http://msmvps.com/blogs/vipul/archive/tags/Security/default.aspxTags: SecurityenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/vipul/archive/2005/08/18/63193.aspxThu, 18 Aug 2005 14:31:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:63193Vipul Patel0http://msmvps.com/blogs/vipul/rsscomments.aspx?PostID=63193http://msmvps.com/blogs/vipul/archive/2005/08/18/63193.aspx#comments<FONT size=2> <P>On 17 August 2005 the Microsoft Windows</P> <P>Malicious Software Removal Tool has been updated with added detection</P> <P>and cleaning capabilities for the following Malicious Software:</P> <P>* Zotob.A</P> <P>* Zotob.B</P> <P>* Zotob.C</P> <P>* Zotob.D</P> <P>* Zotob.E</P> <P>* Bobax.O</P> <P>* Esbot.A</P> <P>* Rbot.MA</P> <P>* Rbot.MB</P> <P>* Rbot.MC</P> <P>The updated version of the Microsoft Windows Malicious Software Removal</P> <P>Tool is available for download from the Download Center at this</P> <P>location:</P> <P></FONT><A href="http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4"><U><FONT color=#0000ff size=2><A href="http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&amp;displaylang=enNOTE">http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4</U></FONT></A><FONT size=2>F54-9AB3-75B8EB148356&amp;displaylang=en</P> <P>NOTE</A>: This updated version is currently NOT available on Windows Update,</P> <P>Microsoft Update or through Windows Server Update Services.</P> <P>More information on the Microsoft Windows Malicious Software Removal</P> <P>Tool is available here:</P> <P></FONT><A href="http://go.microsoft.com/fwlink/?LinkId=40573"><U><FONT color=#0000ff size=2>http://go.microsoft.com/fwlink/?LinkId=40573</U></FONT></A></P><div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=63193" width="1" height="1">Securityhttp://msmvps.com/blogs/vipul/archive/2005/08/17/63134.aspxWed, 17 Aug 2005 20:59:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:63134Vipul Patel0http://msmvps.com/blogs/vipul/rsscomments.aspx?PostID=63134http://msmvps.com/blogs/vipul/archive/2005/08/17/63134.aspx#comments<FONT face=Arial size=2>http://secunia.com/virus_information/20710/<BR><BR>W32.Bobax.AF@mm is a mass-mailing worm that opens a back door, downloads remote files, and lowers security<BR>settings on the compromised computer. The worm spreads by exploiting the Microsoft Windows Plug and Play<BR>Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039) and by sending a copy of itself to email addresses gathered.</FONT><div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=63134" width="1" height="1">Securityhttp://msmvps.com/blogs/vipul/archive/2005/08/17/63131.aspxWed, 17 Aug 2005 20:44:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:63131Vipul Patel0http://msmvps.com/blogs/vipul/rsscomments.aspx?PostID=63131http://msmvps.com/blogs/vipul/archive/2005/08/17/63131.aspx#comments<P><FONT face=Arial size=2><A href="http://www.sarc.com/avcenter/venc/data/w32.zotob.removal.tool.html">http://www.sarc.com/avcenter/venc/data/w32.zotob.removal.tool.html</A><BR></FONT></P> <P><FONT face=Arial size=2></FONT>&nbsp;</P> <P><FONT face=Arial size=2>More about it at <A href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FZOTOB%2EA">http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FZOTOB%2EA</A></P></FONT><div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=63131" width="1" height="1">DeveloperSecurityhttp://msmvps.com/blogs/vipul/archive/2005/05/27/49303.aspxFri, 27 May 2005 21:21:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:49303Vipul Patel1http://msmvps.com/blogs/vipul/rsscomments.aspx?PostID=49303http://msmvps.com/blogs/vipul/archive/2005/05/27/49303.aspx#comments<P>The computer used to kick-start a global worm outbreak in March 2004 has been traced using crucial kinks in its code.</P> <P>The worm code involved using a random function to generate the next set of targets. Since Randon function provided by operating systems results in generating the same sequence of random numbers, by reverse tracing, the team of Nicholas Weaver and Vern Paxson from the University of California, Berkeley, and Abhishek Kumar from the Georgia Institute of Technology, painstakingly retraced its steps back to the first computer - or "patient zero" - of the outbreak.</P> <P>More details ate avilable at <A href="http://www.newscientist.com/article.ns?id=dn7441&amp;feedId=online-news_rss20">http://www.newscientist.com/article.ns?id=dn7441&amp;feedId=online-news_rss20</A></P> <P><BR>Tip: Dont use the Rand function. Use special classes like CryptGenRandom in Windows : Source: <A href="www.microsoft.com/mspress/books/5957.asp">Writing Secure code </A>by <A href="blogs.msdn.com/michael_howard/">Michael Howard </A>, <A href="www.microsoft.com/mspress/">MS Press</A></P><div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=49303" width="1" height="1">C#DeveloperSecurity