Scoop has an Ethical Paywall
Work smarter with a Pro licence Learn More

Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 

Symantec discovers malicious code

Wednesday, 28 April 2004, 3:57 pm
Press Release: Symantec

Symantec discovers malicious code targeting Microsoft PCT vulnerability

Wed, 28 April 2004

Symantec has discovered malicious code that targets the Microsoft Windows Private Communications Transport Protocol (PCT) vulnerability. This vulnerability is present on unpatched Windows NT, 2000, XP and Windows Server 2003 systems.

The malicious code -- currently called backdoor.mipsiv -- opens ports on the victim's system, implements a denial-of-service attack against a third-party DNS server system and also receives command/control instructions via Internet Relay Chat (IRC) channels.

Symantec has detected attempts at compromising systems on our monitored global sensor network and has raised its ThreatCon Rating to Level 3 as a precautionary measure. Symantec Security Response experts are currently analyzing the heavily encrypted code and will provide more details as they become available. The team is also determining if the code is a worm or a bot. Bot -- short for roBot -- is a program used on the Internet that performs repetitive functions including searching for news or information.

"Symantec is currently analyzing automated sample code that takes advantage of the MS PCT vulnerability," said Vincent Weafer, senior director, Symantec Security Response. "We're seeing an increase in the number of exploits attempts and an increase in reconnaissance attacks through our DeepSight sensors and Managed Security Services devices . We highly encourage our customers to expedite their patching if they haven't already."

Advertisement - scroll to continue reading

Are you getting our free newsletter?

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.

The Microsoft PCT vulnerability affects all IIS Web servers running Microsoft IIS with SSL enabled. Windows 2003 server is not vulnerable unless the PCT protocol has been enabled by the administrator. Users should install the patch immediately. If it is not possible, they can disable the PCT protocol in the registry. Additionally, vulnerability assessment and intrusion detection systems can be deployed to detect the presence of the vulnerability and/or the presence of the exploit. For more information about this vulnerability: http://securityresponse.symantec.com/avcenter/security/Content/10116.html.

ENDS

© Scoop Media

Advertisement - scroll to continue reading

Did you know Scoop has an Ethical Paywall?

If you're using Scoop for work, your organisation needs to pay a small license fee with Scoop Pro. We think that's fair, because your organisation is benefiting from using our news resources. In return, we'll also give your team access to pro news tools and keep Scoop free for personal use, because public access to news is important!

Go to Scoop Pro Find out more

Find more from Symantec on InfoPages.
 
 
 
Business Headlines | Sci-Tech Headlines

BUSINESS, SCIENCE & TECH


 
work Join Scoop Pro
 
Submit News
 
person_add Become a Member
 
 
 
 
 

InfoPages News Channels

Inventory Management
 
 

LATEST HEADLINES

  • BUSINESS
  • SCI-TECH
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.