Hackers target Microsoft Windows XP support system

  • Published
Windows XP on sale, PA
Image caption,
The bug affects well-established Windows XP operating system

Hi-tech criminals are "escalating" attacks on an unpatched bug in the Windows XP help and support system.

Microsoft said it had seen more than 10,000 machines hit by the attack that, so far, it has not found a fix for.

Windows PCs falling victim will have control of that machine handed over to attackers.

Microsoft said the attacks had gone from theoretical to real very quickly and urged users to take steps to protect themselves.

'Nightmare' attack

Microsoft revealed the upturn in attacks in a blog post saying that it had been monitoring activity around the loophole since it was first revealed on 10 June.

Found by Google engineer Travis Ormandy, the loophole revolves around the Help and Support system built into XP. Mr Ormandy found that it was possible to exploit its ability to give remote aid and apply fixes to ailing machines.

Initially, said Microsoft, it only saw "innocuous" attacks by researchers attempting to replicate what Mr Ormandy had found.

Real exploits turned up on 15 June and these have been enthusiastically adopted by hi-tech criminals.

Writing on the Microsoft Security Centre blog, Holly Stewart said it had started seeing "seemingly-automated, randomly-generated" web pages that host the exploit.

A variety of trojans, spam tools and viruses are being downloaded to compromised machines, she said.

Rik Ferguson, senior security researcher at Trend Micro, said: "It's certainly very serious and is now being actively exploited by what appears to be several different groups as you can see from the multiple payloads being delivered."

Carole Thierault, senior security consultant at Sophos, said attacks like this were a "nightmare" to defend against if people did not regularly update or use anti-virus.

Statistics gathered by Microsoft suggest Portugal was taking the brunt of the attacks but users in Russia and Croatia were also being hit. More than 10,000 machines had been hit at least once by the attack, it found.

To avoid falling victim, Microsoft advised users to turn off the part of the Help and Support system that is vulnerable. It has produced an automated tool that can do this for users.

Mr Ferguson from Trend Micro said there were other steps users could take to stay safe.

"It is important to ensure that your security software is capable of identifying and blocking malicious websites," he said, "as you can be sure that the criminals behind this will be constantly updating their malicious files to try and avoid traditional security."

Microsoft said it was working on a lasting fix for the loophole.

Related Internet Links

The BBC is not responsible for the content of external sites.