A new worm created and dispersed in record time is exploiting a hole in Internet Explorer found late last week.
The worm, dubbed variously as Bofra-A/B/C or MyDoom.AF/AH or AG, has been turned from a public domain vulnerability into exploitable code in an incredibly short period of time, surprising even hardened virus watchers.
"This is possibly the fastest turn-around ever between a vulnerability being announced and a full-blown in-the-wild worm," saidd Graham Cluley of Sophos. "Normally it takes weeks. The virus writer likes the idea of exploiting it as quickly as possible. We believe it is the work of one person adopting different disguises."
The buffer overflow exploit worm appears in one of three variants, which tempt users to click on what appears to be a pornographic link or to a notification of a PayPal credit card debit for $175, depending on the variant. Clicking on the link directs users to previously infected computers, from which a virus attack is then launched.
The vulnerability is believed to affect only those users of Windows XP who have not loaded Microsoft’s SP2, but otherwise remains unpatched in other systems. Microsoft has yet to announce when a patch will be issued for the vulnerability.
"People will naturally be worried that someone has charged their credit card for a purchase they have never made, and will click on the link to get more information," continued Cluley. "That is precisely what the worm's author is banking on."