Blaster Redux? SSL Worm Threat Rising

Security experts have spotted the first signs of a Blaster-like worm circulating underground, prompting fears that major Internet disruptions could be less than a week away.

Anti-virus firms on Wednesday warned of abnormal port-scanning activity and evidence of a backdoor Trojan infecting machines through a known vulnerability in Microsoft IIS servers.

And, as was the case when the Blaster virus hammered corporate networks last August, a patch for the flaw has already been issued by Microsoft.

“This is an urgent situation. We’re in the mode right now where we are strongly recommending that the patches be applied. The only way this won’t be as disruptive as Blaster is for people to patch their IIS servers,” according to Symantec’s Jonah Paransky.

Paransky, a senior manager of security product management at Symantec, told internetnews.com it was “highly likely we’re see self-propagating malicious code” released in the coming days.

“Because of the potential severity of this, we are raising the threat level and strongly recommending that the appropriate patches are applied.”

Symantec has already spottedBackdoor.Mipsiv Trojan that performs different backdoor-type functions by connecting to an IRC server and joining a specific channel to listen for instructions. Paransky said the Trojan contains keylogging and network scanning functionalities.

“We know that the vulnerability exists. We know there is exploit code on the Internet and we’re seeing the exploit code appearing in Trojans. We’re not seeing a Blaster-type worm yet but it’s only a matter of time before someone really malicious gets their hand on the code,” Paransky said.

During initial analyses of the Backdoor.Mipsiv Trojan, Symantec found that it was using the same port as the Microsoft Windows Private Communications Transport Protocol (PCT) vulnerability, which was patched in the software giant’s April release of fixes.

Symantec first issued an alert for the “high risk” PCT flaw on April 13, with a warning that multiple Microsoft Windows operating systems were vulnerable to a remotely exploitable stack-based buffer overrun via the PCT (Private Communications Transport) protocol. “Successful exploitation of this issue could allow a remote attacker to execute malicious code on a vulnerable system, resulting in full system compromise. The vulnerability may also reportedly be exploitable by a local user who passes malicious
parameters to the vulnerable component interactively or through another application,” the company said.

The issue only affects systems that have SSL enabled, such as Web
servers, but could also affect Windows 2000 Domain Controllers under some circumstances. More information on the PCT flaw and available patches can be found in this alert.

As previously reported, exploit code for the flaw is already available and could be used by attackers to force the Windows 2000 and Windows XP operating systems to block SSL connections. On Windows Server 2003 machines, the code could cause the system to reboot.

On Wednesday, the SANS Institute also warned of a new PhatBot exploiting targeting another Microsoft vulnerability. The institute said in an alert that the PhatBot contains code to exploit the LSASS (LSASS: Local Security Authority Subsystem Service) vulnerabilities patched under MS04-011 earlier this month.

“The exploit is effective against some versions of Windows 2000 with SP3 or SP4 installed. The patch released earlier this month as part of MS04-011 will fix this vulnerability. If you have not done so already, please apply the MS04-011 patch as soon as possible. Even if no worm is released, we expect that all Internet facing systems will be probed with this exploit over the next couple of days.”

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020