Security
Wednesday, May 29, 2002Have you been wormed?
As usual, incidents.org has a good analysis of the Worm of the Week. If you've followed the vendor's recommended best practices and lockdown guides, you won't have been compromised by this SQLsnake. Note that Microsoft SQL Server may have been installed as part of other products, under the pseudonym Microsoft SQL Server 2000 Desktop Engine (MSDE).4:02:09 PM # Google It!
categories: Security, System Administration
Anti-social Networking
Speaking of social networking, I'd like to see an analysis of whose addresses Klez is using. Some variants of the worm extract e-mail addresses from the Windows Address Book (and other places) to falsify the From: header, as well as to provide target addresses, found in the To: header. The version forwarded to me goes further in its nematode fun, by using one of the found addresses in the Reply-To:, so that non-delivery notifications are returned to a fourth party.Unfortunately, I don't have any other samples in my mailbox. I guess this means that the people who have me in their address books are 1) not using infectable products, or 2) not inept.
12:05:09 PM # Google It!
categories: Security
