Nancy McAleavey

PSC Newsletter- Coming very soon...Invasion of the Wrigglies On Tuesday, Microsoft released a "nine-pack" of patches for WindowsXP and components for other flavors of its OS, INCLUDING WIN98, WIN98SE, WINME, WIN2000 and other versions. While results of the "bandaid" has been mixed, and it's caused a number of problems, one component of the patch is so extremely critical that one absolutely needs to take their chances and install it as the exploits are about to appear full force as exploit code was reportedly published by "eEye security" and "cut and pastes" are already circulating on some "VX'

You're welcome!

We've received and analyzed the latest Sober.ac worm, it's beginning to propagate widely. It appears as a ZIP attachment , typically pword_change.zip or photoattch.zip. Upon opening it creates its folder, searches the HD for addresses and propagates in outbound email (similar to Netsky), creating a large amount of disk activity in the process. Others will likely follow BOClean with their detections. A private build of Optix has been reported propagating through corporate network sites and AOL IM (exploiting the MSJET hole as well as port 445 and other usual exploits) as CRRSCR.EXE and CRRSCR32

Yeah, we got them in our BOClean Intraday Update - FILEDATE: 09/19/05 - 16:46:27 (US EDT) (20:46:27 GMT/UTC) as well.

We published another in the random series of PSC Newsletters. This one is about spyware, its evolution into the mess we all know too well, and some thoughts about where it's heading and the software to stop it from ruining your life. Click here to read the PSC Newsletter: Media Discovers Spyware

Hi Liz....Thanks. I'll be as helpful as I can. There's a lot of good -and not always expensive- software, and it's usually the easiest and best solution for a lot of problems for most people. Add to that the time it saves compared to downloading, running, posting and waiting for help with a Hijackthis log. With some trojans that connect out to seek their clients once they've executed there is *no* time.

Be careful with where you place your trust. Ad-Aware recently rescinded their WhenU detection, without warning, only to reinstate it later. CA did the same with Gator. Going back a bit, Symantec stopped detecting Netbus.... http://securityresponse.symantec.com/avcen....as.trojan.html There's been a rash recently of rescinded detections by several anti-spyware companies. Check their detections and policies regarding detection before you depend on them. You could be let down.