Redmond (WA) – Microsoft is warning users about a new wave of malicious attacks that aim to exploit a vulnerability that was outlined in the firm’s security bulletin MS08-067 . If you haven’t patched your PC yet, it is a good idea to do so asap, the company advises. 

Microsoft said that there is another “wave” of exploits coming your way, in addition to more than 50 that have been identified last week. And while initial attacks were mostly targeted at specific systems, there appear to be more general attacks in the wild now. Microsoft stated that the malware was detected as Worm:Win32/Conficker.A.

According to the company, this worm mostly spreads within corporations, but also was reported by several hundred home users. It opens a random port between port 1024 and 10000 and acts like a web server. Once the remote computer is exploited, that computer downloads a copy of the worm via HTTP using the random port opened by the worm. The worm often uses a .JPG extension when copied over and then it is saved to the local system folder as a random named dll file, Microsoft said.

Interestingly enough, the malware also patches the vulnerable API in memory so the machine will not be vulnerable anymore. The purpose of this move? Simple: The patch makes sure the system cannot be taken over by any other malware.

Microsoft said that most reports about infections come from users in the United States, but we also received reports from other countries/regions such as Germany, Spain, France, Italy, Taiwan, Japan, Brazil, Turkey, China, Mexico, Canada, Argentina and Chile. We leave it up to you to conclude why the worm “avoids” infecting Ukrainian computers and why Microsoft has not received reports from that country.

Indeed...

Nov 26, 2008 18:22     

>We leave it up to you to conclude why the worm >“avoids” infecting Ukrainian computers There are two logical conclusions: 1. The infection came from Ukrainia. 2. A hacker wants to blame Ukrainia.
VulCanLogic report abuse vote down vote up Votes: +5

Lord

Nov 26, 2008 18:51     

What Microsoft actually wants to do with its new patch is find anyone who does not have a verified, registered copy of windows and paste a big nasty warning message on their desktop until that person sends them money. That's all their latest patch did for my computer. I got a brand new Dell laptop for school about 3-4 years ago, and the system restore disc that came with the system wasn't working. I didn't feel like waiting forever for a new restore disc or have to send the thing in so I took it to school and asked one of the instructors if he could put Windows XP on it. He did so and I thought the end of it, until recently when Windows started sending me nasty messages saying I owed them money if I wanted to download updates from them. So, that's just my opinion. The latest updates haven't made my computer any safer, just more annoying, because they refuse to recognize that I had no idea my school was using a version of windows that would later have its user license revoked. Just FYI.

Ian report abuse vote down vote up Votes: -8

Axis of Evil

Nov 26, 2008 19:38     

Add Ukranine to the list. Bush has 2 months left - lets get busy.
Chris report abuse vote down vote up Votes: -2

"We leave it up to you to conclude why the worm ...

Nov 26, 2008 20:53     

"We leave it up to you to conclude why the worm “avoids” infecting Ukrainian computers and why Microsoft has not received reports from that country." This was a pun, right?
Hans report abuse vote down vote up Votes: -2

"Ukrainia"

Nov 26, 2008 20:59     

Indeed. Where is "Ukrainia?" I never heard of it and couldn't find it in an up-to-date atlas.
woergo report abuse vote down vote up Votes: -1

that's one for Ukraine

Nov 26, 2008 22:53     

that's one for Ukraine - 1 point for them! LOL
b report abuse vote down vote up Votes: -2

good points but...

Nov 26, 2008 22:55     

its the Ukraine not Ukrainia lol
oz report abuse vote down vote up Votes: +6

"malware also patches the vulnerable API"

Nov 27, 2008 03:08     

yeap.... just leave it to the malware to find to flaws.
nev report abuse vote down vote up Votes: +1

But the UK?

Nov 27, 2008 05:12     

UK isn't on that list ,neither Russia . Stupid conclusion. The virus/worm is nothing new.
bog report abuse vote down vote up Votes: +1

There are more countries in the world...

Nov 27, 2008 09:06     

Why the hell are you saying that "it avoids ukraine, when you left out almost all countries in the world??
Q report abuse vote down vote up Votes: +1

Avoid the patches, vote Linux

Nov 27, 2008 14:44     

When I dual boot into XP usually I have to leave an hour before it becomes usable and reboots itself to use its new patch. Computers are about productivity, right? And that bit about having a forced 10 minute to reboot is maddening.
Pete Dixon report abuse vote down vote up Votes: -1

wow

Nov 27, 2008 21:49     

l2 power leveling &power leveling cheap orders. We
asd report abuse vote down vote up Votes: -1

Yeah, Ukranian

Nov 28, 2008 00:33     

It looks like the worm also avoids British, Irish, Danish, Swedish, Finnish, Norwegian, Swiss, Russian, Chinese, Australian, Vietnamese, and many other computers.
George Smith report abuse vote down vote up Votes: +2

Ukraine?

Nov 28, 2008 07:01     

Yeah right, why does this have to come from Ukraine? There are about 250 countries, 14 have reports of the virus so it has to be Ukraine from the 25 countries left :S (I'm not saying it isn't Ukraine, but just by wondering why it's not in the list :S, I mean there are bigger countries in the vicinity, like uhm Russia for example)
Ukraine? report abuse vote down vote up Votes: +1

I conclude its Ukraine!!

Nov 30, 2008 16:22     

Just remember, Ukraine is responsible for the dodgeball, so let's not be too quick to point the finger at them! :)
Zach report abuse vote down vote up Votes: +0

This is not a “creative” exploit.

Dec 01, 2008 12:01     

I see nothing related to sound cards or the people who make them.
Ralf The Dog report abuse vote down vote up Votes: +0

Ukraininan PC's also infected.

Dec 02, 2008 15:50     

I work at one of Kiev based companies with 50 PCs. And we had this virus on most of our PCs on Friday. (stupid not installing Windows updates) But the two different antiviruses we have did not detect the virus. We had to remove it manually. One of antiviruses started detecting the virus on Saturday, another on Monday. Hopefully others updated their Windows in time not to catch this virus.
Dmitry report abuse vote down vote up Votes: +0

Microsoft can do so

Jan 14, 2009 06:13     

Ukraine has been faithful to the Microsoft's legal terms and conditions. Also Ukraine has shown in the past too that it is concerned about keeping the laws.
Ukrainian Mighty report abuse vote down vote up Votes: +1

looks bad..

Feb 08, 2009 23:37     

The condition looks bad now in Ukraine
Ukraine report abuse vote down vote up Votes: +0