Virus writers tool up for Blaster re-run

Tools have been developed to exploit a recently announced Windows flaw, further increasing the likelihood that new viruses will emerge soon, a security firm has warned.

Ken Dunham, an analyst at iDefense, said on Tuesday that it is "highly likely" that new worms or Trojan horses will emerge in the next few days. These bugs are expected to prey on computers that have not been updated with the latest security patch for Microsoft's operating system.

"A new Blaster-like worm family could be created in a matter of hours or days, now that exploit source code has been posted in the underground," Dunham wrote in an email. "The new attack tool makes it trivial for any malicious actor to gain unauthorised root access to an unpatched computer."

Experts advised people last week that a new virus was reasonably likely, given the fact that the recently discovered Windows vulnerabilities are similar to those that paved the way for the MSBlast worm.

Microsoft is using the warning as a way to remind individuals and companies to install the patch that it made available when it sent out an alert about the latest flaw last Wednesday. Dunham echoed the software maker's advice.

"Computers that have been patched for the...vulnerability thwart this attack," he said. "Unfortunately, a large number of computers remain unpatched."

Microsoft has seen the sample code identified by iDefense and is in the process of reviewing it, according to Amy Carroll, director of product management in a Microsoft security unit.

"It's another reminder of the need to patch," she said. "That message is getting out."

Carroll noted that in the first five days since Microsoft announced the latest vulnerabilities, 63 per cent more people downloaded the patch for them than did in the same period for the vulnerability that led to MSBlast.

Carroll also encouraged individual Windows customers to make sure they are using a firewall and antivirus software.

Even as Microsoft explores longer-term ways of improving security, the company is trying to make more modest, but immediate improvements to its software, Carroll said. For example, the company has added to its website a tool that, with a user's permission, checks to see if Windows is set to automatically download and install new patches and whether firewall software is turned on.

Ina Fried writes for CNET News.com