Search:

Another site where you can go to not get malware, but to get videos of the malware being installed, is the site of Ben Edelman. He's got some videos of this exact same thing: going to a web site and...

On the blog from F-Secure, their latest post mentions a new version of this one, called Bropha.K that came out Sunday.
The link to their blog for a little more info is here.

For me, Symantec came up and listed it as W32.Spybot.Worm. Maybe it's a new version???

Service Pack 2 Release Candidate 1 for Win XP is out. Info and to download it is here:
http://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx

A proof-of-concept for a new IE exploit has been released. The person who found the problem used the relently leaked Windows source code to find this. You can see it here
It is a Bitmap file with a...

SCO.COM has removed their WWW A record from DNS to stop the onslaught. Take a look at this article, just posted, on Netcraft:...

It looks like the guy who makes CWShredder at Merijn.org has been on vacation from Jan 9 to Jan 19. So, that is probably why it does not take care of this new version.
But he is back tomorrow, I...

Well, here is Symantec's write up of this one. It lists the REgistry key in the Run portion this spam relay trojan sets up.
Check it out.

I will take a stab at this.

First, NMAP is now on version 3.48, so running this older version could impact the OS detection. Version 3.00 has a datestamp of July 28, 2002. So, right there, I do...

The article is here.

Here is my most embarrassing story. It is not very security related, but it is fun!
I once worked at a small long-distance phone company as a junior IT tech guy. One day, there was a power blackout...

TH13, thanks for the warning.
I've already talked to my company's security officer, and we are gonna send out an alert on this. We have had 4 offices that had Welchia outbreaks, and I know some...

Oh, you already reinstalled? Rats!
For future reference, here is one trick you can use. When the Default value for HKEY_CLASSES_ROOT\exefile\shell\open\command gets changed, thereby preventing any...

Yes, Yahoo! Inc. has registered both of those domains, in addition to their real one. Here is the registrant info:

Registrant:
Yahoo! Inc.
(DOM-269234)
701 First Avenue Sunnyvale
CA
...

Open up the Event Viewer on any Windows NT/2K/XP/2K3 machine.
Select the System log.
The Event ID number for Net Send messages is #26, from the "Application Popup" source.
And you will see 1 popup...

Hopefully, this information will not be abused in any way.

The K-Otik French security site has the exploit code. There are also compiled versions of the code bouncing around.

I have been working with Tivoli Storage Manager running on Win2K for almost 2 years now. 1 year ago, we migrated from a IBM Magstar 3570 tape library (which is really a dinosaur!) to the IBM 3584...

I started patching some "non-critical" machines last night. I checked their Event Viewer logs after the reboot, and there was nothing abnormal. Full functionality was available. I ran this on an IIS...

CXGJarrod, you posted:



The Technet article on this one says that this situation is true, that scanners that scan for MS03-026 will not detect it being patched if you have this new patch only...

There is a virus that is farily recent called WINPUP32.EXE that your friend might have.
It can load a trojan file on the target system. I had a user who had a problem with this.

I had patched about 30 servers for this the last week in July. Due to the firewall settings and the patches, I have not had any problems at work.

But from a personal level, 9 people so far have...

Win2K SP3 added the new Automatic Updates process that ships with XP.
With this version, you can currently set it to "Automatically download the updates, and install them on the schedule that I...

Is there anything in the Event Viewer logs that relates to the failed install of these apps? You could post what the logs say.

Symantec just upgraded W32.Welchia.Worm to a Category 4 "Due to an increase in submissions."

It exploits RPC/DCOM over port 135. Plus, the new twist to this one that I think warrants a brief...

What is wrong with you that you have to post these meaningless statments that do nothing but demean the work we are trying to do here. This new Msblaster.EXE RPC worm is flying everywhere causing...