Rinbot Worm Threatens Big Business Networks
A new strain of the Rinbot virus -- unusual in that it targets Symantec's antivirus program instead of Microsoft software -- has infiltrated CNN's network, the news organization reported. Other large corporate networks may still be in danger of attack, but there is no cause for panic, according to Graham Cluley, senior technology consultant with IT security firm Sophos.
Mar 2, 2007 11:38 AM PT
A new computer virus targeting antivirus vendor Symantec's security software has hit a division of at least one big U.S. corporation this week and is still considered a threat to other networks.
The virus, which has reportedly infested CNN and its parent company Turner Broadcasting System, is the latest strain of the Rinbot computer virus, which hijacks network systems and takes control of computers remotely.
It appears to be deliberately targeting weaknesses in Symantec's antivirus software.
The Rinbot virus has been floating around in the wild for more than a week, said Graham Cluley, senior technology consultant with Boston-based IT security firm Sophos, but it didn't receive much attention until it hit CNN, which ran a story about the attacks.
"We believe it is the latest strain of the 7th version of Rinbot, which first emerged in March 2005," Cluley told TechNewsWorld. However, he believes the CNN story regarding the virus has caused an unnecessary panic.
"That made everyone think it is a much bigger deal than it was," said Cluley.
The latest variant of the worm is designed to exploit security vulnerabilities embedded in Symantec's antivirus software, according to Cluley. After a system is affected, the virus quickly spreads and takes over computers with the intention of turning the network into a botnet, or "zombie" network.
"Traditionally, hackers have gone after Microsoft's antivirus programs," said Cluley, "but now they're increasingly targeting other commonly used programs such as Symantec programs and others."
The Rinbot worm opens a back door in affected networks and connects to an IRC (Internet relay chat) server, allowing an attacker to send commands.
The worm spreads using known vulnerabilities in Symantec's antivirus software, which the security company says it has since patched.
Once it sneaks through a back door, it targets MS SQL servers, Cluley said, searching for networks that run Microsoft Windows operating systems, including Windows 95, Windows 98, Windows 2000, Windows Me, Windows NT and Windows XP.
The virus then spreads through the network by manipulating weak spots such as simple passwords, according to Cluley.
Avoiding the Hassle
Companies can avoid the consequences of a virus attack by completely updating their antivirus software, said Cluley. However, he conceded that isn't as easy as it sounds.
"If you have the latest security patches in place, it shouldn't have an impact," he said. "However, life isn't always that simple. Rolling out patch across a whole enterprise can be tough."