Zotob updates



A couple of late afternoon updates at the handlers diary at incidents.org (sans institute). For starters, it looks like there may be a variation of zotob that has a mass mailer included. I didn’t specifically see this in SARC’s writeups of zotob.a or zotob.b, so, I’m wondering if this is going to be a .c? This variant connects to the same IRC server as the others, but a different channel. (The IRC connection was to allow remote control.)


One of the strings in their analysis was botzor2. It sounds as though there have been a horde of act-a-likes trying to get in on the act as well.

In a slightly different note, there is a warning about email messages that direct the user to a website to take advantage of the MS05-038 vulnerability. The subject line is “McDonalds bomber jailed for life”. The link within the email is to a site that IS STILL OPERATIONAL and hosted in Chine, the code on the page (javascript) attempts to load into an .hta file. The site redirectes to the malicious page and you are to advised to NOT visit, but block 210.22.50.80 if you’re a network admin.

That’s the lay of the land right now.

Related Posts

Blog Traffic Exchange Related Posts
  • Zotob Worm According to The Sans handlers diary, a worm exploiting one of the security vulnerabilities disclosed last week by Microsoft, is in the wild and spreading. The worm tagged as zotob.a exploits the ms05-039 vulnerability. (Sans reminds us that ms02-039 was the vuln. targetted by the slammer worm. Interesting coincidence.) They......
  • Yahoo Site Explorer Update Yahoo has launched an update to their siteexplorer. Site Explorer is an interface for website operators/designers to log in to yahoo and authenticate their "ownership" over the site sot hat you can find more information over and control the ways the site is indexed. It's fairly analogous to the Google......
  • Microsoft Security Bulletin Email There is a trojan making the rounds that is acquired by clicking on links in an email. That's not necessarily new, however.... this email represents itself as an authentic-looking Microsoft security bulletin and the links are supposedly to updates (sorted by Windows version.) It's important to point out that Microsoft......
Blog Traffic Exchange Related Websites
  • SAINT 7.9 Product Release From Saint Newletter: Key New Features in SAINT 7.9 Vulnerability Scanner Microsoft Patch Tuesday scan policy - This scan policy checks for the latest published Microsoft Patch Tuesday vulnerabilities (2nd Tuesday of each month) New Vulnerability Check Type Coverage now includes - Blind SQL injection Flash application - Flash application......
  • What is an RSS Feed? RSS Explained An RSS feed is a way of delivering regularly changing web content, automatically to anyone who wants to read it or incorporate it into their own web pages. The term ‘RSS’ stands for ‘Really Simple Syndication’, or ‘Rich Site Summary’. How are RSS Feeds Used? If you are interested in......
  • Powerful Small Business Email Signatures Your emails are a potential source of income. Yes, even if you don't have a website or blog, and better still, using email signatures properly amounts to free advertising! If you run a small business, you probably send a fair few emails each week; messages to suppliers, customers, prospects, associates......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site