http://msmvps.com/blogs/trafton/archive/tags/Viruses+_2800_Very+Urgent_2900_/default.aspxTags: Viruses (Very Urgent)enCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/trafton/archive/2005/08/16/62937.aspxTue, 16 Aug 2005 22:18:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:62937trafton0<P>A new worm utilizing the MS05-039 vulnerability has became a major outbreak. More coverage upcoming.</P> <P><STRONG>Details<BR></STRONG>IRCBot is a fast-spreading worm affecting systems not patched for the MS05-039 vulnerability. Infected machines will reboot frequently, as well as connect to an IRC server and await further instructions</P> <P><STRONG>Protection<BR></STRONG>Detection of this worm, as it is an outbreak, should be released very soon, if it is not already out.</P> <P><STRONG>The Gist<BR></STRONG>IRCBot is an urgent outbreak and all systems should be patched that have not already been.</P> <P><STRONG>Links<BR></STRONG><A href="http://vil.mcafeesecurity.com/vil/content/v_135491.htm">McAfee</A> - Write-up.</P><div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=62937" width="1" height="1">VIRUSESSECURITYSecurity (Medium)Security (Urgent)Viruses (Medium)Viruses (Urgent)Security (Very Urgent)Viruses (Very Urgent)http://msmvps.com/blogs/trafton/archive/2004/07/26/10684.aspxTue, 27 Jul 2004 00:01:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:10684trafton8<H3><FONT color=#ff0000>BREAKING NEWS:</FONT> Mydoom Variant Medium-High Risk</H3> <P>At 9:25 AM Pacific Time, security company Secunia released a Medium risk alert for the latest variant of the Mydoom family, which is known by various names, including MyDoom.L, MyDoom.M, MyDoom.N, MyDoom.O, and MyDoom.R. The following are various vendor's aliases for this worm:<BR><BR>Computer Associates: Win32.Mydoom.O<BR>F-Secure: Mydoom.M<BR>Network Associates: W32/Mydoom.o@MM<BR>Panda Software: Mydoom.N<BR>Sophos: W32/MyDoom-O<BR>Symantec: W32.Mydoom.M@mm<BR>Trend Micro: WORM_MYDOOM.M<BR><BR>Contrary to the Secunia bulletin, Panada Software's Mydoom.M is an unrelated worm.<BR><BR>The following are vendor risks:<BR><BR>Computer Associates: High (4/5)<BR>F-Secure: Medium (2/3)<BR>Network Associates: Medium-On-Watch (2.5/3.5)<BR>Panda Software: High (3/4)<BR>Sophos: Unassigned<BR>Symantec: High (4/5)<BR>Trend Micro: Medium (2/3)<BR>OVERALL: Medium-High (7.3/10)<BR><BR><STRONG>Worldwide Spread<BR></STRONG>Trend Micro reports significant spread from Germany, Singapore, and the United States, indicating that it is likely this worm has already became common in all continents.<BR><BR><STRONG>Recognition<BR></STRONG>Email messages appear similar to the following, although may be variable:<BR><IMG src="http://vil.nai.com/images/127033-a.gif" border=0></P> <P><STRONG>More Information<BR></STRONG><A href="http://forums.mcafeehelp.com/viewtopic.php?t=29566">McAfeeHelp Forums (thanks to CD)</A><BR><A href="http://vil.nai.com/vil/content/v_127033.htm">NAI Description</A><BR><A href="http://www.sarc.com/avcenter/venc/data/w32.mydoom.m@mm.html">Symantec Description</A><BR><A href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.M">Trend Micro Description</A><BR><A href="http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=50107&amp;sind=0">Panda Software Description</A><BR><A href="http://www.f-secure.com/v-descs/mydoom_m.shtml">F-Secure Description</A><BR><A href="http://www3.ca.com/threatinfo/virusinfo/virus.aspx?id=39711">Computer Associates Description</A><BR><A href="http://www.sophos.com/virusinfo/analyses/w32mydoomo.html">Sophos Description</A></P><div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=10684" width="1" height="1">VIRUSESViruses (Medium)Viruses (Urgent)Viruses (Very Urgent)http://msmvps.com/blogs/trafton/archive/2004/05/02/5797.aspxSun, 02 May 2004 16:39:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:5797trafton21<h3><font color="#ff0000">BREAKING NEWS: </font>Symantec Upgrades Sasser.B to HIGH (4)</h3> <p>Symantec has just upgraded Sasser.B to a HIGH risk (4). This is due to increased spread. The worm, which appeared yesterday, has now achieved higher spread than the original, according to Symantec.<br /><br /><a href="http://www.sarc.com/avcenter/venc/data/w32.sasser.b.worm.html">http://www.sarc.com/avcenter/venc/data/w32.sasser.b.worm.html</a></p><div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=5797" width="1" height="1">VIRUSESSECURITYFOLLOW-UPSViruses (Medium)Viruses (Urgent)Viruses (Very Urgent)