Zotob updates



A couple of late afternoon updates at the handlers diary at incidents.org (sans institute). For starters, it looks like there may be a variation of zotob that has a mass mailer included. I didn’t specifically see this in SARC’s writeups of zotob.a or zotob.b, so, I’m wondering if this is going to be a .c? This variant connects to the same IRC server as the others, but a different channel. (The IRC connection was to allow remote control.)


One of the strings in their analysis was botzor2. It sounds as though there have been a horde of act-a-likes trying to get in on the act as well.

In a slightly different note, there is a warning about email messages that direct the user to a website to take advantage of the MS05-038 vulnerability. The subject line is “McDonalds bomber jailed for life”. The link within the email is to a site that IS STILL OPERATIONAL and hosted in Chine, the code on the page (javascript) attempts to load into an .hta file. The site redirectes to the malicious page and you are to advised to NOT visit, but block 210.22.50.80 if you’re a network admin.

That’s the lay of the land right now.

Related Posts

Blog Traffic Exchange Related Posts
  • Zotob Worm According to The Sans handlers diary, a worm exploiting one of the security vulnerabilities disclosed last week by Microsoft, is in the wild and spreading. The worm tagged as zotob.a exploits the ms05-039 vulnerability. (Sans reminds us that ms02-039 was the vuln. targetted by the slammer worm. Interesting coincidence.) They......
  • Zotob aftermath and analysis The dust over the zotob worm infection has settled a bit at this point. (You can bet there are still infected machines out there though so if you haven't patched yet - DO IT and check for signs of infection.) Among other things, The Security Fix is analyzing the impact.......
  • Google Big daddy update.... I'm greatly delayed in writing about this, but Google underwent a huge search engine change. I want to say the switch over occured around February 1st or second. I had been seeing 1000 or so visits a day prior to the change (well to be fair 600-1200 a day...) and......
Blog Traffic Exchange Related Websites
  • The Wonderful Element About Article Ezine Submission Ezine is regarded as one of the most frequented article directories in internet today. It gives the article submission service which entails 2 major factors. These factors are the Search engine optimization and also the article marketing. The key truth of ezine article submission is that each article is checked......
  • Raising Your Page Rank - Things You Need To Understand http://www.prointernetmarketing.org/game-changer-dna/ , http://www.prointernetmarketing.org/commission-underground/ Google traffic isn't just targeted, it is also cost free and that means that if you don't rank well with this important search engine you're definitely leaving something behind. Nobody knows the specifics of Google's ranking algorithm, all they know is that it assigns a ranking to......
  • Backlinks to your site Backlinks, as the name indicates, will be almost nothing greater than links conducive to a web page. People add backlinks to your site mainly to boost the volume of traffic coming to a webpage. Adding back links is simple. Adding quality back-links takes a extra effort. Building backlinks are probably......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site