Hackers attack Windows 2000

HACKERS are apparently carrying out targeted attacks on machines using Windows 2000.

Now that Microsoft has pulled the plug on supporting the operating system and vulnerability has been spotted, the hackers are out in force.

The attacks started on Saturday using a variant of a Trojan that installs itself on a system, modifies security settings, and connects to a remote IRC (Internet Relay Chat) server. Yesterday a second variant of the Trojan was detected.

The MSRC (Microsoft Security Response Center) described the Trojan as only being interested in unpatched Windows 2000 machines.

MSRC program manager Stephen Toulouse said that this was not a worm in the "auto-spreading" classic sense.

Few people are impacted and the Trojan cannot face Vole's MS06-040 update. Security outfit LURHQ Threat Intelligence Group say the attackers are using a variant of an ancient Mocbot Trojan. It even uses the same Chinese IRC server hostnames as a command-and-control mechanism.

More here. µ