Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Rinbot Worm Threatens Big Business Networks
03-07-2007, 10:50 AM (This post was last modified: 03-07-2007 10:50 AM by smitharose.)
Post: #1
Shy Rinbot Worm Threatens Big Business Networks
A new strain of the Rinbot virus -- unusual in that it targets Symantec's antivirus program instead of Microsoft software -- has infiltrated CNN's network, the news organization reported. Other large corporate networks may still be in danger of attack, but there is no cause for panic, according to Graham Cluley, senior technology consultant with IT security firm Sophos.


.jpg  network-security.jpg (Size: 10.57 KB / Downloads: 4) A new computer virus  targeting antivirus vendor Symantec's (Nasdaq: SYMC)  security software  has hit a division of at least one big U.S. corporation this week and is still considered a threat to other networks.

The virus, which has reportedly infested CNN and its parent company Turner Broadcasting System, is the latest strain of the Rinbot computer virus, which hijacks network systems and takes control of computers remotely.

It appears to be deliberately targeting weaknesses in Symantec's antivirus software.


Story Overblown?
The Rinbot virus has been floating around in the wild for more than a week, said Graham Cluley, senior technology consultant with Boston-based IT security firm Sophos , but it didn't receive much attention until it hit CNN, which ran a story about the attacks.

"We believe it is the latest strain of the 7th version of Rinbot, which first emerged in March 2005," Cluley told TechNewsWorld. However, he believes the CNN story regarding the virus has caused an unnecessary panic.

"That made everyone think it is a much bigger deal than it was," said Cluley.

Virus Variant
The latest variant of the worm is designed to exploit security vulnerabilities embedded in Symantec's antivirus software, according to Cluley. After a system  is affected, the virus quickly spreads and takes over computers with the intention of turning the network into a botnet, or "zombie" network.

"Traditionally, hackers have gone after Microsoft's (Nasdaq: MSFT)  antivirus programs," said Cluley, "but now they're increasingly targeting other commonly used programs such as Symantec programs and others."

Back Door
The Rinbot worm opens a back door in affected networks and connects to an IRC (Internet relay chat) server, allowing an attacker to send commands.

The worm spreads using known vulnerabilities in Symantec's antivirus software, which the security company says it has since patched.

Once it sneaks through a back door, it targets MS SQL servers, Cluley said, searching for networks that run Microsoft Windows operating systems, including Windows 95, Windows 98, Windows 2000, Windows Me, Windows NT and Windows XP.

The virus then spreads through the network by manipulating weak spots such as simple passwords, according to Cluley.

Avoiding the Hassle
Companies can avoid the consequences of a virus attack by completely updating their antivirus software, said Cluley. However, he conceded that isn't as easy as it sounds.

"If you have the latest security patches in place, it shouldn't have an impact," he said. "However, life isn't always that simple. Rolling out patch across a whole enterprise can be tough."
Find all posts by this user
Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
Rolleyes Ten Scary Things About Home Networks smitharose 0 2,076 02-26-2007 02:24 PM
Last Post: smitharose

Forum Jump:


User(s) browsing this thread: 1 Guest(s)