There are a couple of stories out about the Santa IM worm, otherwise known as IM.GiftCom.All. First up Sans has some interesting analysis of it. It appears that it’s being hosted at 69.56.129.67, when run it resolves smtp.girlsontheblock.com to 38.118.133.241 and attempts to open tcp port 53. It renames itself as c:\windows\winrpc.exe and sets up shop as “Windows RPC Services”. They’re saying instead of a worm it should be more accurately termed a bot with replicating capabilities, it is reliant on controls from an outside site. (From their analysis I presume the 69. ip address above?)
Tag: Instant Messenger
-
Microsoft Fined $32 Million
Microsoft has been fined $32 million by South Korea’s fair trade commision. They are calling for Microsoft to either remove the Media Player and Instant Messenger from Windows, or include competing software. Microsoft has said that such changes may require it to “delay offering new versions in South Korea”, or withdraw Windows from the South Korea market entirely.
-
Viruses and worms can come in from many directions
For a long time, email was the primary vector for viruses, before that floppy discs carried bugs from pc to pc. Then came network worms exploiting windows security vulnerabilities which led to the rise of firewalls and the increase in viruses piggy-backing into the system through browser bugs. But, any program that listens for data coming from the network could be an entry way for good traffic, or bad. The Securityfix is talking today about November being a record month for Instant Messenger worms.
-
Rumors abound on Google Instant Messenger
Slashdot is reporting, as well as other sources, that Google is preparing the launch of an Instant Messenger.