Antivirus company Symantec has backtracked after claiming it captured an example of a new Internet worm that takes advantage of a recently-disclosed hole in Windows machines running Secure Sockets Layer (SSL). On Tuesday, the company trapped an example of the malicious code called backdoor.mipsiv. and warned customers that it was either a new worm or small automated program called a "bot" that exploits a new Windows Private Communications Transport Protocol (PCT) vulnerability, part of the Windows implementation of SSL. However, on Wednesday, Symantec said further analysis of the code shows it is neither a worm nor a bot, and doesn"t use the PCT vulnerability.
Instead, the code, still called backdoor.mipsiv, is described as a Trojan horse program. Mipsiv is placed on vulnerable machines by malicious hackers, after which it opens communications ports on systems it compromises and uses Internet Relay chat (IRC) channels to send instructions, Symantec representatives say. "We better understand what it"s doing now and after further investigation, it doesn"t look like it"s self propagating," says Jonah Paransky, Symantec senior manager of security product management.