Re: IM Logic withholds details of Santa Claus IM worm, unless you?re a customer

[pc.tech1 () comcast net]

FYI...

Santa IM Worm (bot) update
- http://isc.sans.org/diary.php?storyid=955
Last Updated: 2005-12-22 20:06:28 UTC
"More details came to us on the Santa IM worm discussed earlier. We were able to capture and examine the malware... 
Further info: gift.com renames itself to c:\windows\winrpc.exe, and sets itself up as the service "Windows RPC 
Services". There is no rootkit built in, it is totally dependant on download instructions from the command and control 
site. Rather than calling it a "worm" as was reported in the press, a more accurate description is that it's a bot with 
replicating capabilities..."

.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------