More on the Santa IM worm



There are a couple of stories out about the Santa IM worm, otherwise known as IM.GiftCom.All. First up Sans has some interesting analysis of it. It appears that it’s being hosted at 69.56.129.67, when run it resolves smtp.girlsontheblock.com to 38.118.133.241 and attempts to open tcp port 53. It renames itself as c:windowswinrpc.exe and sets up shop as “Windows RPC Services”. They’re saying instead of a worm it should be more accurately termed a bot with replicating capabilities, it is reliant on controls from an outside site. (From their analysis I presume the 69. ip address above?)


The securityfix focuses on the bug today as well. It’s also put in context with the recent uptick in Instant Messenger viruses and a bleak outlook for what lies ahead.

It’s essentially social engineering at it’s best/worst. Social engineering is the oldest and most successful tool that a cracker has and the only way to guard against it is to increase your doubt and increase your willingness to question if it LOOKS like you’ve received a neat link from a friend.

Related Posts

Blog Traffic Exchange Related Posts
  • F-secure list of sober virus urls When the news was first out that an antivirus firm (f-secure) had cracked the psuedo-random algorithm that the sober worm uses to determine where to download "updates" from, they said that they had previously notified German authorities where the free hosting sites were located so that they could deal with......
  • Network Security guide for the home or small business network - intermission... At this point I've exhausted all the topics on network and computer security that I was eager to cover. As things change/ ideas strike I may well add to this series. One direction I see it going is talking in detail about several network utilities and more advanced topics like......
  • Viruses and worms can come in from many directions For a long time, email was the primary vector for viruses, before that floppy discs carried bugs from pc to pc. Then came network worms exploiting windows security vulnerabilities which led to the rise of firewalls and the increase in viruses piggy-backing into the system through browser bugs. But, any......
Blog Traffic Exchange Related Websites
  • Payroll Tax Holiday: Why Most People Will Get A Raise In 2011 Many people will receive (or have already received) their first paycheck of 2011, and notice something different. Thanks to the Payroll Tax Holiday, there will be a reduction in the amount of payroll taxes taken out of our paychecks in 2011! What Is The Payroll Tax Holiday? As part of......
  • Would You Opt Out of The Social Security Ponzi Scheme? Maybe the title is a little unfair, but take a look at the definition of a Ponzi Scheme by the SEC and tell me Social Security as it exists today doesn’t fit? A Ponzi scheme is an investment fraud that involves the payment of purported returns to existing investors from......
  • Essential Basic Search Engine Optimisation Techniques Search engine optimisation is relatively diverse because it requires numerous effective implementation of important tasks in order to achieve success. Unable to execute some basic tasks may result to undesirable effects like slow improvement of the page rank of your site, or even complete failure in getting to the......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site