As you see, there has been no entries for the past 2 days … It’s been “quiet” these past few days. Anyway, here are some things to get you up to speed on what’s been happening lately.
- The issue on regedit has generated quite a buzz and there are already malwares that use this bug. What are the detections you ask? I’ll post an update later. Anyway, the DCE limitation on this will be fixed in an upcoming release.
- An interesting paper on MyFip worms by LUHRQ. Apparently it steals pdf files which can be dangerous especially for a company with confidential documents. Makes me remember another worm which attaches documents to itself (the name escapes me at the moment)
- Seems like someone’s making use of a certain cisco http vulnerability scanner. We’ve heard some reports (makes you wonder where we get these reports nuninuninuninu) that this MAY be from a worm. Makes you wonder if the Cisco/Lynn fiasco finally came into fruition. You’ll hear from us soon if this turns out to be a large one.
- The site of diabl0 is one of the sites that where we acquired some bot source-codes. Now the site is down, but here’s a blog entry from F-Secure on what the site looked like before and after the arrest (but before now. right now the site says something like “You do not have permission blahblah”). I wonder if this has anything to do with the arrest (check out “Other Details”. scroll down. down. there see it?)
- And speaking of diabl0, check out this news. Seems like the FBI is going on another massive bot crackdown.