Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Rinbot worm still pestering firms

And we know it's spread by bots.

Article comments

The Rinbot worm is still plaguing companies, and Symantec has announced that its honeypot network has captured traffic showing it is being spread by a botnet.

Rinbot is an on-again, off-again threat that exploits a pair of long-patched vulnerabilities – one in Microsoft Windows' Server Service fixed in August 2006, the other in Symantec's own Client Security and Symantec AntiVirus software, which were patched in June. Rinbot was last in the news a week ago when Turner Broadcasting System, part of Time Warner and the parent of Cable News Network, were reportedly attacked by Rinbot, also known as Delbot.

Shirley Powell, a spokeswoman for Turner Broadcasting, declined to identify the exploit that hit the company's network. But she confirmed "we have been hit by a virus." The effect was minimal, but "repairs are ongoing," she said.

Security professionals urged users to patch their systems, but at least one said the Rinbot threat was overstated. "This is [just] one of thousands of bots crawling the internet today," said Ken Dunham, director of VeriSign's iDefense rapid-response team. "Some bots are more interesting than others, and some more sophisticated. There is no large global threat issue with Rinbot variants to date."

Yesterday, Symantec posted a warning to customers of its DeepSight threat alert network that honeypots – deliberately unpatched and unguarded PCs that try to attract exploits for evaluation – had detected botnet traffic connected to Rinbot's spread. In the attack against the Symantec honeypot, an exploit used the Microsoft vulnerability to compromise the PC, and then downloaded a Rinbot variant.

"The botnet is trying to instruct the compromised system to download another piece of malicious code or a new variant of the Rinbot or Spybot family worm," Symantec said in its alert.

Symantec is not the only security vendor that has had to deal with vulnerable antivirus software. But more in-the-wild exploits have leveraged Symantec's bugs than have attacked its rivals.

The company has even drawn expletive-laced tirades from hackers. In a blog entry a week ago, Symantec researcher Stephen Doherty wrote, "From time to time, virus writers leave messages in their code. Sometimes these are shout-outs to other virus writers, sometimes it is their own nickname and other times they send messages to us. Here is one that speaks for itself.

"Dear Symantec: For years I have longed for just one thing, to make malware with just the right sting, you detected my creation and got my domains killed, but I will not stop, I can rebuild. ..."


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *