More on the Santa IM worm



There are a couple of stories out about the Santa IM worm, otherwise known as IM.GiftCom.All. First up Sans has some interesting analysis of it. It appears that it’s being hosted at 69.56.129.67, when run it resolves smtp.girlsontheblock.com to 38.118.133.241 and attempts to open tcp port 53. It renames itself as c:windowswinrpc.exe and sets up shop as “Windows RPC Services”. They’re saying instead of a worm it should be more accurately termed a bot with replicating capabilities, it is reliant on controls from an outside site. (From their analysis I presume the 69. ip address above?)


The securityfix focuses on the bug today as well. It’s also put in context with the recent uptick in Instant Messenger viruses and a bleak outlook for what lies ahead.

It’s essentially social engineering at it’s best/worst. Social engineering is the oldest and most successful tool that a cracker has and the only way to guard against it is to increase your doubt and increase your willingness to question if it LOOKS like you’ve received a neat link from a friend.

Related Posts

Blog Traffic Exchange Related Posts
  • Viruses and worms can come in from many directions For a long time, email was the primary vector for viruses, before that floppy discs carried bugs from pc to pc. Then came network worms exploiting windows security vulnerabilities which led to the rise of firewalls and the increase in viruses piggy-backing into the system through browser bugs. But, any......
  • AIM worm in the wild There was an article in the last few days about Instant messengers being a tempting new vector for viral infections... Well.... Incidents.org has information on a new AIM worm seen in the wild. It doesn't travel via a security hole, but uses the good old standby of social engineering to......
  • F-secure list of sober virus urls When the news was first out that an antivirus firm (f-secure) had cracked the psuedo-random algorithm that the sober worm uses to determine where to download "updates" from, they said that they had previously notified German authorities where the free hosting sites were located so that they could deal with......
Blog Traffic Exchange Related Websites
  • Antioch Marina, Antioch, CA Antioch Marina is located in: Antioch, CA Phone: (925) 779-6957 Boat Launch: Yes, this facility does offer a boat launch. Berth Fees: - Open berths: $5.50 per foot per month. - Covered berths: $7.00 per foot per month "Charges are for the length of the berth, or the length of......
  • Home Security - Don't Make Yourself a Target In 2004, the Justice Bureau released the statistics that nearly one in six homes were burgled, that 75% of all crime was related to property and that in 90% of the burglaries the burglar gained access into the home. Every 3 seconds a property crime occurs, and every 15 seconds......
  • Social Security Benefits I've had more frequent conversations recently regarding a number of financial topics. The pretax vs post tax IRA certainly tops the list along with the required income needed at retirement, both in absolute terms as well as replacement ratio. I thought this would be a good time to discuss how......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site