Ryan Russell <ryanat_private> wrote: > http://www.centralcommand.com/aug30.html > > Anyone seen a copy of this, yet? It's another worm that purports to be a > Microsoft Advisory, this one about an invalid SSl certificate. As already discussed on focus-virus, this is a media event, not a virus event. Perhaps Central Command's sales have been down this quarter and they felt they needed a publicity boost? By the time Central Command issued its press release, and thus well before any of the major media outlets picked it up, the mail server this thing is hard-coded to relay through had been "fixed" to prevent (externally sourced) relaying so its distribution mechanism was broken and the treat averted (apart from however many copies may have already been posted and waiting in mailboxes for the unwary to run and thus unlease the EXE-crypting payload). MessageLabs' statistics suggest that a trifling handful of people may have been affected by it before the mail relay was stopped. As I write, there have been fewer than 8 detects on ML's current day counter (which could mean zero -- they list the "top ten" and tenth place was Hybris.D with 8 detects), none in their September "Threat List" and none in their August "Threat List". Despite that, private communication from ML suggests they did see a very small number over Thursday/Friday. Regards, Nick FitzGerald ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Sep 02 2001 - 02:21:49 PDT