Symantec May Have Found Windows SSL Worm Already

Symantec late Tuesday afternoon captured a sample of malicious code that spreads by exploiting one of the many vulnerabilities in Windows disclosed this month by Microsoft.

The vulnerability stems from a flaw in Windows Protected Communications Technology (PCT) v. 1.0, a packet protocol within Microsoft’s SSL library. SSL is an encryption technology typically used to secure communications with Web sites — such as those for processing credit card orders — and for locking down e-mail. The vulnerability was made public on April 13 as part of the month’s security bulletins from Microsoft.

On Monday, several security analysts noted that although exploit code was in the wild, a worm hadn’t yet appeared.

Symantec’s DeepSight Threat network — a global group of sensors that tracks up-and-coming exploits — snagged a copy of the code Tuesday afternoon, said Alfred Huger, the senior director of engineering with Symantec’s security response team.

Leave a Reply