Worm exploits Windows DNS hole

McAfee on Monday afternoon said it had spotted a variant of Nirbot that appears to exploit the recently disclosed vulnerability in the Windows DNS service.

Nirbot is a typical botworm that gives an attacker full control over an infected computer via an Internet Relay Chat channel, McAfee said.

"An attacker can gain control over the compromised computer and use it to send spam, install adware or launch a DDoS (distributed denial-of-service) attack on Internet systems," according to McAfee's description of the pest. There are , which is also known as Rinbot.

Microsoft warned of the vulnerability in the Windows Domain Name Service last week. The software maker is still working on a fix for the hole, which it said affects Windows 2000 Server and Windows Server 2003. Desktop versions of Windows are not vulnerable.

Word of the worm comes shortly after attack code that exploits the vulnerability was posted to the Internet.

About the author

    Joris Evers covers security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments