Blaster.b Author Arrested
Eighteen year old Jeffrey Lee Parson has admitted to creating a variant of the original Blaster worm. Dubbed Blaster.B, Parson's worm was a virtual no-show in comparison to the orginal Blaster worm which was thought to have infected 500,000+ systems. If convicted, Parson could face up to 10 years in prison and a $250,000 fine. Placed under house arrest, Parson faces a hearing on September 17th in Seattle, Washington, the home state of Microsoft.
Protect against the Blaster worm
View the arrest warrant
09:22 AM #
An email pretending to be from support@ebay.com is designed to dupe members into revealing personal financial details, such as mother's maiden name, credit card account information, bank account number, pin code and a variety of other sensitive information...Read more
09:06 AM #
Arriving in an email with an attachment named "patch.exe" the Dumaru worm pretends to be From: Microsoft. In reality, it is a mass-mailing email worm with viral capabilities that installs a backdoor component onto infected systems.
10:59 AM #
The SoBig.F worm swamped mail servers worldwide, causing a Denial of Service (DoS) attack for many email recipients. Find out how this worm got started and what the status of SoBig.F is today.
SoBig.F Description
SoBig.E Description
SoBig.C Description
SoBig.A Description
Stop SoBig at the server - for free...
Use McAfee AVERT Stinger for quick detection and removal.
Find the real SoBig.F sender
SoBig.F spoofs the From address, making thousands of innocent users look like villains. If you're getting flooded with SoBig.F emails, or getting angry email from folks accusing you of sending it, follow these steps to track the real culprit.
10:58 AM #
F-Secure Reports: Four new major virus cases within 24 hours. Beginning with the Lovsan (Blaster) worm that began infecting on August 11th, and ending with Welchi (Nachi), SoBig.F, Lovsan.D and Dumaru on August 18th and 19th, the past week has not been kind where viruses are concerned.
06:23 AM #
It seems Microsoft's attempt to sidestep MSBlaster's intended DoS may leave users at greater risk of future infection.
03:44 PM #
Welchi Worm Attacks Blaster
The Welchi worm targets the original Blaster worm, removing it, and then patching the system's RPC/DCOM flaw to prevent further attack. However, this unsolicited patching spontaneously reboots the system, causing a Denial of Service (DoS). Further, the worm is not without flaws and may leave the system vulnerable to further compromise, thus its "noble" act of patching is far from desirable. Though functionally similar to Blaster, security vendors disagree on whether this is a variant of the original MSBlast/Lovsan worm or an entirely new worm warranting a new name. As such, Welchi is also called Nachi-A and MSBlast.D.
Full Story | Blaster resources | How to disable DCOM
01:17 PM #
According to antivirus vendor F-Secure, the Lovsan (MSBlast) worm both succeeded and failed in its effort to attack Microsoft. At issue is the popular windowsupdate.com domain visited by millions to patch their chosen flavor of Windows. Microsoft declared victory by pulling the plug on the domain. According to Mikko Hypponen, Director of Anti-Virus Research at F-Secure Corporation. "Windowsupdate.com will probably never return. So in this sense, the worm accomplished what it wanted: windowsupdate.com is no more."
12:48 PM #
Viral spam
It seems virus writers and black hat hackers have found paying careers in the spam business. MSNBC's Bob Sullivan reports on this alarming trend and the consequences it has for us all.
The secret tricks that spammers use
SoBig.E: Spam Virus
SoBig.E Virus Description
11:39 PM #
Blaster Worm Resources
Aliases: Lovsan, MSBlast, Poza, and Blaster.
Exploit: A critical flaw in Microsoft software affecting Microsoft IIS, Windows 2000, Windows NT, and Windows XP.
Details of Vulnerability/Patch Details
Use McAfee AVERT Stinger for quick detection and removal.
Blaster foiled: Microsoft Sidesteps DoS
Blaster.A Description - The original Blaster worm. File dropped: MSBLAST.EXE
Blaster.B Description - This is not the variant for which Parson's was arrested. File dropped: PENIS32.EXE
Blaster.C Description - The variant for which Parson's was arrested. File dropped: TEEKIDS.EXE
Blaster.D Description - This is the so-called "good" Blaster that allegedly tried to patch infectable systems. In fact, it did nearly as much damage as the original Blaster. Aliases: Welchi, Welchia, Nachi. Files dropped: SVCHOST.EXE, DLLHOST.EXE. Note: These are also the names of perfectly legitimate and necessary system files. Infected files would be found in the Windows\Systems\WINS directory. Valid files are found in Windows\System32\ and Windows\System32\dllcache directories.
Blaster.E Description - Dropped file: MSPATCH.EXE
Blaster.F Description - Dropped file: MSLAUGH.EXE
Blaster.G Description - Dropped file: ENBIEI.EXE
Blaster.B/C author arrested - The variant Parson is accused of creating is referred to as Blaster.B by most vendors, Blaster.C by Trend Micro.
05:45 PM #
Vigilante Hacker Gets Wink and Nod from FBI
We live in a world where good and bad are often subjective, open to interpretations dependent upon which side of the fence you're on. Such is the case with Unknownuser, a computer hacker turned informant who used a Trojan to burrow inside the deepest recesses of a child pornographer's computer and then tipped the FBI off to the pervert's identity. This type of vigilante hacking has led to at least one conviction. Recently, the US Court of Appeals upheld evidence from the same hacker in a second child porn case. Antivirus vendor Sophos weighs in on the verdict, explaining why all malicious code must be detected, regardless of its seemingly noble purpose.
Join the discussion
Reader Poll
11:52 AM #
The Mimail worm is a mass-mailing email worm arriving in an email carrying the message.zip attachment . Contained within the .zip file is message.html which carries an embedded executable that will run when the .html file is opened. The worm exploits a vulnerability in Microsoft products and uses the same proof of concept code from the disclosure of that vulnerability.
05:15 PM #
Feds Issue Second Warning: Exploits Detected
The CERT Coordination Center (CERT/CC) has issued a second advisory regarding critical vulnerabilities affecting a wide range of Windows platforms. According to CERT/CC, reports of widespread scanning and exploitation have been detected. The CERT Coordination Center (CERT/CC) is a federally funded research and development center operated by Carnegie Mellon University.
Critical Flaw Leaves Windows Users Vulnerable
CERT Advisory CA-2003-19
02:55 AM # |
| 