Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Users still double clicking email attachments, MSJVM Removal Tool 1.0, Upcoming ISC Webcast SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Users still double clicking email attachments, MSJVM Removal Tool 1.0, Upcoming ISC Webcast
FYI - Some AV Vendors will not have virus detection signatures for new variants of mass mailing viruses available for download until Tuesday, MARCH 9th, when Microsoft will be offering megabytes of security patches for unfixed vulnerabilities. The second Tuesday of the month is Microsoft's scheduled Security Bulletin release day.

Microsoft Security Bulletin Search
http://www.microsoft.com/technet/security/current.aspx

Sober.D

The W32.Sober.D@mm has received a higher alert rating by some AV vendors as users continue to open attachments from unknown senders. Sober.D should undoubtably benefit from some synergy with todays anticipated Microsoft Security Bulletin announcement. The synergy will come from Microsoft, which may be mass mailing users to announce new Security Bulletins. If your network allows attachments it may save you some clean-up time if there's a gentle reminder sent out that Microsoft's policy is to never send email's with attachments. Sober.D presents itself as a "virus alert" from Microsoft with the infected attachment. (Win32.Sober.D [Computer Associates], W32/Sober.d@MM [McAfee], WORM_SOBER.D [Trend])

Last but not least on virus variants, you can check with your favorite AV vendor for signatures to detect the latest crop of variants;
W32.Netsky.K@mm
W32.Keco@mm
W32.Netsky.J@mm

MS announces it's MSJVM Removal Tool 1.0

"The Microsoft JVM Removal Tool can be used to remove the MS Java Virtual Machine (MSJVM). Use of this tool is the only supported method for removing the MSJVM from a Microsoft operating system."

http://www.microsoft.com/downloads/details.aspx?FamilyID=f2002119-b4d5-4013-83bc-4a8ad95e959f&DisplayLang=en

ISC Webcast The monthly Internet Storm Center webcast is on Wednesday, March 10th at 1pm EST. Join us for a solid hour of discussion about new threats we've seen this past month, including deconfliction of all of the new viruses, port activity, new software vulnerabilities, and other items of Internet security interest. Details for tuning in are online at;
http://www.sans.org/webcasts/show.php?webcastid=90486.

Patrick Nolan
Tom

160 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!