Inside Microsoft's Zotob Situation Room

Very interesting!

In a linked article is this comment:

------------------------------------------------------
Moments after Microsoft issued its patches for the RDP flaw, the research company credited with reporting it released a proof-of-concept exploit to show how a specially crafted RDP packet could crash an unpatched system.

"The reason I released the [proof of concept] is so that other researchers like myself can check out the bug, and maybe there is possibly a variant of this flaw that can be exploited," said Tom Ferris, a researcher at Security-Protocols.com.
-----------------------------------------------------

You have to wonder, if the releasing of the POC is aimed at researchers, why it couldn't be sent to a prescribed list w/o being publicly released.

In another linked article is this statement:

-------------------------------------
The unusual number of news organizations hit may have been due to a Zotob variant, Zotob.C, that spread over e-mail and disguised the worm file as a picture attachment.
--------------------------------------

Sophos includes this about W32/Zotob-C:

W32/Zotob-C spreads by email and has the following characteristics:

• Subject: Important!

The attached file may have a randomly generated name…

• webcam_photo

with an extension of:

• BAT, CMD, EXE, PIF or SCR

The article continues:

----------------------------------------------------
One or more reporters used to receiving photos via e-mail may have been the source of the infection,... according to an e-mail from Alan Paller, director of research at SANS.
----------------------------------------------------

What does that say about the security training given to those employees? That's elementary, Watson!

-rich
________________
~~Be ALERT!!! ~~