More on the Santa IM worm



There are a couple of stories out about the Santa IM worm, otherwise known as IM.GiftCom.All. First up Sans has some interesting analysis of it. It appears that it’s being hosted at 69.56.129.67, when run it resolves smtp.girlsontheblock.com to 38.118.133.241 and attempts to open tcp port 53. It renames itself as c:windowswinrpc.exe and sets up shop as “Windows RPC Services”. They’re saying instead of a worm it should be more accurately termed a bot with replicating capabilities, it is reliant on controls from an outside site. (From their analysis I presume the 69. ip address above?)


The securityfix focuses on the bug today as well. It’s also put in context with the recent uptick in Instant Messenger viruses and a bleak outlook for what lies ahead.

It’s essentially social engineering at it’s best/worst. Social engineering is the oldest and most successful tool that a cracker has and the only way to guard against it is to increase your doubt and increase your willingness to question if it LOOKS like you’ve received a neat link from a friend.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Desktop Security 2010 | Desktop Security 2010 Removal Guide Desktop Security 2010 is a rogue antivirus application. It is a successor to Total PC Defender and installs on your pc without permission through the use of malware. Once on your system it will create numerous files that it then finds during scheduled scans and it claims these files are......
  • F-secure list of sober virus urls When the news was first out that an antivirus firm (f-secure) had cracked the psuedo-random algorithm that the sober worm uses to determine where to download "updates" from, they said that they had previously notified German authorities where the free hosting sites were located so that they could deal with......
  • Zotob aftermath and analysis The dust over the zotob worm infection has settled a bit at this point. (You can bet there are still infected machines out there though so if you haven't patched yet - DO IT and check for signs of infection.) Among other things, The Security Fix is analyzing the impact.......
Blog Traffic Exchange Related Websites
  • Essential Basic Search Engine Optimisation Techniques Search engine optimisation is relatively diverse because it requires numerous effective implementation of important tasks in order to achieve success. Unable to execute some basic tasks may result to undesirable effects like slow improvement of the page rank of your site, or even complete failure in getting to the......
  • Social Security Benefits I've had more frequent conversations recently regarding a number of financial topics. The pretax vs post tax IRA certainly tops the list along with the required income needed at retirement, both in absolute terms as well as replacement ratio. I thought this would be a good time to discuss how......
  • Is Social Security a Ponzi Scheme? (Part 3: How to Fix Social Security) The following is a continuation of the Is Social Security a Ponzi Scheme? (Part 1) and Is Social Security a Ponzi Scheme? (Part 2: An Explanation of Social Security Works). Those articles explained the history of Charles Ponzi and the original Ponzi scheme and explained how Social Security works. In......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site