Focus On: Viruses

Shutdown! ABC, CNN, New York Times. The Perp: ZOTOB's evil sibling, rbot. Current models: rbot.cq and ...

SpamNet.A needs your help to conduct its dirty war. If you'll just step on a website seeded by SpamNet, the sniper trojan will fire-off a load of other trojans, along with pornographic adware... which will lead to more trojans, more malware... your email address book ftp'd to a wolfpack, and... Did we mention that you'll be the latest recruit in a Russian spam-zombie army? Undoubtedly you're thinking,"I don't often reconnoiter porn sites, ergo, my borders are secure." Sorry. SpamNet is an equal opportunity virus. It started at porn sites, but debases every unsecured Windows 2003, XP, 2000, NT, ME, 98 and 95 computer it scouts. Fortunately, the patch has been out since January: Microsoft Security Bulletin MS05-002, ...

Windows-Munching Worm of the Day: ZOTOB.A/ZOTOB.B. Sneaks through firewall ports 139 and 445, then tricks Windows Plug and Play service into giving it 100% control. Nasty. If you're willing to put up with the irritations of Windows Genuine Advantage, go to WindowsUpdate and be done with it... or follow the yellow brick road in Microsoft Security Bulletin MS05-039. Disinfectant instructions for the diseased may be found at Microsoft's ZOTOB site. In addition, Microsoft says you should block incoming ports 139 (NetBIOS) and 445 (Microsoft Common Internet File System) at the firewall and everywhere else your network will allow. Of course, blocking remote access to port 139 may cause a few headaches with DNS administration, logins ...

Businesses don't buy products they can't trust. That's a lesson every Israeli technology company just learned the hard way... And they owe it all to a renegade group of Israeli... detectives... that allegedly distributed trojan spyware embedded in free software to targeted victims. To add to Israel's undeserved shame, the Hotword trojan wasn't too bright. If it couldn't send its booty, Hotword locked up the computer, a huge tip-off to its victim that something may be amiss. In a bid to hopefully take some heat off Israel's honest businessfolk, the Governmental Infrastructure for the Internet Era (TEHILA) has released a trojan remover to excise the demon. According to Globes, the instructions make ...

A few senders are responsible for most of your dangerous email. That's the conclusion of an analysis of mail traffic on the trimMail Inbox network. The study found that just 20% of the perps dumping malicious scripts or viruses generate 45% to 64% of all the malware received. Makes your firewall-trigger finger itch, doesn't it? While network administrators of content filtering appliances like trimMail Inbox often respond by simply blocking the top 20% of senders, we'd suggest a bit more caution. Before blocking an IP, run an external traceroute and whois with the free online tools. Once you've separated innocent dimbulbs from the evil doers, block IPs as your mood dictates. ...