On 12/08/2003 03:12:53 PM Charles Hamby wrote: >Has anyone else been seeing this phenomenon or do they have any idea why >this might have or might be happening? I know for a fact the patch that was >used came straight from Microsoft so I don't suspect a faulty patch. > We have not heard of a patched system being compromised yet. Of course the MS03-026 KB patch won't stop the worm's mblast.exe file being executed on a system. If a machine is patched after it has been infected the file can still be executed from the HKLM\Software\Microsoft\Windows\CurrentVersion\Run key that is created and will continue to attack other machines. Sean Richmond -- Sean Richmond, Technical Support Manager Sophos Anti-Virus email: seanat_private http://www.sophos.com.au/ --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 16:39:58 PDT