Security Watch Letter: Dangerous Bobax Worm Hits System Files

Security Watch Letter: Dangerous Bobax Worm Hits System Files:
"Since Sasser opened the door, we've seen over a half a dozen new names, and several versions of each-- Cycle, Gaobot, Bobax, Korgo, Kibuv, and Sdbot. Gaobot and Wallon worms also attempt to exploit Windows vulnerabilities from earlier security bulletins. However, the most prolific threats are still the e-mail viruses Netsky.P, Bagel.X, and Dumaru. Sasser.B is also still at the top of the active infector lists, even though Microsoft reports that the number downloads of the MS04-011 update (which could block a Sasser infection) is four times the amount of previous ones. If you haven't updated and haven't gotten Sasser, you're lucky. Update now."

Our top threat of the week is the Bobax.D worm. The fourth in the family, Bobaxuses the same LSASS vulnerability that the Sasser family did. It hasn't had a Sasser-sized impact, but it has the potential (if Sasser doesn't infect the un-patched systems first). Bobax is a little more dangerous than Sasser, as it deletes and changes system files, and sets up an open e-mail relay to send spam from a victim's machine. It even checks the speed of the victim's connection, presumably to cherry-pick the best spam-sending systems.…

http://www.pcmag.com/article2/0,1759,1600125,00.asp