Antivirus software companies are warning customers about a new e-mail worm that targets unpatched Microsoft Corp. Windows machines with either of two recently disclosed software vulnerabilities. The new worm, known as both "Plexus" and "Explet.A," was first detected on Wednesday and spreads by exploiting Windows machines with vulnerabilities used by two recent worms, Sasser and Blaster, according to alerts. Network Associates Inc.'s McAfee Antivirus Emergency Response Team and Symantec Corp. both said the new worm does not pose a serious threat, but issued software updates on Thursday to detect it.
Like Sasser, Plexus can exploit the recently disclosed hole in the Windows component called Local Security Authority Subsystem Service, or LSASS, which Microsoft patched in April. Like the Blaster worm that appeared in August, 2003, Plexus can also crawl through a hole in a Windows component called the DCOM (Distributed Component Object Model) interface, which handles messages sent using the RPC (remote procedure call) protocol. (See here and here.)
News source: InfoWorld