funsec mailing list archives

RE: Microsoft: Rootkits and Blaster

From: "Hubbard, Dan" <dhubbard () websense com>
Date: Tue, 6 Dec 2005 08:41:17 -0800

Hmm, this stat seem way off to me. Either that or a) they don't have
detection / removal for mass mailing worms and BOT's or b) the
definition of "rootkit" is very broad.



 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Fergie
Sent: Tuesday, December 06, 2005 8:21 AM
To: funsec () linuxbox org
Subject: [funsec] Microsoft: Rootkits and Blaster

Here are a couple of interesting snippets, both via eWeek.

First: "Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes"

[snip]

More than 20 percent of all malware removed from Windows XP SP2 (Service
Pack 2) systems are stealth rootkits, according to senior official in
Microsoft Corp.'s security unit.

Jason Garms, architect and group program manager in Microsoft's
Anti-Malware Technology Team, said the open-source FU rootkit ranks high
on the list of malicious software programs deleted by the free Windows
worm zapping utility.

[snip]

http://www.eweek.com/article2/0,1759,1896605,00.asp

And: "Two Years Later, Blaster Worm Still Squirming"

[snip]

More than two years after Blaster turned the summer of 2003 into an IT
administrator's worst nightmare, the worm is still very much alive and
there are fears within Microsoft that thousands of Windows machines will
never be completely dewormed.

According to statistics culled from Microsoft's Windows malicious
software removal tool, between 500 and 800 copies of Blaster are removed
from Windows machines per day.

[snip]

http://www.eweek.com/article2/0,1759,1896373,00.asp

Who'd a thunk?  :-)

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet  fergdawg () netzero net or
fergdawg () sbcglobal net  ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Microsoft: Rootkits and Blaster Fergie (Dec 06)
- <Possible follow-ups>
- RE: Microsoft: Rootkits and Blaster Hubbard, Dan (Dec 06)
  - RE: Microsoft: Rootkits and Blaster Nick FitzGerald (Dec 06)
- RE: Microsoft: Rootkits and Blaster Fergie (Dec 06)
  - Re: Microsoft: Rootkits and Blaster Dude VanWinkle (Dec 06)
    - Re: Microsoft: Rootkits and Blaster Blue Boar (Dec 06)
    - Re[2]: Microsoft: Rootkits and Blaster Pierre Vandevenne (Dec 06)
- RE: Microsoft: Rootkits and Blaster Marius Gheorghescu (Dec 06)
  - Re[2]: Microsoft: Rootkits and Blaster Pierre Vandevenne (Dec 06)
- RE: Re[2]: Microsoft: Rootkits and Blaster Hubbard, Dan (Dec 06)
  - RE: Re[2]: Microsoft: Rootkits and Blaster Nick FitzGerald (Dec 06)
- RE: Re[2]: Microsoft: Rootkits and Blaster Jason Geffner (Dec 06)