Hackers target Microsoft Windows XP support system

July3

The BBC reports that hi-tech criminals are “escalating” attacks on an unpatched bug in the Windows XP help and support system. Microsoft said it had seen more than 10,000 machines hit by the attack that, so far, it has not found a fix for.

Windows PCs falling victim will have control of that machine handed over to attackers. Microsoft said the attacks had gone from theoretical to real very quickly and urged users to take steps to protect themselves.

Microsoft revealed the upturn in attacks in a blog post saying that it had been monitoring activity around the loophole since it was first revealed on 10 June. Found by Google engineer Travis Ormandy, the loophole revolves around the Help and Support system built into XP. Mr Ormandy found that it was possible to exploit its ability to give remote aid and apply fixes to ailing machines.

Initially, said Microsoft, it only saw “innocuous” attacks by researchers attempting to replicate what Mr Ormandy had found. Real exploits turned up on 15 June and these have been enthusiastically adopted by hi-tech criminals.

Writing on the Microsoft Security Centre blog, Holly Stewart said it had started seeing “seemingly-automated, randomly-generated” web pages that host the exploit. A variety of trojans, spam tools and viruses are being downloaded to compromised machines, she said.

Statistics gathered by Microsoft suggest Portugal was taking the brunt of the attacks but users in Russia and Croatia were also being hit. More than 10,000 machines had been hit at least once by the attack, it found.

To avoid falling victim, Microsoft advised users to turn off the part of the Help and Support system that is vulnerable. It has produced an automated tool that can do this for users.

“It is important to ensure that your security software is capable of identifying and blocking malicious websites,” said a security expert, “as you can be sure that the criminals behind this will be constantly updating their malicious files to try and avoid traditional security.”

Microsoft said it was working on a lasting fix for the loophole.

Access the original article online at: http://news.bbc.co.uk/1/hi/technology/10473495.stm

posted under Technology, cyber crime

2 Comments to

“Hackers target Microsoft Windows XP support system”

On July 4th, 2010 at 4:07 am dental hygienist Says:
Great site. A lot of useful information here. I’m sending it to some friends!
On July 28th, 2010 at 1:49 am ufaweb Says:
it was very interesting to read http://www.parentalcontrol.co.uk
I want to quote your post in my blog. It can?
And you et an account on Twitter?

Ringleader of child porn network used Facebook to distribute images
4:30 pm, August 27, 2010

Mothers’ group outraged after their Facebook campaign to expose paedophiles is removed
9:30 am, August 27, 2010

Cigarette firms ‘are using product placement on web’
4:30 pm, August 26, 2010

Teenage murders linked to ‘Facebook hitlist’
11:13 am, August 26, 2010

California looks to outlaw online impersonation
4:30 pm, August 25, 2010

Web scam hits iTunes and Paypal users
10:47 am, August 25, 2010

No sympathy for those who traffic child porn
4:00 pm, August 24, 2010

One in 20 people reprimanded for inappropriate emails
10:34 am, August 24, 2010

The facial recognition software that will put a name to every photograph in the internet
4:00 pm, August 23, 2010

How to create a ’super password’
11:23 am, August 23, 2010