Cyber crims are scanning the world wide wibble looking for Windows 2000 machines in the hope they can find one that has not had a recent Windows Media Service patch installed.
Insecurity outfit Symantec said that it had been spotting a number of attacks on Windows 2000 machines.
While the numbers were small, Symantec revealed that the hackers were using code that is new and gives hackers a way to take over a system.
At the heart of the attack is a troublesome patch, MS010-025. It was updated on April 13, but Redmond had to reissue it two weeks later after discovering that its original patch didn’t fix the problem.
The Metasploit open-source hacking toolkit has published code that exploits the flaw, however the attacks which have been seen do not use it.
Symantec Security Intelligence Manager Joshua Talbot, said that someone had done some homework on their own and developed their own exploit.
The attack causes the victim’s computer to crash and the attacker uploads several password logging tools, and also enables remote desktop access.
It only works on Windows 2000 users who have not blocked the Windows Media Service’s port 1755 at the firewall.
However Symantec is left wondering why someone took the time to write an exploit for this and then scan for uncommon configurations.