From: Tony Harding on
Hackers target Microsoft Windows XP support system

Page last updated at 09:17 GMT, Thursday, 1 July 2010 10:17 UK

Windows XP on sale, PA The bug affects well-established Windows XP
operating system

Hi-tech criminals are "escalating" attacks on an unpatched bug in the
Windows XP help and support system.

Microsoft said it had seen more than 10,000 machines hit by the attack
that, so far, it has not found a fix for.

Windows PCs falling victim will have control of that machine handed over
to attackers.

Microsoft said the attacks had gone from theoretical to real very
quickly and urged users to take steps to protect themselves.
'Nightmare' attack

Microsoft revealed the upturn in attacks in a blog post saying that it
had been monitoring activity around the loophole since it was first
revealed on 10 June.

Found by Google engineer Travis Ormandy, the loophole revolves around
the Help and Support system built into XP. Mr Ormandy found that it was
possible to exploit its ability to give remote aid and apply fixes to
ailing machines.

Initially, said Microsoft, it only saw "innocuous" attacks by
researchers attempting to replicate what Mr Ormandy had found.

Real exploits turned up on 15 June and these have been enthusiastically
adopted by hi-tech criminals.

Writing on the Microsoft Security Centre blog, Holly Stewart said it had
started seeing "seemingly-automated, randomly-generated" web pages that
host the exploit.

A variety of trojans, spam tools and viruses are being downloaded to
compromised machines, she said.

Rik Ferguson, senior security researcher at Trend Micro, said: "It's
certainly very serious and is now being actively exploited by what
appears to be several different groups as you can see form the multiple
payloads being delivered."

Carole Thierault, senior security consultant at Sophos, said attacks
like this were a "nightmare" to defend against if people did not
regularly update or use anti-virus.

Statistics gathered by Microsoft suggest Portugal was taking the brunt
of the attacks but users in Russia and Croatia were also being hit. More
than 10,000 machines had been hit at least once by the attack, it found.

To avoid falling victim, Microsoft advised users to turn off the part of
the Help and Support system that is vulnerable. It has produced an
automated tool that can do this for users.

Mr Ferguson from Trend Micro said there were other steps users could
take to stay safe.

"It is important to ensure that your security software is capable of
identifying and blocking malicious websites," he said, "as you can be
sure that the criminals behind this will be constantly updating their
malicious files to try and avoid traditional security."

Microsoft said it was working on a lasting fix for the loophole.