More on the Santa IM worm



There are a couple of stories out about the Santa IM worm, otherwise known as IM.GiftCom.All. First up Sans has some interesting analysis of it. It appears that it’s being hosted at 69.56.129.67, when run it resolves smtp.girlsontheblock.com to 38.118.133.241 and attempts to open tcp port 53. It renames itself as c:windowswinrpc.exe and sets up shop as “Windows RPC Services”. They’re saying instead of a worm it should be more accurately termed a bot with replicating capabilities, it is reliant on controls from an outside site. (From their analysis I presume the 69. ip address above?)


The securityfix focuses on the bug today as well. It’s also put in context with the recent uptick in Instant Messenger viruses and a bleak outlook for what lies ahead.

It’s essentially social engineering at it’s best/worst. Social engineering is the oldest and most successful tool that a cracker has and the only way to guard against it is to increase your doubt and increase your willingness to question if it LOOKS like you’ve received a neat link from a friend.

Related Posts

Blog Traffic Exchange Related Posts
  • AIM worm in the wild There was an article in the last few days about Instant messengers being a tempting new vector for viral infections... Well.... Incidents.org has information on a new AIM worm seen in the wild. It doesn't travel via a security hole, but uses the good old standby of social engineering to......
  • How to Remove Win Security 360 | Win Security 360 Removal Guide Win Security 360 is a rogue antivirus application that is promoted through the use of trojans and other malware as well as sites that claim to do malware scans of your computer. Among the things that it will do is schedule itself to run when the system boots and it......
  • F-secure list of sober virus urls When the news was first out that an antivirus firm (f-secure) had cracked the psuedo-random algorithm that the sober worm uses to determine where to download "updates" from, they said that they had previously notified German authorities where the free hosting sites were located so that they could deal with......
Blog Traffic Exchange Related Websites
  • Home Security - Don't Make Yourself a Target In 2004, the Justice Bureau released the statistics that nearly one in six homes were burgled, that 75% of all crime was related to property and that in 90% of the burglaries the burglar gained access into the home. Every 3 seconds a property crime occurs, and every 15 seconds......
  • Payroll Tax Holiday: Why Most People Will Get A Raise In 2011 Many people will receive (or have already received) their first paycheck of 2011, and notice something different. Thanks to the Payroll Tax Holiday, there will be a reduction in the amount of payroll taxes taken out of our paychecks in 2011! What Is The Payroll Tax Holiday? As part of......
  • Antioch Marina, Antioch, CA Antioch Marina is located in: Antioch, CA Phone: (925) 779-6957 Boat Launch: Yes, this facility does offer a boat launch. Berth Fees: - Open berths: $5.50 per foot per month. - Covered berths: $7.00 per foot per month "Charges are for the length of the berth, or the length of......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site