Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Archive: Viruses

Classic tech tips filed under Viruses.

  • Facebook Fan Check Virus
    Classic tip Sep 7, 2009

    There's a rumor going around and a lot of unconfirmed information that a facebook application known as fan check is actually a virus. I'm seeing several claims that if someone becomes a fan of this f…

  • Virus Warning - Email Subjects - IRS Notice - Important Information from the IRS
    Classic tip Mar 4, 2008

    I've seen a couple of these emails today and wanted to give a post just to warn people that these are bogus and you should NOT follow the link suggested in the email. I HOPE no one reading this falls…

  • Watching out for MORE fake video codecs
    Classic tip Oct 18, 2006

    sunbelt blog has yet MORE fake codec sites to watch out for. All are bad and should be AVOIDED... details after the jump.... IP: 85.255.118.195 vccodec(dot)com IP: 69.50.188.109 hqcodec(dot)com IP: 6…

  • Would you like spyware with that? Apple too....
    Classic tip Oct 17, 2006

    These stories come up from time to time. A free giveaway of some sort and it turns out that there's spyware or a virus embedded, company gives a big "whoops" and fixes things by replacing them.... Mc…

  • Hiding malware may evade antivirus
    Classic tip Aug 23, 2006

    Sans had an interesting malware analysis this morning about a blob that appeared to be ascii text (gibberish) that was retrieved by a piece of malware. It turns out that the ascii text was a cleverly…

  • Google search for malware accessible to all...
    Classic tip Jul 18, 2006

    The metasploit project is now hosting a malware search that uses Google. It essentially uses a binary google search technique that was referenced last week to find malicious files hosted on the web. …

  • Another Microsoft Office Vulnerability
    Classic tip Jun 15, 2006

    Hot on the heels of the Microsoft Word patch there's a new threat to Microsoft Office. This vulnerability is with Excel documents. According to the MS security response center blog, they've received …

  • Web 2.0 could lead to virus 2.0...
    Classic tip Jun 13, 2006

    The last couple days, there's been a virus spreading making use of yahoo mail's interface. Usually web mail is considered a fairly safe way to get email, but in this case all that was done was the us…

  • Another wolf in sheeps clothing to watch for
    Classic tip Jun 9, 2006

    Wolves in sheeps clothing are the label I give to those rogue antispyware, or antivirus programs that bring pests instead of protect against them, or are otherwise questionable in their tactics. Tita…

  • The Great Cyberwar
    Classic tip Jun 8, 2006

    It went un-noticed by most people for a few years. After all, the ones that were affected were just those that were "asking for it". Where to start. Let's see, back in the day there were some that se…

  • Bad malware storms brewing
    Classic tip Jun 8, 2006

    ADTMAG.com has an interesting article talking of the convergance of spyware and more sophisticated phishing attacks. They talk about the convergance of viruses and spam engines that happened in 2003 …

  • Big trouble - you don't have any viruses....
    Classic tip Jun 8, 2006

    You know, I've seen soooo many antivirus vendors that are somewhat ethically challanged claim that cookie files are a big threat, or in worse cases files that the "free" antivirus test downloaded are…

  • New malware sightings
    Classic tip Jun 8, 2006

    Incidents.org had an entry in the last couple days on a malware infestation that was interesting and showed a couple things. 1) You can't bet on antivirus to keep you safe (the initial installer was …

  • Circuit City Support forum serving up trojan....
    Classic tip Jun 1, 2006

    Embarrasing.... and a big pain in the neck for any of their visitors... It seems as though if you've visited Circuit City's Support Forum with an unpatched Internet Explorer, you likely have a trojan…

  • Symantec Antivirus Remotely Exploitable Vulnerability
    Classic tip May 26, 2006

    This is bad - whose defending the defender? eEye security has a bulletin announced that regards a remotely exploitable vulnerability in Symantec Antivirus 10.x and Symantec Client Security 3.x They s…

  • Zero-day ( 0-day) Microsoft Word exploit
    Classic tip May 19, 2006

    There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that's dropped in this circulating, exploit. It seems as though the initial attack was v…

  • Nugache the latest in bot-net technology... and why you should care about botnets...
    Classic tip May 17, 2006

    To show you where the threat with bot networks is going there's a story today on Nugache (Symantec summary) which is a bot that takes advantage of a number of clever tricks to avoid having the whole …

  • Multi-OS virus?
    Classic tip Apr 8, 2006

    The multi-OS virus may be a proof of concept, but it could be a sign of bad things to come. Let's face it, there have been viruses that have taken advantage of multiple ways of spreading (email/open …

  • The Blackworm, Nyxem, KamaSutra Worm...
    Classic tip Jan 25, 2006

    Lot's of news following up on the Nyxem worm in the last few days. It's currently going under a number of names, the Kama Sutra Worm, Blackworm are some of the more common names. Sans has a page for …

  • A Deeper look at Nyxem
    Classic tip Jan 23, 2006

    First I should raise an alarm of warning on this one, this virus is supposed to overwrite all accessible document files (network shares too) on the 3rd of the month, so February 3rd we may be seeing …

  • Nyxem.E virus delete files payload
    Classic tip Jan 20, 2006

    F-secure has some details on a dangerous payload for the Nyxem.E virus. (The Nyxem.E virus is very similar to the Email-Worm.Win32.VB.bi that was talked about earlier in the week.) In fact, this viru…

  • New mass mailing virus
    Classic tip Jan 18, 2006

    F-secure has information on a fairly aggressive new email virus. Their name for it is VB.bi although it's aliases are.... W32.Blackmal.E@mm, WORM_GREW.A, W32/Nyxem-D, Email-Worm.Win32.VB.bi depending…

  • Clamav 0.88 for Mandrake 10.0
    Classic tip Jan 13, 2006

    I've got a couple of older Mandrake 10.0 servers that I'm still maintaining. They're systems that it hasn't been practical (yet) to do an upgrade to a more recent release of the base operating system…

  • Sober virus watch...
    Classic tip Jan 5, 2006

    Well, antivirus vendors and IT security folks are waiting now for the expected activation of the sober.y worm searching for a new downloads and a new revision of the pest. kaspersky's log indicates t…

  • Another Sober.y reminder
    Classic tip Jan 4, 2006

    f-secure.com has another warning for us about the pending awakening of the sober worm. From reports it's expected to start looking for sites to download from January 5th into January 6th. There is an…

  • Antivirus vs. WMF exploit
    Classic tip Jan 4, 2006

    There are a number of references out today to a December 31st article (on a study by av-test) about how well antivirus products were keeping up with the shifting signatures of the WMF exploits. There…

  • Another trojan using WMF exploit in SPAM
    Classic tip Jan 4, 2006

    F-Secure is reporting on another SPAM attack that tries to get people to click on a link to a site with an exploit-crafted WMF file. The message is along the lines of a claimed Professor at Yale anno…

  • Microsoft advisory on Sober "Awakening"
    Classic tip Jan 3, 2006

    Microsoft has posted a security advisory (912920) on the previously reported "awakening" of the Sober worm, expected January 6th. Systems that are infected with Win32/Sober.Z@mm may download and run …

  • More testing on the second WMF exploit
    Classic tip Jan 2, 2006

    After my Windows 98 tests which failed to exploit the system with either the first or the second vulnerability, I started wondering how well the antivirus companies were doing in detecting this secon…

  • Version 2 of the WMF exploit vs Windows 98 SE
    Classic tip Jan 1, 2006

    Ok, I wasn't quite satisfied with the results of the tests against the first version of the WMF (Windows Metafile) zero day exploit that's now up to 4 or 5 days or so... Windows 98 is listed as being…

  • More WMF exploit testing on Windows 98
    Classic tip Jan 1, 2006

    I've spent some more effort on trying to infect Windows 98 SE in a virtual machine with some of the exploit samples I can find. The first attempt was at a website with the .wmf download. No luck infe…

  • WMF exploit situation summary...
    Classic tip Jan 1, 2006

    Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exp…

  • WMF Exploit -- it's worse...
    Classic tip Jan 1, 2006

    This is going to be a rough start to the new year for IT staff and computer users.... There's coverage at Incidents.org, the sunbeltblog and f-secure of the latest twist in what will likely be a BIG …

  • NEW exploit for the WMF vulnerability
    Classic tip Dec 31, 2005

    Just when you thought we had a good understanding of the recent zero-day WMF (Windows metafile exploit) it's worse. Sans is reporting on a new variation on the exploit released today. They have gone …

  • New IM worm using WMF vulnerability
    Classic tip Dec 31, 2005

    There is news this morning of a new twist in the WMF vulnerability (it was only a matter of time.) There are reports of an instant messenger worm using the vulnerability to spread. Currently incident…

  • WMF exploit and DEP
    Classic tip Dec 30, 2005

    There's a bit of controversy over the suggestion that Hardware DEP seemed to protect against the WMF zero day exploit. Sunbeltblog has responded to the controversy. George Ou in the first link above …

  • Lotus Notes WMF vulnerability
    Classic tip Dec 30, 2005

    This is really the same zero-day wmf vulnerability, but there is a twist. It's been found that Lotus Notes v. 6.x and up are vulnerable to the Windows Meta File (WMF) exploit that's making the rounds…

  • Another workaround for the 0-day WMF Exploit
    Classic tip Dec 29, 2005

    I notice that the Sunbelt Blog has some instructions up for blocking the zero-day Windows Meta File (WMF) exploit with their newly acquired kerio firewall. (Free or full version.) Either version can …

  • Spyware, viral cleanup disabling system restore
    Classic tip Dec 29, 2005

    Sorry, but to get into the guts of what I found in the wake of the WMF exploit, I did leave out another important step in the cleanup process. IF you are trying to clean up an infested machine one of…

  • Update on the WMF exploit - more sites to block
    Classic tip Dec 29, 2005

    I haven't checked to see if these are already on other block lists for the WMF exploit, but the following addresses are advised to be blocked (from f-secure).... toolbarbizbiz toolbarsitebiz toolbart…

  • http://60.topnssearch.com popups in infestation
    Classic tip Dec 29, 2005

    One other note from the previous series on WMF exploit infestation cleanup. Among the multiple popups that came when launching internet explorer, most were directed at the site http://60.topnssearch.…

  • Cleaning up after WMF Exploit - summary
    Classic tip Dec 29, 2005

    Can I say enough times that after a bad trojan infestation you should format and reinstall? I've cleaned up the infested image that I "sacrificed" to the WMF exploit and as I've said you're pestware …

  • Cleaning up after WMF exploit - BHO removal
    Classic tip Dec 29, 2005

    Browser helper objects (BHO's) are listed in the registry and load with explorer when it runs (Internet Explorer/ File explorer are so closely tied it affects both.) I've used BHOdemon in the past to…

  • Cleaning up after WMF exploit - is it clean?
    Classic tip Dec 29, 2005

    So, I've got most of the baddies cleaned out and I'm not getting popups anymore. No nags on boot, the boot process is quicker, but is it really clean? I found a few files (winlogon.exe, alg.exe in pa…

  • C:\windows\system32\kernels64.exe not found
    Classic tip Dec 29, 2005

    On the next boot I was greeted with the above message C:\windows\system32\kernels64.exe not found please make sure the path......correct.... blah blah blah. Back to msconfig. Everything there now loo…

  • Cleaning up after WMF exploit third party boot disc
    Classic tip Dec 29, 2005

    At this point, I needed to rename or delete some files that windows would not let me touch. I had this winlogon.exe running from a suspect directory c:\windows\inet20001 and windows wouldn't let me k…

  • Removing items from MSCONFIG after WMF exploit
    Classic tip Dec 29, 2005

    OK, so, I'm busy killing off running processes and fire up MSConfig to try to keep them from coming back on the next boot. To launch msconfig go to start, run... type in msconfig and click ok. The st…

  • Task Manager Suspicious Processes after WMF exploit
    Classic tip Dec 29, 2005

    After getting into Task Manager I saw a number of suspicious processes. There were a lot of things running as my user that I didn't recognize. kernels64.exe, vxgame6.exe, vxgame4.exe, mm4.exe, vxh8jk…

  • Task manager has been disabled by your administrator
    Classic tip Dec 29, 2005

    The first problem I ran into in cleaning up after my infested Windows XP image was this error message. One of the first things I do in cleaning an infested system is try to kill off running process t…

  • Cleaning up after the WMF exploit
    Classic tip Dec 29, 2005

    OK, I mentioned that I infested a virtual machine with the current WMF 0-day exploit. First I should probably clarify. An exploit is a means of getting in to a system. The payload is the software tha…

  • WMF 0-day update
    Classic tip Dec 29, 2005

    Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there's a "possible vulnerability"... fortunately, their technical document is a bit more straightf…

  • WMF zero-day exploit first hand experience
    Classic tip Dec 29, 2005

    Well, I've just spent the better part of 6 hours (maybe a bit more) "sacrificing" a virtual machine to the zero-day Windows Meta File (WMF) exploit and all the malware that comes in. I picked one sit…

  • Another workaround for WMF exploit
    Classic tip Dec 28, 2005

    There are at least two other workarounds for the Windows Meta File (WMF) exploit that I've been looking into this afternoon. These from sunbelt blog. First up... 2. Change file associations for WMF f…

  • Workaround for the critical WMF zero-day exploit
    Classic tip Dec 28, 2005

    The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious ema…

  • Windows Metafile zeroday exploit
    Classic tip Dec 28, 2005

    There's more on the WMF 0-day exploit... According to f-secure it's being used to distribute the following nasties.... Trojan-Downloader.Win32.Agent.abs Trojan-Dropper.Win32.Small.zp Trojan.Win32.Sma…

  • More on the Windows WMF zero-day exploit
    Classic tip Dec 28, 2005

    There seems to be quite a bit developing on the Windows Meta File (WMF) zero-day (0-day) exploit which was first reported yesterday. Sans has raised their alert level to yellow in an effort to get at…

  • Fake MS Messenger 8 beta and other IM warnings...
    Classic tip Dec 28, 2005

    F-Secure is warning about ads for a "leaked version" of Windows Messenger 8 beta. There is no public beta of this and it is a virus.... If you download and run BETA8WEBINSTALL.EXE from that site, you…

  • A Tip for cleaning up an infected PC
    Classic tip Dec 25, 2005

    There's a joke that many people bring out when new Windows viruses hit big.... it goes along the lines of, "download a fix here" and the link points to a knoppix linux livecd download, or a Mandriva …

  • Disinfecting a PC… part 11
    Classic tip Dec 24, 2005

    All in all, what I've documented was a bit over three hours worth of attention to the machine (much more for the full scans, but I didn't have to stand and watch them.) I didn't document a sidetrip t…

  • Disinfecting a PC… part 10
    Classic tip Dec 23, 2005

    Before I get things wrapped up, I like to scan rinse and repeat until the scans come up clean. So, this scan of AVG gives a chance to delete the archive entry I mentioned the first pass it took. And …

  • Disinfecting a PC… part 9
    Classic tip Dec 22, 2005

    Ok - about 22 or 23 critical updates for Windows ME. I'm suspecting it's never visited the Windows update site. While it's going I make sure that the adware scanners and antivirus scanner get to pull…

  • Antivirus update response times
    Classic tip Dec 21, 2005

    We know that for Windows systems especially antivirus is a must. Up to date antivirus is the MOST important though. So how do the different vendors do in responsiveness and quick antivirus definition…

  • Spyaxe Spytrooper spysherriff et al removal
    Classic tip Dec 21, 2005

    There are so many "wolves in sheeps clothing" or maybe I should say wolves in sheepdogs clothing... Anyway, so many nasty malware's that pose as protective utilities. Spyaxe, spytrooper, spy sherriff…

  • The Santa Worm
    Classic tip Dec 21, 2005

    More coverage is being given to the instant messaging worm that poses as a come on for a Santa Claus related site today. The only thing I think that I left out in last nights post was the name of the…

  • Disinfecting a PC… part 8
    Classic tip Dec 21, 2005

    All right, now it's time to give ad-aware a spin. I like being able to use several spyware scanners to get full coverage and cleaning. Ad-aware and spybot s&d are usually my first two choices. Realiz…

  • IM worm acts as a come on to a Santa Claus site
    Classic tip Dec 20, 2005

    According to Information Week, there's a new IM worm out hitting the MSN, ICQ, Yahoo and AIM networks. It poses as a come on for a Santa Claus site. On visiting the site, users receive an unexpected …

  • The CIA/FBI virus revisited
    Classic tip Dec 20, 2005

    I'm sure you remember the CIA/FBI virus a few weeks back. There was a German version of this and apparently one individual took the warning email to heart and turned himself in for child pornography.…

  • Disinfecting a PC… part 7
    Classic tip Dec 20, 2005

    Ok, another reboot after the BHO cleaning. Things are a good deal more responsive now, less disc swapping going on. (I suspect that those three missing BHO entries may have been causing the slow down…

  • Another example of how we're vulnerable for identity theft
    Classic tip Dec 19, 2005

    The SecurityFix is reporting on a security breech at reevesnamepins.com a company that supplies (among others) law enforcement personnel. Apparently, CardCops (which monitors for possible stolen data…

  • More wolves in sheeps clothing - rogue or suspect antispyware
    Classic tip Dec 19, 2005

    (or for that matter, rogue or suspect antivirus.) What's fascinating about this category is most of these products either use security vulnerabilities to get into a system, or merely convince a perso…

  • Disinfecting a PC… part 6
    Classic tip Dec 19, 2005

    Ok, it's BHOdemon time... installed from cd and on starting: BHOdemon bhotb-all.html not found, no web connection downloading on other machine. Finally get it to work copying from another machine. Bu…

  • Disinfecting a PC… part 5
    Classic tip Dec 18, 2005

    OK, we're moving on to BHOdemon to take care of the browser helper objects. Unfortunately it looks like BHODemon is not being currently maintained, the developer has had a housefire. I am very sorry,…

  • Disinfecting a PC… part 4
    Classic tip Dec 17, 2005

    So, AVG has been scanning away finding things we've really got a foothold on the system and the malware has a fight on it's hands. It's good to see progress. Up to this point we've had multiple Spool…

  • Disinfecting a PC… part 3
    Classic tip Dec 16, 2005

    Picking up from last time... AVG was failing to install with a peculiar registry error. (Which I didn't see much reference to online.) OK, so here is another fruit of the online search (so many bugs …

  • Another beagle virus variant
    Classic tip Dec 15, 2005

    Incidents.org is reporting this as well... A new Beagle variant is making the rounds. It comes in an almost empty email, as a ZIP attachment containing the worm as an EXE. The attachment name, email …

  • How festive - the dasher worm...
    Classic tip Dec 15, 2005

    The securityfix is reporting on a new worm that exploits an older Windows vulnerability. The worm is called dasher and is in at least it's second iteration. Sans noticed an odd increase in port 1025 …

  • Disinfecting a PC... part 2
    Classic tip Dec 15, 2005

    Ok, the last post got a bit long with the hijackthis log, but I wanted to include the whole picture. I put a few comments in, but thought it might be useful to include the notes I took at the time. F…

  • A couple warnings related to fake security sites
    Classic tip Dec 14, 2005

    Sunbelt has this warning about yet another fake security site. This one is laid out a bit different than the others we've seen in recent days. It's not quite the same spoof of the Windows Security Ce…

  • Disinfecting a PC... part 1
    Classic tip Dec 14, 2005

    This is the first in a several part series documenting the cleaning of an infected PC. The only real noteworthy item is that it was a dial-up only connection and was rather infested for that. (On par…

  • Clamantivirus may get support from eEye?
    Classic tip Dec 13, 2005

    This would be a good thing for clamantivirus. eEye is considering "adopting" clamav for inclusion in their Blink product. The idea is that they would improve clamantivirus and then start integrating …

  • Microsoft Security Bulletin Email
    Classic tip Dec 12, 2005

    There is a trojan making the rounds that is acquired by clicking on links in an email. That's not necessarily new, however.... this email represents itself as an authentic-looking Microsoft security …

  • Another interesting spyaxe note
    Classic tip Dec 10, 2005

    Incidents.org has a note on a recently noted trojan.spaxe.exe, that when on a system will mimic the windows notification dialogue "bubble" near the system tray with the following text. "Your computer…

  • F-secure list of sober virus urls
    Classic tip Dec 10, 2005

    When the news was first out that an antivirus firm (f-secure) had cracked the psuedo-random algorithm that the sober worm uses to determine where to download "updates" from, they said that they had p…

  • More details on Sober worm
    Classic tip Dec 9, 2005

    There's a bit more detail in this betanews article on the sober worm. They basically say that the next expected "release" is January 8th, that f-secure has cracked the "code" of the worm. You see it …

  • Interesting vector for browser vulnerability exploit...ebay
    Classic tip Dec 7, 2005

    incidents.org has received a tip on an ebay item that contained some malicious script... ISC reader Gareth Attrill pointed us to an eBay auction that has some escaped HTML code that sneaks in a link …

  • New variation of Sober virus coming in January
    Classic tip Dec 7, 2005

    Now, we seem to be getting "coming attractions" previews in virus-land.... Anyway, I've read at several sources that we are to expect a new variation on the sober worm around January 5th, 2006. It's …

  • 16,000 new viruses this year
    Classic tip Dec 6, 2005

    This is for all those people that say to me. "There haven't been any new viruses lately have there?" It's really amazing to me that people think if it's not on the national news it doesn't happen....…

  • AIM worm in the wild
    Classic tip Dec 5, 2005

    There was an article in the last few days about Instant messengers being a tempting new vector for viral infections... Well.... Incidents.org has information on a new AIM worm seen in the wild. It do…

  • MS IE Javascript exploit for zero-day (0-day) vulnerability
    Classic tip Nov 30, 2005

    An exploit for last weeks zero-day (0-day) javascript vulnerability in Microsoft's Internet Explorer is in the wild. I saw this post from Sunbelt a couple nights ago go up and disappear, at the time …

  • Viruses and worms can come in from many directions
    Classic tip Nov 29, 2005

    For a long time, email was the primary vector for viruses, before that floppy discs carried bugs from pc to pc. Then came network worms exploiting windows security vulnerabilities which led to the ri…

  • The virus arms race? is locking down systems the key?
    Classic tip Nov 28, 2005

    The securityfix has a post on the "dirty little secret" about antivirus. Eugene Kaspersky of Kaspersky antivirus has posted an introspective article on the antivirus industry and it's current problem…

  • Ooops... hard drive maker ships trojan on storage media
    Classic tip Nov 25, 2005

    Oooops... According to the Sunbelt blog a Japanese storage maker (I-O Data Device) has offered to exchange drives that were discovered to have been shipped out with the Tompai-A, a worm which would g…

  • FBI / CIA virus
    Classic tip Nov 25, 2005

    Well... the media has taken the drab name of w32sober.X@mm or w32sober.x or w32sober.y, W32/Sober.AD-mm or any of those other drab names that we've been looking at the last week and dubbed the latest…

  • New Beagle/Bagle variant?
    Classic tip Nov 23, 2005

    So, I submitted the suspicious attachment I received to virustotal (scan@virustotal.com with SCAN in the subject and suspicious file as attachment.) What follows below is the report I received. It lo…

  • New Sober variants..
    Classic tip Nov 22, 2005

    Ok - there are some new variants on the Sober worm circulating. I received one on an address that's unfiltered (no virus/spam filtering) and must say, I can see people being duped into looking at the…

  • Keyloggers a growing problem
    Classic tip Nov 18, 2005

    It's interesting some years ago when viruses on Windows machines were SOOOO plentiful it seemed like that's all I spent my time cleaning up, I thought... "you know, most viruses are prankster-ish pro…

  • New Sober virus variant coming
    Classic tip Nov 15, 2005

    This is unusual, but there is advance notice from the Bavarian Police warning about a new variant on the Sober worm which will be released tomorrow. More information can be found at f-secure, as well…

  • Sony BMG is still having a bad week....
    Classic tip Nov 10, 2005

    Unfortunately a LOT of people that have bought Sony-BMG cds (or borrowed, whatever...) are going to have some headaches too. By stock in Tylenol or Aleve or something.... anyway... here's todays roun…

  • MS05-053 Microsoft Windows Image Viewing Vulnerability
    Classic tip Nov 10, 2005

    Two notes on the Windows vulnerability patched day before yesterday. There is a trojan in the wild exploiting it and Symantec's AV definition to detect such an exploit is a bit too paranoid and flags…

  • XML RPC worm new variant
    Classic tip Nov 8, 2005

    There seems to be a new variation on the xml rpc worm spreading about, so patch patch patch. If you have php and vulnerable software on a web facing server, patch.