Browse Blog Posts by Tags

All Tags » FOLLOW-UPS (RSS)

MVP WordPress Blogs

Browse Blog Posts by Tags

Showing related tags and posts for the Blogs application. See all tags in the site

Daily Update -- Thursday, October 6th, 2005

A quick daily update today. Symantec has now named Sober.Q (aka .R) to be a low-medium (2) risk, although McAfee maintains it at Medium. It looks like this one is not going to be a huge outbreak. More coverage of Sober.R should be available tomorrow as we start to see reports on spread rates coming in...

Posted to Security Manifest by trafton on Thu, Oct 6 2005
Filed under: Filed under: DAILY UPDATES, VIRUSES, FOLLOW-UPS
Zotob Authors Nabbed

The good news about the Zotob outbreak is that we're unlikely to see future versions after two men - one in Morroco and one in Turkey - were arrested Thursday. From The Washington Post 's article : The FBI and Microsoft Corp. collaborated with law enforcement officials in Turkey and Morocco to secure...

Posted to Security Manifest by trafton on Fri, Aug 26 2005
Filed under: Filed under: VIRUSES, FOLLOW-UPS
Retrospective Zotob Articles

Here are a collection of recent articles on the Zotob worm, which is at this point no longer spreading very quickly: Some XP machines vulnerable to Zotob worm (TechWorld) - A full news article about the (rare) registry modifications that can result in Windows XP being vulnerable to the Zotob worm. Not...

Posted to Security Manifest by trafton on Thu, Aug 25 2005
Filed under: Filed under: VIRUSES, FOLLOW-UPS
Zotob - Slowing Down

Good news on the Zotob front. McAfee has lowered the risk to Medium. Correspondingly, it is now considered a moderate outbreak.

Posted to Security Manifest by trafton on Wed, Aug 17 2005
Filed under: Filed under: VIRUSES, SECURITY, FOLLOW-UPS
Looking more at Plug N' Play worms and Zotob

If you've been following the news about Zotob, IRCBot, Bozori, and the other families of worms to attack the recent Plug-and-Play vulnerability (MS05-039), you know that another worm war has begun between the latter two worm families and Zotob, which so far is not “fighting back” with a new...

Posted to Security Manifest by trafton on Wed, Aug 17 2005
Filed under: Filed under: VIRUSES, SECURITY, FOLLOW-UPS
Zotob.E (IRCBot) Outbreak News Round-Up

Early news reports indicate that the group most affected (or at least most publicly affected) by the IRCBot is the media. Brian Krebs at The Washington Post reports : ABC News had an extensive outage today due to infections from Zotob or one of its variants [most probably IRCBot, which is also known...

Posted to Security Manifest by trafton on Tue, Aug 16 2005
Filed under: Filed under: VIRUSES, SECURITY, FOLLOW-UPS
Ad-Aware Fixed!

Good news in that last week's problem with Lavasoft's Ad-Aware adversely affecting LANs seems to have been resolved. http://www.lavasoftsupport.com/index.php?showtopic=60859 A link to the original post can be found here: http://msmvps.com/trafton/archive/2005/03/11/38236.aspx

Posted to Security Manifest by trafton on Sun, Mar 20 2005
Filed under: Filed under: SECURITY, FOLLOW-UPS
Anti-Santy: Near Death?

Before I head off to bed, I just want to give a very quick update on the “Anti-Santy” worm I have discussed previously in a post , as well as a follow-up . We now have a name to this worm - Asan - and information that its spread seems to be slowing from already limited levels. The good folks...

Posted to Security Manifest by trafton on Sun, Jan 2 2005
Filed under: Filed under: VIRUSES, SECURITY, FOLLOW-UPS
Follow-Up: Anti-Santy Worm

I'd like to give you all a quick-update on the phpBB worm that targets the vulnerability used by Santy and patches it I reported yesterday. Although it still lacks a name, and little is actually known about it, the media is beginning to report on it. From ZDNet (underlining for emphasis on new details...

Posted to Security Manifest by trafton on Sat, Jan 1 2005
Filed under: Filed under: VIRUSES, SECURITY, FOLLOW-UPS
Bagle.AZ 24 Hours Later

Waters Apparently Calming Ever since MessageLabs stopped updating its statistics frequently, it has become harder to judge how fast mass-mailing email-borne viruses spread. However, I am happy to report that 24 hours after it first appeared, it seems that Bagle.AZ is not a significantly high-spreading...

Posted to Security Manifest by trafton on Wed, Sep 29 2004
Filed under: Filed under: VIRUSES, FOLLOW-UPS
Spread of Mydoom.M Slows

Follow-Up: Most High Ratings Downgraded to Medium Despite interesting new techniques, such as using a search engine to find additional email addresses, it appears that the recent Mydoom variant (which goes by many different names, but for practical uses will here be called “Mydoom.M”) has...

Posted to Security Manifest by trafton on Sat, Jul 31 2004
Filed under: Filed under: VIRUSES, FOLLOW-UPS
Spread of New MyDoom Quite High; Google Hit

Follow-Up: Popular Search Engine Rendered 503 Error A viewer of Portland, Ore. television station KATU was among the affected users and submitted this image. Courtesy KATU.com. As reports of the latest MyDoom variant stream in, we're beginning to see the effects of its use of search engines to find email...

Posted to Security Manifest by trafton on Mon, Jul 26 2004
Filed under: Filed under: VIRUSES, FOLLOW-UPS
Bagle.AI Spread More than First Estimated

Follow-Up: Panda Goes to High Risk; Most Remain Medium Users are reporting higher spread of the latest Bagle variant, Bagle.AI, than originally it was estimated the worm was achieving. This is mainly heresay, but some web sites such as VirusTotal would back this statement up. While a high risk consensus...

Posted to Security Manifest by trafton on Mon, Jul 19 2004
Filed under: Filed under: VIRUSES, FOLLOW-UPS
"Wallon" Correction and Additions

Follow-Up: Wallon Does NOT Spread Via LSASS Vulnerability I had some information passed on earlier that W32/Wallon.worm spreads via the LSASS vulnerability. It does NOT. It does, however, use a number of Outlook Express exploits. My opinion on W32/Wallon.worm is that several factors will contribute to...

Posted to Security Manifest by trafton on Tue, May 11 2004
Filed under: Filed under: VIRUSES, FOLLOW-UPS
Removed Outbreak Warning for Sasser.B

Follow-Up: Five Days Since Initial Outbreak, Downgrade Appropriate I have just removed the outbreak warning for W32/Sassser.worm.B. Although Secunia still rates it as a High risk, at five days old, it is unlikely that it is any longer an outbreak as much as a very widespread worm. Speaking of Secunia...

Posted to Security Manifest by trafton on Sat, May 8 2004
Filed under: Filed under: ANNOUNCEMENTS, FOLLOW-UPS
Netsky.AC May Be Widespread

Follow-Up: Most Rate Low Risk; Sophos Rates High W32/Netsky.AC-mm, the latest variant, is currently ranked low by most companies, except Sophos. They say they have received “many” infection reports, which is equivilant to a high risk from them. Monday will be a very interesting day, with four worms ...

Posted to Security Manifest by trafton on Sun, May 2 2004
Filed under: Filed under: VIRUSES, FOLLOW-UPS
Outbreak Warning Declared For Sasser.B

BREAKING NEWS: Added Outbreak Warning for Sasser.B I have added an outbreak warning for W32/Sasser.worm.b. This reflects Symantec's upgrade to High a few minutes ago.

Posted to Security Manifest by trafton on Sun, May 2 2004
Filed under: Filed under: VIRUSES, FOLLOW-UPS
Symantec Goes High on Sasser.B

BREAKING NEWS: Symantec Upgrades Sasser.B to HIGH (4) Symantec has just upgraded Sasser.B to a HIGH risk (4). This is due to increased spread. The worm, which appeared yesterday, has now achieved higher spread than the original, according to Symantec. http://www.sarc.com/avcenter/venc/data/w32.sasser...

Posted to Security Manifest by trafton on Sun, May 2 2004
Filed under: Filed under: VIRUSES, SECURITY, FOLLOW-UPS, Viruses (Medium), Viruses (Urgent), Viruses (Very Urgent)
Sasser A/B Removal Tools Available

Follow-Up: Microsoft, McAfee, Symantec, F-Secure, and Trend Pitch In This is from Harry Waldron's excellent blog, which I highly recommend. It can be found here . ===EDITED=== The full post from Harry's blog can now be found here: http://forums.mcafeehelp.com/viewtopic.php?t=26143 ===EDITED===

Posted to Security Manifest by trafton on Sun, May 2 2004
Filed under: Filed under: FOLLOW-UPS
Sasser.B Goes Medium

BREAKING NEWS: Sasser.B Spreading Quickly Most companies are now calling W32/Sasser.worm.b Medium risk. This reflects increased spread. The worm, which debuted yesterday, is not all that different from the original. The main indication of difference is the prescence of a “2“ at the end of the file name...

Posted to Security Manifest by trafton on Sun, May 2 2004
Filed under: Filed under: VIRUSES, SECURITY, FOLLOW-UPS, Viruses (Medium), Viruses (Urgent)

Page 1 of 2 (27 items) 1 2 Next >

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.