I remember very well the competing worms that came out in early 2004, Netsky and Bagel (Beagle) and to a degree Mydoom as well. One would try to uninstall the other as they fought for control of a pc. They were done by competing gangs and were literally waging a turf war with home (and business computers.) The same seems to be happening with the latest round of plug ‘n play (worms) viruses (bots).
Category: Viruses
-
Esbot and Zotob updates….
Wednesday afternoon and Esbot is up to revision .B, Zotob is up to G according to Sarc (Symantec antivirus research). They have appropriate removal tools and details on affected systems there. Meanwhile the Sans institute (incidents.org) has a rundown of the latest in todays handlers diary.
-
Microsoft’s quick response to network worms….
This is an ironic title because frankly, Microsoft has seemed to be slow in solutions for the recent zotob worm. Of course, they announced the vulnerability and accompanying update to solve the issue to begin with, but after the virus started propagating what do we see from Microsoft? They have a page titled What you should know about Zotob
-
Esbot and Zotob removal tool
Just a quick note to mention that Symantec has posted a removal tool for Esbot(.A). They previously had manual instructions only. They also have updated their Zotob Removal Tool to cover all current variants .A .B .C@mm .D .E and .F (.E was the big newsmaker yesterday.)
-
Esbot.a
Symantec’s site is also reporting another virus (technically a worm) targetting the MS05-039 vulnerability. This one is called w32.esbot.a and is also rated at level 3 on their 5 level threat assessment scale.
-
Zotob worm bites big media outlets
According to several reports there are several big media outlets seeing what is reported as the zotob worm which exploits a Microsoft Windows vulnerability (MS05-039) disclosed last week. There seems to be no better way for something to make the news than for it to affect the companies that bring us the news…. CNN for one is reporting that the worm has affected their networks as well as ABCnews and the New York Times. The Caterpillar Company is also mentioned.
-
Junk mail can be REALLY nasty
As if you needed another reason to not like SPAM ( no, not the hormel product, we’re talking junk mail here.) A couple days ago I mentioned a post at the sans institute talking about an email that was circulating and the link within that email took you to a malicious site (redirected) and attempted to exploit one of the recently disclosed Windows vulnerabilities. The Security Fix talks about another in the recent round of expoit attempts and this one comes disguised as junkmail.
-
My * messed up my computer
Since the massive id theft ring was uncovered, I’ve been reading the Sunbeltblog frequently. Today, they have an interesting post about the various explanations for spyware on peoples computers. They tag it the “other person syndrome”. I’ve heard this before too. “Well, the neighbors kids were over and ever since then we’ve had all sorts of problems.”, “My son was up from college and since then I just haven’t been able to…”, etc. etc. etc.
-
Computer security software nets $2.6 Billion over last two years.
SecurityFix is talking about the computer security industry. Further, computer users spend $9 billion a year on computers repairs from spyware and antivirus. This reminds me of a recent story of a man that threw out a perfectly good machine because it was infested with spyware. For starters, I do computer repair. I charge $40/ hour and even at that rate I’ve had people balk at 3-4 hours of heavy cleaning versus the Dell ads. How many people take this route instead of repairs? It’s hard to say overall. In his blog, Brian Krebs lays part of the blame at Microsoft’s door and I think rightly so.
-
Zotob updates
A couple of late afternoon updates at the handlers diary at incidents.org (sans institute). For starters, it looks like there may be a variation of zotob that has a mass mailer included. I didn’t specifically see this in SARC’s writeups of zotob.a or zotob.b, so, I’m wondering if this is going to be a .c? This variant connects to the same IRC server as the others, but a different channel. (The IRC connection was to allow remote control.)