Re: Q328691 ?

["Bronek Kozicki" <brok () rubikon pl>]

Peter Kruse wrote:
> http://makeashorterlink.com/?A268137B1.

Jason Coombs wrote:
> A Google Groups search on gg.bat shows some more discussion on
> microsoft.public newsgroups

Thanks for links, now it's almost clear that the whole issue is just
another worm. Every worm has its 0-day, when first victims are being
infected - this time it hit close to Microsoft PSS clients.

It's not news to me that NAV is late with virus definitions; the same
happened with Klez. The only news I can see here is that Microsoft tried
to do the job of AV companies, and they failed miserably. Reverse
engineering and virus analysis is something that MS guys should learn
about first, if they want to respond to virus threats in more resposible
manner.

On the other hand, Kyle Lai analysis posted on
microsoft.public.scripting.virus.discussion is really great.

Of course, I can be wrong, but this analysis seems to fit almost
perfectly. BTW: MSKB article was just updated, now it starts with : "The
MIRC Trojan-Related Attack is not a security vulnerability. Instead, it
is an intrusion that takes advantage of situations where standard
precautionary measures have not been put in place". It appears that (one
of - there might be more) infection vectors is brute-force attack on
administrator account, using few very simple passwords (and few account
names).

Kind regards


B.




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com