After an earlier unsuccessful attempt, Virus writers have created the first worm that successfully targets a critical Windows vulnerability (MS05-051) patched by Microsoft in October.

The Dasher-B worm exploits a vulnerability in Microsoft Windows Distributed Transaction Coordinator (MSDTC) to spread across vulnerable systems. Unpatched Windows 2000 computers are particularly at risk. If successful, the worm establishes a backdoor on vulnerable computers and opens up a link to a remote server for further instructions. The server instructs infected machines to download a copy of the worm itself and a keylogger, which hides itself on infected systems by using a rootkit driver. Windows users are strongly urged to apply the latest Microsoft security fixes to guard against attack.

Success in spreading (albeit modestly) distinguishes Dasher-B from Dasher-A, samples of which were sent to anti-virus firms earlier this week. Coding mistakes in Dasher-A rendered it inert. ®

Related stories

• Attackers pass on operating systems (4 August 2006)
• Microsoft sets Apple straight on security (23 March 2006)
• Santa worm is coming to IM (22 December 2005)
• Dasher worm targets October Windows vuln (15 December 2005)
• MS releases IE überpatch (14 December 2005)
• Trojan exploits unpatched IE flaw (1 December 2005)
• Glitch afflicts critical MS patch (17 October 2005)
• Worm fears over MS October patch batch (12 October 2005)
• Flaw on Tuesday, worm by Sunday (15 August 2005)