I sent this to some of you directly, but I wanted to post it here as well.
The jist is that a new RPC exploit has let a lot of botters hit machines and install their own spam bots. We saw a 12% rise in spam the day after this exploit was announced. So please check your DNS servers in Windows Server 2003 and make sure you are patched.
This is from a ZDNet article:
An zero-day vulnerability in the DNS server service in Windows is under attack, Microsoft warned in a security advisory.
The "limited attacks" are exploiting a stack overflow error in the Windows Domain Name System (DNS) Server's RPC interface implementation when processing malformed requests sent to a port between 1024 and 5000.
The flaw allows remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges by sending a specially crafted request to a vulnerable system.
Affected Windows versions include:
- Windows 2000 Server Service Pack 4
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2.
Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as these versions do not contain the vulnerable code.
There is a followup ZDNet Article today talking about the impact of the BotNets using this exploit.
An attacker can gain control over the compromised computer and use it to send spam, install adware, distribute illegal content or launch a DDos attack on internet systems.
Since the exploit was announced we have seen a steady rise in the stock pump and dump scams, and a large number of bank phishing attempts.