Trojan Horse Is Newest Windows Vulnerability

A new security vulnerability in Windows could allow cybercriminals to hijack a user’s machine and divert Web traffic through a malicious proxy server, Microsoft announced on Monday.

Hackers can send e-mail messages linked to a malicious payload hosted on a remote Internet server, which could trick recipients into clicking on the link and deliver a backdoor Trojan Horse virus to a Windows Vista-based PC.

“The Backdoor Trojan has become increasing popular lately, and, if you don’t know it’s there, can do a lot of damage,” Laura Didio, an analyst with the Yankee Group, told TechNewsWorld.

The resulting damage includes anything from the deletion of files to the replication of files, data and other items that can chew up storage space, according to Didio.

“It can be very, very nasty,” she said.

Threat Ratings

Security firm Symantec issued a warning about the vulnerability and increased its threat rating from 6.8 to 7.5, confirming the bug was exploitable remote code.

The flaw could also allow an attacker to introduce malware onto a compromised computer via Windows Mail — the successor to Outlook Express.

“An attacker can deliver an e-mail message containing a malicious link that references a local executable,” according to Symantec. “If the victim clicks on this link, the native program is executed with no further action required. For instance: an attacker could achieve the execution of the local file ‘winrm.cmd.'”

Malicious Files

Internet Explorer, for example, uses the Web Proxy Automatic Discovery (WPAD) protocol to locate the file that enables a Web browser to configure its proxy settings.

The current flaw makes it possible to place a configuration file that routes Internet traffic through a malicious proxy server, according to Microsoft’s security bulletin Web site.

A malicious WPAD.dat file can then be placed in the Domain Name System (DNS) or the Windows Internet Naming Service (WINS), Microsoft said.

Administrators can configure DNS and WINS on their servers to help prevent these “malicious registrations” of WPAD files, according to Microsoft. The fix works with Windows Server 2003 and Windows 2000 Service Pack 4.

Not a Big Threat?

Over the past decade, Microsoft has reduced the number of hacks into its Windows operating system by two-thirds, but the company’s ubiquitous nature makes its operating system the world’s top target for hackers.

“These hacks can be delayed, but a lot of the responsibility now has to be shifted to the end users,” said Didio, noting that IT managers and individual users ultimately need to keep their systems updated against these threats.

Microsoft’s Security Response Center team is downplaying the potential risks from the vulnerability, stating on its Web site, “Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time.”

Both Symantec and Microsoft are suggesting that users should not click links in any unsolicited e-mails, while also recommending that users should disable HTML within Windows Mail.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels