Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-04-08 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MS genuinely surprised 250,000 unique systems infected with Alcan.B

Published: 2006-04-08
Last Updated: 2006-04-08 22:14:26 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
Alcan.B is circa June, 2005. MS's anti-malware technology team has blogged that "In February's release of the tool (MS's Windows Malicious Software Removal Tool), we added the ability to detect and remove a worm called Win32/Alcan.". So seven months and a few days after information about Alcan.B was first published, MS's Anti-Malware Engineering Team is "genuinely surprised" that 250,000 of the 250 million computers systems that ran the February Windows Malicious Software Removal Tool were infected with Alcan.B.

The Anti-Malware Engineering Team blog goes on to note that the February Windows Malicious Software Removal Tool removed the "Win32/Mywife.E worm (aka CME-24)" from 40 thousand computers, starting just a scant 11 days after the "worm" detonated on February 3rd, 2006, less than a month after it's discovery date (near January 17, 2006). Win32/Mywife.E is malware that the Anti-Malware Engineering Team had recently said was a worm that "turned out to be more hype than reality", and that "the few calls they did receive tended to be inquiries based on word-of-mouth vs. infected users" (Monday, February 06, 2006 12:38 AM).". Looking back on the week (graphic next - as Nyxem.E), "Win32/Mywife.E worm (aka CME-24)" gets around, and looking back, at other statistics, over the time period since it's release, it competes right up there with other prolific persistent malware like MyTob and netsky, and will continue to do so in the future.

Keywords:
0 comment(s)

Deja Vu - worm attacks Windows and Windows Mobile powered devices

Published: 2006-04-08
Last Updated: 2006-04-08 20:58:15 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
Symantec has issued information on MSIL.Letum.A@mm, "a worm written in Microsoft .NET's Microsoft Intermediate Language (MSIL) that can affect both Windows PC and Windows Mobile powered devices that have the .NET framework installed.". Trend's analysis for WORM_LETUM.A is here.
Keywords:
0 comment(s)
Diary Archives