New worm exploits critical Windows bug
November 3, 2008 – 1:08 PMA worm that exploits the bug Microsoft Corp. patched in an emergency update 11 days ago is actively attacking systems, several security companies and researchers said today.
The worm, which Symantec Corp. called Wecorl but was dubbed MS08-067.g by Kaspersky Lab and Microsoft itself, likely originated in China, said Kevin Haley, director of Symantec’s security response team. It appears to target Chinese-language versions of Windows 2000, he noted.
Haley confirmed that the worm, which is different from the information-stealing Trojan horse that prompted Microsoft to issue the out-of-cycle patch on Oct. 23, is circulating in the wild.