New worm attacks attack dangerous Windows errors

In the end, a security vulnerability worm that Microsoft had blocked with an emergency update 11 days ago appeared on the Internet.

Security company Symantec named this computer worm Wecorl. Meanwhile Kaspersky Lab and Microsoft used the same name MS08-067.g.

Kevin Haley - Team Manager responds quickly to Symantec's security situations - said it looks like the target of this worm's Windows 2000 operating system attack. This is also understandable because China is also the source of this worm.

Haley also confirmed that the Wecorl worm, which is completely different from the stealing Trojan code, also took advantage of the security flaw to distribute it that was discovered by Microsoft before issuing an emergency update.

The Wecorl worm also automatically attacks every other PC on the same network as the infected PC. ' If Wecorl can bypass the firewall, it will be able to attack every other PC in the same network ,' Haley said.

In the security warning message released two weeks ago Microsoft has confirmed that just a standard-level firewall is enough to resist the spread of worms capable of attacking potentially dangerous errors. by patch MS08-067.

Some other security researchers also said that after infecting PC Wecorl worm will download more of a variety of other malicious code such as Trojan and Rootkit to help it avoid the eyes of security software monitoring. Security firm F-Secure has identified the additional downloadable Wecorl code for Trojan-Dropper.Win32.Agent.yhi and Rootkit.Win32.KernelBot.dg.

F-Secure also said the Wecorl worm, which was developed based on the source code of the bug, was released last week.

Users are advised to quickly install updates to fix MS08-067 as soon as possible. The best way is to turn on Automatic Updates feature so that the operating system can automatically update the fully released fixes.