[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 16 August 2006, 11:43 GMT 12:43 UK
Hackers target latest Windows fix
Spamm subject lines in e-mail inbox, BBC
The worm tries to use hijacked machines to send spam
Hi-tech hackers have started to produce malicious programs that target the latest bugs in Microsoft's Windows.

A worm has been spotted online that tries to use the vulnerabilities to hijack home computers.

Any computer compromised by the worm will become part of a large network set up to send out junk mail.

At the same time Microsoft is re-issuing a recent security patch which has made the Internet Explorer browser crash on some computers.

Spam sender

On 8 August Microsoft released a bumper collection of security patches for 23 separate flaws in Windows and programs in the Office software suite.

One of the problems identified in the August update was deemed so serious that the US Department of Homeland Security (DHS) issued a warning urging users to download the patch and apply it as soon as possible. The DHS has a role in securing America's critical infrastructure which includes the internet.

Now security companies have caught copies of a worm travelling the net that tries to infect Windows machines via this loophole.

The Mocbot worm attacks machines running Windows 2000 or XP that only have Service Pack 1 installed.

"As Microsoft only issued a patch against this vulnerability last week, many Windows computers probably remain unpatched and vulnerable to these threats," said Carole Theriault, senior security consultant at Sophos in a statement.

Computer security firms have seen two variants of this worm circulating online. Analysis by Joe Stewart at security firm Lurhq show that, once installed, it tries to download a trojan known to act as a spam proxy.

These are networks of compromised machines that junk mailers have been forced to use because so few net service firms will host companies that send out millions of unwanted messages.

Microsoft said it would be re-issuing one of the security patches because, in certain circumstances, it can cause the Internet Explorer browser to crash.

The problem occurs with the MS06-42 update which tried to fix eight separate vulnerabilities in the IE browser.

Relatively few users are thought to be suffering from the clash between IE and the security patches. Microsoft said it affected IE with Service Pack 1 installed but only if visiting websites that use data compression and the widely used version 1.1 of the HTTP web protocols.

Microsoft said it expected to have the new version of the MS06-42 update ready by 22 August. However, a "hotfix" has been made available but Microsoft said this should only be installed on those computers crashing because of the update.




SEE ALSO
Microsoft warning on online games
15 Aug 06 |  Technology
Official warning on Windows bugs
11 Aug 06 |  Technology
Warning on search engine safety
12 May 06 |  Technology
MySpace faces security problems
21 Jul 06 |  Technology
Windows gets big security update
13 Jun 06 |  Technology
Help is at hand for web security
09 Jun 06 |  Technology

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites



FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

PRODUCTS & SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific