Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: No microsoft patches are available at - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
No microsoft patches are available at
Erik van Straten reported receiving a spoofed email that led to a spoofed Microsoft site that downloaded a trojan with instructions to run it to patch your system. The site name is is NOT a Microsoft site.
This gets redirected to
mstasks.exe is identified by Symantec/Norton AntiVirus beta definitions as "Trojan.Etsur".

Repeat after me: Unless you subscribe to their email security notification service, Microsoft's policy is not to send notification of vulnerabilities. They never send patches in email to users.

A new polymorphic virus has been reported by Network Associates.
W32/Polybot.gen!irc a polymorphic variant of the w32/gaobot worm. It encrypts itself which may allow it to go undetected by antivirus software. Currently NA lists it as a low risk. It spreads through shares and can use vulnerabilities described in Microsoft Security Bulletins MS03-026, Ports 80, 135, 139, 445 or 593 are all possibly affected by that vulnerability. A new variant of this virus family has been discovered that uses the filename soundman.exe.

For Network Associates full writeup see:

We received one report of a virus using a picture file format (bmp) to provide the password. Several antivirus systems include the ability to pull passwords out of email text and decrypt the bagle.pwdzip zip file finding the virus a passworded zip. Using bitmap's or other image file formats will make it more difficult for antivirus vendors to extract the password. This password in a picture method has been used by other systems to prevent automated abuse.

206 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!