers being attacked was unchanged. “We’re not seeing an increase in attacks, just minor variations,” said Stephen Toulouse, security program manager with Microsoft’s Security Response Center.
Symantec’s Oliver Friedrichs agreed that “the overall volume of attack attempts is fairly consistent,” but he said that the fact that hackers had continued to pound away at the MS06-040 vulnerability is troubling. “The fact that we are seeing more threats exploiting these vulnerabilities, that in itself is disconcerting,” said Friedrichs, a director of emerging technologies in Symantec Security Response.
Symantec has counted six variants of the MS06-040 attacks to date. Symantec rates the two new programs spotted this week, W32.Dasher.G and W32.Spybot.AKNO, as low risks.
A security bulletin on MS06-040, which affects most versions of Windows, can be found here:
The MS06-040 patch has to do with Windows’ Server services, which are used for a variety of networking tasks, such as file sharing and printing. Because the flaw relates to widely used and network-enabled features, security experts have warned that it is a likely candidate for a widespread worm. Shortly after the patch was released, the U.S. Department of Homeland Security took the unusual step of warning users of the flaw, saying it could put the nation’s infrastructure at risk. To date, however, no widespread outbreak has appeared.