securitygeek: A bot war has broken out

securitygeek (

securitygeek) wrote,
@ 2005-08-18 09:34:00

A bot war has broken out
These all attack the MS05-039 vulnerability:
Zotob.A,B,C,D,E,F,G,H,I
IRCbot.ES, ET, EX
Bozori.A, B
Rbot.YN
SDbot.ADB
Codbot

Now the malware writers have started a bot war, with each new version deleting the old malware. We have seen up to Zotob.I so far. CNN, Boeing, and other big companies have been hit with some varient.

In the last 12-18 months we have seen the window between the release of Microsoft patches and the release of the worms that exploit them shrink from months to weeks, and now down to days.

(Post a new comment)

	beo_wulf 2005-08-20 07:07 am UTC (link)
	Off the topic question for the packet hunter. Do you happen to know the difference between CIFS and SMB other than CIFS is newer? (Reply to this) (Thread)

	securitygeek 2005-08-21 05:47 pm UTC (link)
	CIFS is an extension of SMB which allows for things like multiple remote client access to the same file with enhanced locking mechanisms. It uses multiple levels of Oplocks to handle this: http://www.microsoft.com/mind/1196/cifs.asp http://www.webopedia.com/TERM/C/CIFS.html (Reply to this) (Parent)(Thread)

	beo_wulf 2005-08-25 05:46 am UTC (link)
	Thanks. Everyone I talked to at work had the response, "Umm, I don't know". Plus the SAMBA documentation used the SMB/CIFS protocols interchangeably. Mucho thanks. (Reply to this) (Parent)

Username:		Create an Account Forgot your login or password? Login w/ OpenID
Password:
	Remember Me
	English • Español • Deutsch • Русский…

About

Help

Get Involved

Legal

Store

LJ Labs