Peter Kruse wrote: > http://makeashorterlink.com/?A268137B1. Jason Coombs wrote: > A Google Groups search on gg.bat shows some more discussion on > microsoft.public newsgroups Thanks for links, now it's almost clear that the whole issue is just another worm. Every worm has its 0-day, when first victims are being infected - this time it hit close to Microsoft PSS clients. It's not news to me that NAV is late with virus definitions; the same happened with Klez. The only news I can see here is that Microsoft tried to do the job of AV companies, and they failed miserably. Reverse engineering and virus analysis is something that MS guys should learn about first, if they want to respond to virus threats in more resposible manner. On the other hand, Kyle Lai analysis posted on microsoft.public.scripting.virus.discussion is really great. Of course, I can be wrong, but this analysis seems to fit almost perfectly. BTW: MSKB article was just updated, now it starts with : "The MIRC Trojan-Related Attack is not a security vulnerability. Instead, it is an intrusion that takes advantage of situations where standard precautionary measures have not been put in place". It appears that (one of - there might be more) infection vectors is brute-force attack on administrator account, using few very simple passwords (and few account names). Kind regards B. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 09 2002 - 12:18:21 PDT