New Worm "Plexus" Targets Old Windows Flaws

Yahoo! News - New Worm Targets Old Windows Flaws
Antivirus software companies are warning customers about a new e-mail worm that targets unpatched Microsoft Windows machines with either of two recently disclosed software vulnerabilities.


The new worm, known as both "Plexus" and "Explet.A," was first detected on Wednesday and spreads by exploiting Windows machines with vulnerabilities used by two recent worms, Sasser and Blaster, according to alerts. Network Associates' McAfee Antivirus Emergency Response Team and Symantec both say the new worm does not pose a serious threat, but issued software updates to detect it.


Like Sasser, Plexus can exploit the recently disclosed hole in the Windows component called Local Security Authority Subsystem Service, or LSASS, which Microsoft patched in April.


And, like the Blaster worm that appeared in August 2003, Plexus can also crawl through a hole in a Windows component called the DCOM (Distributed Component Object Model) interface, which handles messages sent using the RPC (remote procedure call) protocol.