MICROSOFT WINDOWS MALICIOUS SOFTWARE REMOVAL TOOL UPDATED


On 17 August 2005 the Microsoft Windows


Malicious Software Removal Tool has been updated with added detection


and cleaning capabilities for the following Malicious Software:


* Zotob.A


* Zotob.B


* Zotob.C


* Zotob.D


* Zotob.E


* Bobax.O


* Esbot.A


* Rbot.MA


* Rbot.MB


* Rbot.MC


The updated version of the Microsoft Windows Malicious Software Removal


Tool is available for download from the Download Center at this


location:


http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en


NOTE: This updated version is currently NOT available on Windows Update,


Microsoft Update or through Windows Server Update Services.


More information on the Microsoft Windows Malicious Software Removal


Tool is available here:


http://go.microsoft.com/fwlink/?LinkId=40573

Mydoom.bv (aka Bobax.AF) – An email flavor of MS05-039

http://secunia.com/virus_information/20710/

W32.Bobax.AF@mm is a mass-mailing worm that opens a back door, downloads remote files, and lowers security
settings on the compromised computer. The worm spreads by exploiting the Microsoft Windows Plug and Play
Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039) and by sending a copy of itself to email addresses gathered.

Zotob Free Removal Tool offered by Symantec

http://www.sarc.com/avcenter/venc/data/w32.zotob.removal.tool.html


 


More about it at http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FZOTOB%2EA

Random function flaw leads to ‘Patient zero’

The computer used to kick-start a global worm outbreak in March 2004 has been traced using crucial kinks in its code.


The worm code involved using a random function to generate the next set of targets. Since Randon function provided by operating systems results in generating the same sequence of random numbers, by reverse tracing, the team of Nicholas Weaver and Vern Paxson from the University of California, Berkeley, and Abhishek Kumar from the Georgia Institute of Technology, painstakingly retraced its steps back to the first computer – or “patient zero” – of the outbreak.


More details ate avilable at http://www.newscientist.com/article.ns?id=dn7441&feedId=online-news_rss20



Tip: Dont use the Rand function. Use special classes like CryptGenRandom in Windows : Source: Writing Secure code by Michael Howard , MS Press