Dasher virus targets unpatched Windows systems

By Matt Whipp

Posted on 19 Dec 2005 at 12:49

Security firms have been warning of a new virus over the weekend that took advantage of a problematic patch released by Microsoft in October.

The critical flaw in Microsoft Windows Distributed Transaction Coordinator affects Windows systems with the potential for remote code execution, but the patch proved troublesome for Windows 2000 systems as it changed the way access permissions were applied.

This could result in the failure of key system services to start or be recognised.

The new virus, known as Dasher, takes advantage of the fact that Windows 2000 systems are less likely to have been patched because of this.

The first variant was found by Finnish security company F-Secure to be flaky at best. Researchers said that it appeared to be built on exploit code made available earlier this month, but because of the instability it suffered and the fact that the URL from which it was to download further code was already known, it was not considered any real threat.

The B variant released later on Friday, however, was in full working order. The virus is designed to search networks for open ports and attempts to turn off antivirus software before sending itself on. It also opens a back door to a server, which tells the system to download and execute another copy of itself and a keylogging component.