ibnlive » Tech

Aug 16, 2006 at 11:16pm IST

Hackers out to get Windows' bugs

New Delhi: A new worm has been seen to use vulnerabilities to hijack home computers and if a computer is compromised by the worm, it will become part of a large botnet set up to send out junk mail.

At the same time Microsoft is re-issuing a recent security patch which has made the Internet Explorer (IE) browser crash on some computers.

On August 8, Microsoft released a bumper collection of security patches for 23 flaws in Windows as well as for programs in the Office software suite.

WORMY TALE: Computer security firms have noticed two variants of the worm doing the rounds online.

One of the problems was particulary serious and the US Department of Homeland Security (DHS) had issued a warning urging users to download the patch and apply it as soon as possible.

Security companies have caught copies of a worm travelling online, trying to infect Windows machines via this loophole.

The Mocbot worm attacks machines running Windows 2000 or XP that have only Service Pack 1 installed.

Computer security firms have noticed two variants of this worm doing the rounds online.

Analysis has shown that once installed, the worm tries to download a trojan known to act as a spam proxy.

Microsoft said it would be re-issuing one of the security patches because, in some cases, it can cause the IE browser to crash.

The problem takes place with the MS06-42 update which tried to fix eight separate vulnerabilities in the IE browser.

It seems that relatively few users are have been hit by the clash between IE and the security patches.

Microsoft said it affected IE with Service Pack 1 installed but only if visiting websites that use data compression and the widely used version 1.1 of the HTTP web protocols.

Microsoft expects to have the new version of the MS06-42 update ready by August 22.

However, Microsoft says "hotfix", that is available, should only be installed on those computers that crashed because of the update.