Microsoft has just warned its users of a malicious Internet worm after detecting a wave of attacks that exploit a recently discovered Windows security vulnerability. The worm has the potential to infect other computers across a network, and it does that by exploiting a critical vulnerability in the Windows Server service. Even if Microsoft released an emergency patch last month that repairs the error, if successfully exploited, the vulnerability could enable remote attackers to execute arbitrary code via a malicious file that would allow them to completely take control of a PC.

The first attacks were detected last week by the researchers from Microsoft and, since then, the number of attacks grew significantly. The researchers found this after noticing a surge in the support calls. Basically, the worm deletes any use-created System Restore points, attempting to contact numerous sites, including those of Google, Yahoo, MSN and ask.com, to obtain the current date, according to researchers at the SANS institute. Afterwards, the worm uses the information it obtained to generate a list of domain names, which it then contacts in the attempt of downloading additional malicious files onto a user’s affected computer.

Unbelievable as it is, the malware actually repairs an API vulnerability on users’ unpatched computers. In a blog posting, Microsoft researchers said: "It is not that the malware authors care so much about the computer as they want to make sure that other malware will not take it over too.” Even if most of the exploits reports have come from the U.S., other exploits have been found in countries like Germany, Spain, Italy or France. As an advice, experts recommend customers to install the necessary update on their machines, an update that can be found on Microsoft’s Web site. Furthermore, several bots, under the generic name Backdoor: Win32/IRCbot.BH, are also exploiting the security hole by dropping a backdoor Trojan that connects to an IRC server to receive commands.