A new version of the worm that spread from infected Microsoft Web servers in June has been identified and is using instant messages and infected Web sites in Russia, Uruguay, and the United States to spread itself, according to one security company.

Researchers at PivX Solutions of Newport Beach, California, have intercepted new malicious code closely resembling that from widespread attacks in June attributed to a worm named "Scob" or "Download.ject." The new attacks use mass-distributed instant messages to lure Internet users to Web sites that distribute malicious code similar to Download.ject, says Thor Larholm, senior security researcher at PivX.

This wave of attacks works similarly, routing victims to Web sites with code that takes advantage of vulnerabilities in Microsoft Internet Explorer and Outlook. Though Microsoft has patched those vulnerabilities, the attackers are attempting to exploit unpatched systems. Two patches from 2003, MS03-025 and MS03-040M, address the flaws used by the new worm, Larholm says.


Source : PCWorld