More on the Santa IM worm



There are a couple of stories out about the Santa IM worm, otherwise known as IM.GiftCom.All. First up Sans has some interesting analysis of it. It appears that it’s being hosted at 69.56.129.67, when run it resolves smtp.girlsontheblock.com to 38.118.133.241 and attempts to open tcp port 53. It renames itself as c:windowswinrpc.exe and sets up shop as “Windows RPC Services”. They’re saying instead of a worm it should be more accurately termed a bot with replicating capabilities, it is reliant on controls from an outside site. (From their analysis I presume the 69. ip address above?)


The securityfix focuses on the bug today as well. It’s also put in context with the recent uptick in Instant Messenger viruses and a bleak outlook for what lies ahead.

It’s essentially social engineering at it’s best/worst. Social engineering is the oldest and most successful tool that a cracker has and the only way to guard against it is to increase your doubt and increase your willingness to question if it LOOKS like you’ve received a neat link from a friend.

Related Posts

Blog Traffic Exchange Related Posts
  • Out of Cycle Windows Update - Patch Today Yesterday news broke of an out of cycle security patch for Windows. The bulletin is available from Microsoft. Apparently the vulnerability was in the Windows Server service (XP, 2003, 2000, 2008, Vista ALL affected though regardless of server/workstation/client/desktop/etc...). The RPC handling (remote procedure call) is the achilles heel this time......
  • Network Security guide for the home or small business network - intermission... At this point I've exhausted all the topics on network and computer security that I was eager to cover. As things change/ ideas strike I may well add to this series. One direction I see it going is talking in detail about several network utilities and more advanced topics like......
  • F-secure list of sober virus urls When the news was first out that an antivirus firm (f-secure) had cracked the psuedo-random algorithm that the sober worm uses to determine where to download "updates" from, they said that they had previously notified German authorities where the free hosting sites were located so that they could deal with......
Blog Traffic Exchange Related Websites
  • Payroll Tax Holiday: Why Most People Will Get A Raise In 2011 Many people will receive (or have already received) their first paycheck of 2011, and notice something different. Thanks to the Payroll Tax Holiday, there will be a reduction in the amount of payroll taxes taken out of our paychecks in 2011! What Is The Payroll Tax Holiday? As part of......
  • Fast and Simple SEO to Increase from PageRank 0 I was very surprised when I learned that I had quickly increased to a PageRank of 3 within less than 30 days of having created this blog.  A few weeks later, I reflected upon some of the things that may have contributed to improving my PageRank. More recently, I came......
  • The New Social Security Benefit Calculator as a Reality Check Baby boomers and others thinking ahead about retirement have requested and have waited patiently for the yearly delivery of their hard copy Social Security earnings record and benefit estimate.  My statement arrives each September.   The benefit estimate information in this document can be useful in several different ways. First and foremost, it is......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site