Turner Broadcasting System hit by Rinbot Virus
[This article blames IT security for not updating their Symantec AV, but the basic problem is that MS Windows is insecure - Ed.]===============================================================================
Turner Broadcasting System a division of Time Warner and parent of news giant CNN, was hit by a malicious bot program on Thursday, CNNMoney.com reported.
The pest--dubbed Delbot or Rinbot by antivirus companies Sophos and Symantec, respectively--spreads through several holes in Microsoft code as well as a known flaw in Symantec's antivirus software.
When installed on a PC, Rinbot opens a back door in the system and connects to an Internet Relay Chat server to let the remote attacker control the compromised computer, according to a description of the Delbot Virus on the Sophos Web site.
Full story
=================================================================================
From the Sophos site:
W32/Delbot-I is an IRC worm with backdoor functionality which allows a remote intruder to gain access and control over the computer.
W32/Delbot-I spreads to other network computers by scanning network shares for weak passwords and by exploiting common buffer overflow vulnerabilities, including Symantec (SYM06-010).
When first run W32/Delbot-I copies itself to
The following registry entry is created to run resvs.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Registry Service
System\resvs.exe
Labels: Microsoft, Virus, Vulnerability
<< Home