Security Watch

A Tasty Dish of Worms and Spam

The security space saw lots of activity in November that may have lasting effects on the way IT pros protect, deploy and maintain environments going forward.

• By Jabulani Leffall
• 12/02/2008

Redmond Identifies Worm Related to Previous Fix
Microsoft in late October released an off-cycle hotfix, centered on remote procedure call (RPC) technology, which allows subroutine code to execute on other computers in a shared network. The week of Thanksgiving, the software giant said it pegged a wild exploit that was related to the stated vulnerability. The problem stems from a worm dubbed "Win32/Conficker.A." The worm will "propagate on random computers" in an affected Windows-based network, according to Microsoft.

MSRT Purges Nearly 1M PCs in November
Redmond said that its Malicious Software Removal Tool, which it rolls out Windows users every a month as part of Patch Tuesday, jettisoned "fake security software" from nearly a million PCs. In a recent blog posting, three of Microsoft's security researchers said the period from Nov. 11 through Nov. 20 saw heavy instances of phony security software popping up on Windows machines.

"There is no surprise about the prevalence of these rogues given our earlier telemetry analysis on other Microsoft AV products and tools," the researchers wrote.

The November finding was significan; in October a program called "Renos" clocked in with 389,036 distinct machines cleaned in the first week and 655,535 machines for the whole month.

Redmond: Spam Not Microsoft-Specific
Microsoft is taking issue with being listed No. 5 among the ten worst Internet service providers protecting against spam. According to data compiled through Nov. 30 by Spamhaus.org, spammers see Microsoft products as more enticing because Microsoft's Live.com and Livefilestore.com sites won't get blocked by anti-spam groups. Redmond doesn't seem to think there's anything anyone can do about spammers except use common sense.

The software giant issued a statement in response to the report saying, "Spam and other abuse scenarios are not Microsoft-specific." The statement went on to say that in Windows Live there are opportunities for users and customers to share their own content through Windows Live Hotmail, Windows Live Spaces, Windows Live SkyDrive and other free services. As such, Redmond said "spammers have multiple avenues to target consumers with malicious activities."

Coincidentally, Microsoft has dropped off the top ten list for the worst ISPs as of Dec. 1. Whether this is due to a quick reaction from the software giant, an influx of spam on other networks or a re-tabulation of data is anybody's guess.