Inside Microsoft's Zotob Situation Room

Discussion in 'malware problems & news' started by ronjor, Aug 26, 2005.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,271
    Location:
    Texas
    Story
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    Very interesting!

    In a linked article is this comment:

    ------------------------------------------------------
    Moments after Microsoft issued its patches for the RDP flaw, the research company credited with reporting it released a proof-of-concept exploit to show how a specially crafted RDP packet could crash an unpatched system.

    "The reason I released the [proof of concept] is so that other researchers like myself can check out the bug, and maybe there is possibly a variant of this flaw that can be exploited," said Tom Ferris, a researcher at Security-Protocols.com.
    -----------------------------------------------------

    You have to wonder, if the releasing of the POC is aimed at researchers, why it couldn't be sent to a prescribed list w/o being publicly released.

    In another linked article is this statement:

    -------------------------------------
    The unusual number of news organizations hit may have been due to a Zotob variant, Zotob.C, that spread over e-mail and disguised the worm file as a picture attachment.
    --------------------------------------

    Sophos includes this about W32/Zotob-C:

    W32/Zotob-C spreads by email and has the following characteristics:
    • Subject: Important!
    The attached file may have a randomly generated name…
    • webcam_photo
    with an extension of:
    • BAT, CMD, EXE, PIF or SCR
    The article continues:

    ----------------------------------------------------
    One or more reporters used to receiving photos via e-mail may have been the source of the infection,... according to an e-mail from Alan Paller, director of research at SANS.
    ----------------------------------------------------

    What does that say about the security training given to those employees? That's elementary, Watson!

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,271
    Location:
    Texas
    Seems the perpetrators of these worms have been caught.

    Story
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.