It’s been another busy week, with several new LSASS (MS04-011 security bulletin) vulnerability-exploiting worms appearing. Since Sasser opened the door, we’ve seen over a half a dozen new names, and several versions of each– Cycle, Gaobot, Bobax, Korgo, Kibuv, and Sdbot. Gaobot and Wallon worms also attempt to exploit Windows vulnerabilities from earlier security bulletins. However, the most prolific threats are still the e-mail viruses Netsky.P, Bagel.X, and Dumaru. Sasser.B is also still at the top of the active infector lists, even though Microsoft reports that the number downloads of the MS04-011 update (which could block a Sasser infection) is four times the amount of previous ones. If you haven’t updated and haven’t gotten Sasser, you’re lucky. Update now. Our top threat of the week is the Bobax.D worm. The fourth in the family, Bobaxuses the same LSASS vulnerability that the Sasser family did. It hasn’t had a Sasser-sized impact, but it has the potential (if Sasser doesn’t infect the un-patched systems first). Bobax is a little more dangerous than Sasser, as it deletes and changes system files, and sets up an open e-mail relay to send spam from a victim’s machine. It even checks the speed of the victim’s connection, presumably to cherry-pick the best spam-sending systems. See our Top Threat for more information. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.