Days after Microsoft issued a Security Advisory regarding the newly discovered Domain Name System (DNS) Server Service vulnerability on several Windows platforms, TrendLabs has received reports of a new worm already exploiting it. Several reports came from such countries as Brazil, Korea, and USA.
WORM_VANBOT.GC takes advantage of the abovementioned vulnerability by sending a specially crafted RPC packet to target machines. Successful exploitation of the said vulnerability allows this worm to further propagate and compromise the system.
Trend Micro already detects this worm with the latest pattern file. Users are thus advised to keep their antivirus programs updated to prevent possible infection of this worm.