Windows Attack Code Out, But Not Being Used

[HardOCP News]

Dear Hackers;

It has been a week since malicious software used to attack Windows Vista has been released and we really want to know why there aren’t any widespread attacks yet. Seriously, we are wringing our hands here hoping…errr, I mean “waiting” for something to happen. We’ve told you about all the ways to use the exploit and we even predicted the flaw won’t be patched until the regular patch cycle. So, what are you waiting for? Can you guys please snap it up a bit and get on with the attacks? We really need stuff to talk about in the tech-news sector.

Sincerely,
The Tech Sector

It has been a week since hackers released software that could be used to attack a flaw in Windows Vista and Server 2008, but Microsoft and security companies say that criminals haven't done much with the attack.

 

[TechLarry]

Sure. Let's just wait until millions of machines are infected, all the bots are up and running, and millions of dollars are stolen from people.

No need to be in a hurry there, Microsoft.

 

[Jakalwarrior]

Maybe they want another big anti-vista scare before the 7 release?

 

[Vermillion]

Sure. Let's just wait until millions of machines are infected, all the bots are up and running, and millions of dollars are stolen from people.

No need to be in a hurry there, Microsoft.

Next Tuesday is Patch Tuesday. Unless it's a horrid critical flaw does MS release a patch outside of the normal time frame.

 

[siliconnerd]

Maybe this is saying that hackers don't even want Vista zombies.

 

[Flakes]

its possible that hackers are now concentrating there efforts on macs?

 

[dyzophoria]

from what I read from the article..

Perhaps the main reason is that the Metasploit code doesn't work as reliably as last year's MS08-067 attack, and often causes the computer to simply crash instead of running the hacker's software.

maybe this is really the reason why, added to the face that only a small percentage of systems have vista and w2008 server at the moment, just like the reason why macs arent seldom attacked too

 

[bh192012]

from the linked article
"SecureWorks researcher Bow Sineath said Tuesday that there are several reasons why this latest attack has not been picked up. Perhaps the main reason is that the Metasploit code doesn't work as reliably as last year's MS08-067 attack, and often causes the computer to simply crash instead of running the hacker's software.

SMB v2 is typically blocked at the firewall, and it does not ship with Windows XP, meaning that the Metasploit attack will not work on the majority of PCs. Vista, the only Windows client that is vulnerable to the attack, is used on about 19 percent of computers that surf the Web, according to Web analytics firm Net Applications."

So it's unreliable, typically blocked, vista only (19%) target. Seems to reinforce the argument that OSX and linux are more secure partially because of market share.

 

[mrjminer]

It probably doesn't effect enough computers for a good hacker to spend a lot of time with for something being patched in such a short amount of time. They'd probably spend their time finding unknown security exploits that are more effective / will be more effective: Windows 7.

 

[Azhar]

from the linked article
"SecureWorks researcher Bow Sineath said Tuesday that there are several reasons why this latest attack has not been picked up. Perhaps the main reason is that the Metasploit code doesn't work as reliably as last year's MS08-067 attack, and often causes the computer to simply crash instead of running the hacker's software.

SMB v2 is typically blocked at the firewall, and it does not ship with Windows XP, meaning that the Metasploit attack will not work on the majority of PCs. Vista, the only Windows client that is vulnerable to the attack, is used on about 19 percent of computers that surf the Web, according to Web analytics firm Net Applications."

So it's unreliable, typically blocked, vista only (19%) target. Seems to reinforce the argument that OSX and linux are more secure partially because of market share.

Not more secured, but rather just unlikely to be attacked. Rather, say the USERS would be more secured, not the operating systems.

If man can make it, man can hack it.

 

[Enduring_Warrior]

And THIS is why I like HardOcp, thank you Steve.

 

[yujie]

I hope they are working to jailbreak iphone OS 3.1

 

[Arainach]

Releasing patches on a regular schedule is better for the PC ecosystem - releasing them in an ad-hoc manner causes IT departments stress and pain, and leads to chaos. This is well documented and is WHY MS switched to the "Patch Tuesday" system. Unless there's a critical vulnerability that's being regularly exploited, it's better to conform to the normal schedule.

 

[heatlesssun]

Releasing patches on a regular schedule is better for the PC ecosystem - releasing them in an ad-hoc manner causes IT departments stress and pain, and leads to chaos. This is well documented and is WHY MS switched to the "Patch Tuesday" system. Unless there's a critical vulnerability that's being regularly exploited, it's better to conform to the normal schedule.

QFT. Microsoft did Patch Tuesday because it was what their customers wanted. It's been said a million times.

 

[Troz]

I hope they are working to jailbreak iphone OS 3.1

3G jailbreak (and original ipod touch, and iphone 2G) is available now and they say 3GS (and ipod touch 2 and 3 gen.) will be soon.