"F-Secure is reporting a new variant in the Zotob worm currently exploiting the PnP vulnerability addressed in MS05-039. The Zotob.B variant uses the same ports (TCP/445 for scanning, TCP/8888 command shell on exploited systems, TCP/33333 for FTP server) as the previous variant, but uses the executable name 'csm.exe' with the description 'csm Win Updates' in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices to load the worm when the system boots. The Zotob.A uses the executable name 'botzor.exe' in the same registry key.
Monday, August 15, 2005
Zotob.B:
Mozilla and hypocrisy
Right, but what about the experiences that Mozilla chooses to default for users like switching to Yahoo and making that the default upon ...
-
via VMware blog
-
Intrusion Detection with Tripwire : "Do this by adding a comma after the severity= line and putting emailto= on the next line, followed...
-
Right, but what about the experiences that Mozilla chooses to default for users like switching to Yahoo and making that the default upon ...