Zotob updates



A couple of late afternoon updates at the handlers diary at incidents.org (sans institute). For starters, it looks like there may be a variation of zotob that has a mass mailer included. I didn’t specifically see this in SARC’s writeups of zotob.a or zotob.b, so, I’m wondering if this is going to be a .c? This variant connects to the same IRC server as the others, but a different channel. (The IRC connection was to allow remote control.)


One of the strings in their analysis was botzor2. It sounds as though there have been a horde of act-a-likes trying to get in on the act as well.

In a slightly different note, there is a warning about email messages that direct the user to a website to take advantage of the MS05-038 vulnerability. The subject line is “McDonalds bomber jailed for life”. The link within the email is to a site that IS STILL OPERATIONAL and hosted in Chine, the code on the page (javascript) attempts to load into an .hta file. The site redirectes to the malicious page and you are to advised to NOT visit, but block 210.22.50.80 if you’re a network admin.

That’s the lay of the land right now.

Related Posts

Blog Traffic Exchange Related Posts
  • Clampi Virus | Clampi Trojan The clampi virus is in the news in a couple places today. Surprisingly it's in Symantec's virus database since January and rated as a low risk. However, the sole purpose of this trojan is to monitor your Windows based computer for connections to more than 4500 different financial related sites......
  • Microsoft Security Bulletin Email There is a trojan making the rounds that is acquired by clicking on links in an email. That's not necessarily new, however.... this email represents itself as an authentic-looking Microsoft security bulletin and the links are supposedly to updates (sorted by Windows version.) It's important to point out that Microsoft......
  • Zotob aftermath and analysis The dust over the zotob worm infection has settled a bit at this point. (You can bet there are still infected machines out there though so if you haven't patched yet - DO IT and check for signs of infection.) Among other things, The Security Fix is analyzing the impact.......
Blog Traffic Exchange Related Websites
  • Directory Submission Services One has to check out which is the best way to submit your service manual directory yourself to various directories or to order a submission service by a professional link building team. A submission service is obviously the more effective option as this technique needs a lot less time......
  • Building A Better Page Rank Websites cannot be successful without a wide range of quality traffic flowing in regularly. Yes, there are many different things you can do to attract visitors to your site but organic search engine traffic - especially from Google - tops any traffic your efforts could bring your way in both......
  • On Page Optimization Techniques As every Internet user knows, search engine optimization, or SEO, is incredibly important. You can’t get visitors without a high ranking with the search engines, and this is where search engine optimization –SEO- comes in. You have a web site because you want to have visitors, and without visitors there’s......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site