spread the dot jenett.radio.randomizer - click to visit a random Radio weblog - for information, contact randomizer@coolstop.com

Security

 Wednesday, May 29, 2002

Have you been wormed?

As usual, incidents.org has a good analysis of the Worm of the Week. If you've followed the vendor's recommended best practices and lockdown guides, you won't have been compromised by this SQLsnake. Note that Microsoft SQL Server may have been installed as part of other products, under the pseudonym Microsoft SQL Server 2000 Desktop Engine (MSDE).

4:02:09 PM # Google It!
categories: Security, System Administration

Anti-social Networking

Speaking of social networking, I'd like to see an analysis of whose addresses Klez is using. Some variants of the worm extract e-mail addresses from the Windows Address Book (and other places) to falsify the From: header, as well as to provide target addresses, found in the To: header. The version forwarded to me goes further in its nematode fun, by using one of the found addresses in the Reply-To:, so that non-delivery notifications are returned to a fourth party.

Unfortunately, I don't have any other samples in my mailbox. I guess this means that the people who have me in their address books are 1) not using infectable products, or 2) not inept.

12:05:09 PM # Google It!
categories: Security