Inside Microsoft's Zotob Situation Room

Discussion in 'malware problems & news' started by ronjor, Aug 26, 2005.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Story
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Very interesting!

    In a linked article is this comment:

    ------------------------------------------------------
    Moments after Microsoft issued its patches for the RDP flaw, the research company credited with reporting it released a proof-of-concept exploit to show how a specially crafted RDP packet could crash an unpatched system.

    "The reason I released the [proof of concept] is so that other researchers like myself can check out the bug, and maybe there is possibly a variant of this flaw that can be exploited," said Tom Ferris, a researcher at Security-Protocols.com.
    -----------------------------------------------------

    You have to wonder, if the releasing of the POC is aimed at researchers, why it couldn't be sent to a prescribed list w/o being publicly released.

    In another linked article is this statement:

    -------------------------------------
    The unusual number of news organizations hit may have been due to a Zotob variant, Zotob.C, that spread over e-mail and disguised the worm file as a picture attachment.
    --------------------------------------

    Sophos includes this about W32/Zotob-C:

    W32/Zotob-C spreads by email and has the following characteristics:
    • Subject: Important!
    The attached file may have a randomly generated name…
    • webcam_photo
    with an extension of:
    • BAT, CMD, EXE, PIF or SCR
    The article continues:

    ----------------------------------------------------
    One or more reporters used to receiving photos via e-mail may have been the source of the infection,... according to an e-mail from Alan Paller, director of research at SANS.
    ----------------------------------------------------

    What does that say about the security training given to those employees? That's elementary, Watson!

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Seems the perpetrators of these worms have been caught.

    Story
     
Loading...
Thread Status:
Not open for further replies.