Security Incidents mailing list archives
Re: Q328691 ?
From: "Bronek Kozicki" <brok () rubikon pl>
Date: Sat, 7 Sep 2002 10:57:13 +0200
Peter Kruse wrote:
http://makeashorterlink.com/?A268137B1.
Jason Coombs wrote:
A Google Groups search on gg.bat shows some more discussion on microsoft.public newsgroups
Thanks for links, now it's almost clear that the whole issue is just another worm. Every worm has its 0-day, when first victims are being infected - this time it hit close to Microsoft PSS clients. It's not news to me that NAV is late with virus definitions; the same happened with Klez. The only news I can see here is that Microsoft tried to do the job of AV companies, and they failed miserably. Reverse engineering and virus analysis is something that MS guys should learn about first, if they want to respond to virus threats in more resposible manner. On the other hand, Kyle Lai analysis posted on microsoft.public.scripting.virus.discussion is really great. Of course, I can be wrong, but this analysis seems to fit almost perfectly. BTW: MSKB article was just updated, now it starts with : "The MIRC Trojan-Related Attack is not a security vulnerability. Instead, it is an intrusion that takes advantage of situations where standard precautionary measures have not been put in place". It appears that (one of - there might be more) infection vectors is brute-force attack on administrator account, using few very simple passwords (and few account names). Kind regards B. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Q328691 ?, (continued)
- Re: Q328691 ? Joe Blatz (Sep 06)
- Re: Q328691 ? Jon (Sep 09)
- Re: Q328691 ? HggdH (Sep 09)
- Re: Q328691 ? Valdis . Kletnieks (Sep 06)
- RE: Q328691 ? Byrne, David (Sep 09)
- Re: Q328691 ? Security (Sep 09)
- Re: Q328691 ? sunzi (Sep 09)
- Re: SV: Q328691 ? H C (Sep 09)
- Re: Q328691 ? Bernt Lervik (Sep 09)
- RE: Q328691 ? Jason Coombs (Sep 09)
- Re: Q328691 ? Bronek Kozicki (Sep 09)
- Re: Q328691 ? H C (Sep 09)
- Re: SV: Q328691 ? jennifer smith (Sep 09)
- Re: SV: Q328691 ? H C (Sep 09)
- RE: Q328691 ? Byrne, David (Sep 10)
- Re: Q328691 ? Kyle Lai (Sep 11)
- Re: Q328691 ? Joe Blatz (Sep 06)