Dangerous Bobax Worm Hits System Files

Bobax. D is more dangerous than Sasser, but users can learn how to beat it. Plus: Turn off AIM before you walk away.

Its been another busy week, with several new LSASS vulnerability-exploiting worms appearing.

Since Sasser opened the door, weve seen more than a half a dozen new names and several versions of each—Cycle, Gaobot, Bobax, Korgo, Kibuv and Sdbot.

The Gaobot and Wallon worms also attempt to exploit Windows vulnerabilities from earlier security bulletins. But the most prolific threats are still the e-mail viruses Netsky.P, Bagel.X and Dumaru.

Sasser.B is also still at the top of the active infector lists, even though Microsoft reports that the number of downloads of the MS04-011 update, which could block a Sasser infection, is four times the amount of previous ones. If you havent updated and havent gotten Sasser, youre lucky. Update now.

Our top threat of the week is the Bobax.D worm. The fourth in the family, Bobax uses the same LSASS vulnerability that the Sasser family did.

It hasnt had a Sasser-sized impact, but it has the potential (if Sasser doesnt infect the unpatched systems first).

Bobax is a little more dangerous than Sasser, as it deletes and changes system files and sets up an open e-mail relay to send spam from a victims machine.

It even checks the speed of the victims connection, presumably to cherry-pick the best spam-sending systems. See our Top Threat for more information.

Ebay users have been targeted by scams and spoofs claiming their accounts have been terminated, or that eBay needs them to reconfirm their info.

While most users have been savvy enough to keep from giving away their personal data, now Ebay helps you fight back. The eBay Toolbar, designed to help auction addicts "watch, bid and buy from eBay," now contains a spoof detector called Account Guard.

An Internet Explorer-only utility, Account Guard alerts you when youre on a bogus site and lets you easily report it to eBay.


To read the full story,

click here.