It seems like the northern summer has allowed hackers and other types to spend more time than usual crafting security threats, and for the second time in two weeks a major threat has emerged affecting all Windows users. Disturbingly, this threat trumps the MiMail virus we warned about last week because it attacks you without you knowing it.

This worm, which has been in the wild for less than a week now, is causing havoc with networks around the world because it actually breaks into your system itself - there is no need to open email attachments or other user actions to allow it in, and if you machine is not recently patched, then there is a good chance you at risk.

Using a vulnerability found in almost all versions of Windows in mid-July - characterised by some security experts as the most widespread ever found in Microsoft's OS - this worm can download and run itself on your machine, and then set about trying to infect other users on the internet.

One of the most disturbing things about this worm is that it is also programmed to attack Microsoft's WindowsUpdate service, the same website that most system administrators and other Windows users will use to try use to download patches and protect themselves from the threat. The attack on WindowsUpdate.com will be caused by the thousands of infected “zombie like” machines all hammering the website at once, causing a Denial of Service Attack (DOS).

As a result, we strongly recommend ALL clients contact their system administrator to alert them to this threat and ensure they patch your systems, or if you don't have a system administrator, follow the instructions below.

Prevention
Firstly, make sure your machine is patched following instructions contained in Microsoft Security Bulletin MS03-026.

Browse down the page to the patch sections, and follow the subsequent instructions to download this critical patch.

Windows 98 & NT4 Users: If you are running Windows 98, Windows NT4 or lower, it has been reported that this vulnerability does not affect you because it targets a fairly new feature called DCOM. By the by, Windows NT4 and Windows 98 became officially "unsupported" by Microsoft on 31st July 2003, so if something like this came out that affected those systems, you would be unlikely to be able to get a patch at all - this is the way Microsoft forces you to upgrade.

You may already be protected through regular patching from WindowsUpdate, but it is probably better to be safe than sorry.

Installed the patch and got an error about Cryptography? Mark Liron from Clarion Projects has written this article to overcome this problem.

Cure
If you were unlucky enough to already be infected, Symantec have supplied a recovery tool for this little nasty. You can view the Symantec Security Advisory for more details, or click here to download the repair tool.

If you have further questions, check with your system administrator or contact us.