“The meaning of life, the universe, and everything”… is of course 42, as we know from one of Douglas Adams’ excellent books. In our case, it is all about 42/TCP, a port used by WINS (the Microsoft Windows Internet Naming Service) which is the target of an increasingly popular stream of exploits over the Internet.
This vulnerability has been designated MS04-045 by Microsoft. An advisory as well as updates can be found at the following address:
Our network of honeypots has registered a record number of port 42 exploits today, hence we are urging all the customers to patch their systems and update to the latest definitions which should be able to detect the malware reponsible for the increase.
During the past days the number of exploits was also increased, but not this high; we can state that the number we registered today is greater than all the attacks we’ve received on port 42 for the past week.
The names reported by KAV for the malware which is causing this increase in port 42 traffic are Backdoor.Win32.Hzdoor.a and Exploit.Win32.MS04-011. The second detection will be improved in the next update to correctly report the MS04-045 specific code.