Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search


Symantec discovers malicious code

Symantec discovers malicious code targeting Microsoft PCT vulnerability

Wed, 28 April 2004

Symantec has discovered malicious code that targets the Microsoft Windows Private Communications Transport Protocol (PCT) vulnerability. This vulnerability is present on unpatched Windows NT, 2000, XP and Windows Server 2003 systems.

The malicious code -- currently called backdoor.mipsiv -- opens ports on the victim's system, implements a denial-of-service attack against a third-party DNS server system and also receives command/control instructions via Internet Relay Chat (IRC) channels.

Symantec has detected attempts at compromising systems on our monitored global sensor network and has raised its ThreatCon Rating to Level 3 as a precautionary measure. Symantec Security Response experts are currently analyzing the heavily encrypted code and will provide more details as they become available. The team is also determining if the code is a worm or a bot. Bot -- short for roBot -- is a program used on the Internet that performs repetitive functions including searching for news or information.

"Symantec is currently analyzing automated sample code that takes advantage of the MS PCT vulnerability," said Vincent Weafer, senior director, Symantec Security Response. "We're seeing an increase in the number of exploits attempts and an increase in reconnaissance attacks through our DeepSight sensors and Managed Security Services devices . We highly encourage our customers to expedite their patching if they haven't already."

The Microsoft PCT vulnerability affects all IIS Web servers running Microsoft IIS with SSL enabled. Windows 2003 server is not vulnerable unless the PCT protocol has been enabled by the administrator. Users should install the patch immediately. If it is not possible, they can disable the PCT protocol in the registry. Additionally, vulnerability assessment and intrusion detection systems can be deployed to detect the presence of the vulnerability and/or the presence of the exploit. For more information about this vulnerability:


© Scoop Media

Business Headlines | Sci-Tech Headlines


Half A Billion Accounts: Yahoo Confirms Huge Data Breach

The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. More>>

Rural Branches: Westpac To Close 19 Branches, ANZ Looks At 7

Westpac confirms it will close nineteen branches across the country; ANZ closes its Ngaruawahia branch and is consulting on plans to close six more branches; The bank workers union says many of its members are nervous about their futures and asking ... More>>

Interest Rates: RBNZ's Wheeler Keeps OCR At 2%

Reserve Bank governor Graeme Wheeler kept the official cash rate at 2 percent and said more easing will be needed to get inflation back within the target band. More>>


Half Full: Fonterra Raises Forecast Payout As Global Supply Shrinks

Fonterra Cooperative Group, the dairy processor which will announce annual earnings tomorrow, hiked its forecast payout to farmers by 50 cents per kilogram of milk solids as global supply continues to decline, helping prop up dairy prices. More>>



Meat Trade: Silver Fern Farms Gets Green Light For Shanghai Maling Deal

The government has given the green light for China's Shanghai Maling Aquarius to acquire half of Silver Fern Farms, New Zealand's biggest meat company, with ministers satisfied it will deliver "substantial and identifiable benefit". More>>


Get More From Scoop

Search Scoop  
Powered by Vodafone
NZ independent news