Variants of Rinbot worm attacks Windows Server DNS flaw

Variants of the Rinbot worm are exploiting the Windows Server DNS Service vulnerability, researchers said today.

The worm exploits the flaw by sending a specially crafted Remote Procedure Call (RPC) packet to targeted PCs, analysts said.

Ron O’Brien, senior security analyst at Sophos, told SCMagazine.com today that the worm has made the vulnerability much more than just a DNS-related headache for administrators because it can also use other vulnerabilities to propagate.

"I found this to be of particular interest, because we are effectively looking at the possibility of a computer talking directly to another computer…If the DNS server has been compromised, anyone who is dialing up that website can be directed to another website," he said. "It’s not strictly the vulnerability within the Microsoft DNS server, but the overall sophistication of the malware that is able to customize itself to take advantage of any situation that is presented."

Microsoft on Monday updated its advisory on the vulnerability, adding that new attacks were exploiting the flaw.