More on the Santa IM worm



There are a couple of stories out about the Santa IM worm, otherwise known as IM.GiftCom.All. First up Sans has some interesting analysis of it. It appears that it’s being hosted at 69.56.129.67, when run it resolves smtp.girlsontheblock.com to 38.118.133.241 and attempts to open tcp port 53. It renames itself as c:windowswinrpc.exe and sets up shop as “Windows RPC Services”. They’re saying instead of a worm it should be more accurately termed a bot with replicating capabilities, it is reliant on controls from an outside site. (From their analysis I presume the 69. ip address above?)


The securityfix focuses on the bug today as well. It’s also put in context with the recent uptick in Instant Messenger viruses and a bleak outlook for what lies ahead.

It’s essentially social engineering at it’s best/worst. Social engineering is the oldest and most successful tool that a cracker has and the only way to guard against it is to increase your doubt and increase your willingness to question if it LOOKS like you’ve received a neat link from a friend.

Related Posts

Blog Traffic Exchange Related Posts
  • F-secure list of sober virus urls When the news was first out that an antivirus firm (f-secure) had cracked the psuedo-random algorithm that the sober worm uses to determine where to download "updates" from, they said that they had previously notified German authorities where the free hosting sites were located so that they could deal with......
  • AIM worm Strange AIM worm going around. It apparently includes an interesting combination of rootkits, a rootkit detector, spyware/adware, and a specialized bittorrent client. The machines can then be controlled through IRC. Source seems to be the Middle East... IM hackers then control a global botnet where their infections can be tested......
  • Viruses and worms can come in from many directions For a long time, email was the primary vector for viruses, before that floppy discs carried bugs from pc to pc. Then came network worms exploiting windows security vulnerabilities which led to the rise of firewalls and the increase in viruses piggy-backing into the system through browser bugs. But, any......
Blog Traffic Exchange Related Websites
  • Payroll Tax Holiday: Why Most People Will Get A Raise In 2011 Many people will receive (or have already received) their first paycheck of 2011, and notice something different. Thanks to the Payroll Tax Holiday, there will be a reduction in the amount of payroll taxes taken out of our paychecks in 2011! What Is The Payroll Tax Holiday? As part of......
  • Antioch Marina, Antioch, CA Antioch Marina is located in: Antioch, CA Phone: (925) 779-6957 Boat Launch: Yes, this facility does offer a boat launch. Berth Fees: - Open berths: $5.50 per foot per month. - Covered berths: $7.00 per foot per month "Charges are for the length of the berth, or the length of......
  • Richard Clarke to Keynote 2nd Annual MANDIANT Incident Response Conference (MIRcon) Oct. 11   FOR IMMEDIATE RELEASE     RICHARD CLARKE, FORMER COUNTERTERRORISM CZAR AND BEST-SELLING AUTHOR, TO KEYNOTE 2nd ANNUAL MANDIANT INCIDENT RESPONSE CONFERENCE (MIRcon) OCT. 11   Clarke has served the last three presidents as Special Assistant to the President for Global Affairs, National Coordinator for Security and Counterterrorism, and Special Advisor......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site