Bonum Certa Men Certa

Eye on Microsoft: Another Messy Week for Security

The state of the botnet is a reality that can't be immediately escaped unless there is a large-scale disconnection of Windows-running PCs. However, rather than making steps in the right direction, the situation appears to be worsening.



This post is a quick roundup (due to time constraints) of the past week's developments, with special emphasis on complete comprise that brings the world SPAM, DDOS attacks, espionage, ransom, and wasted productivity.

Rise of the Zombies



Halloween is far behind, but the zombies are back.

Most of Srizbi's new command and control servers were located in Estonia and all of its domains were registered in Russia. For about 13 hours, some 100,000 or so infected machines had the ability to connect to those servers, though it's not clear exactly how many of them did so, since many of them were likely not powered on, Lanstein said.


IDG covered this too.

The zombie computers used to send spam are coming back to life.

Security vendors say spammers are reconnecting with hacked PCs used for sending spam as evidenced by a rising number of spam messages circulating on the Internet the last few days. Spam levels suddenly dropped two weeks ago after the shutdown of McColo, a rogue ISP (Internet Service Provider) based in San Jose, California, whose connectivity was used to control networks of hundreds of thousands of computers to send spam, known as botnets.


According to the following report, these botnets can easily increase their size by recruiting more nodes.

A new analysis of botnets has come up with a possible reason for their prodigious ability to infect PCs -- many anti-virus programs are near to useless in blocking the binaries used to spread them.


SPAM on the Rise Again



A recent statistic suggested that over 150 billion SPAM messages are sent per day. Biblical proportions by all means! Some of this can be intercepted at server level, but it increases load on the servers (and thus everyone's connection fees), not to mention the severe issue of false positives (especially affecting businesses that rely on E-mail).

With increase in botnet activity comes increase in SPAM that threatens small businesses.

The fight against spam rages on after a spike in spam levels following the shut-down of hosting service McColo. SMBs are particularly vulnerable to malware and spam; ensuring secure, spam-free email should be a prominent security interest.


This was also covered by the BBC.

Spam on rise after brief reprieve



Some 450,000 infected computers have been spotted trying to connect to the largest of the networks McColo hosted.


Worms Warming Up



More worm problems emerge:

1. Vulnerable Windows Machines Sitting Ducks for the Conficker Worm

First Microsoft, and now McAfee is warning Windows users to expedite the process of applying a patch for a Critical vulnerability in Server Service affecting both client and server versions of the operating system.

According to the Redmond company, all supported platforms are vulnerable, including Windows 2000, Windows XP (even SP3), Windows Vista RTM/SP1, Windows Server 2003, Windows Server 2008 and Windows 7. McAfee has indicated that users not deploying the patch are vulnerable, while Microsoft has already informed that it had detected active attacks and infections in the wild, following a period when exploits were just targeted.


2. Windows worm infection accelerates

Microsoft is currently observing an increase in the spread of a new Windows worm that exploits the known vulnerability in the RPC functions of the Server service to penetrate systems. The infection rate of Conficker.A worm is reported to be accelerating over company networks in particular. The Microsoft Malware Protection Center says most reports are coming from the USA, but customers in Europe, Asia and South America too are affected, and reports have also been received from several hundred home users.


3. Microsoft Warns of Worm Attack on Windows

Security researchers at Microsoft Corp. last week warned of a significant climb in exploits of a Windows bug it patched with an emergency fix last month, confirming earlier reports by Symantec Corp.

Microsoft again urged users to apply the MS08-067 patch if they have not already done so.


4. Microsoft Warns Of Attack Exploiting Windows Vulnerability

Specifically, the worm deletes any use-created System Restore points, and attempts to contact numerous sites, including those of Google, Yahoo, MSN and ask.com, to obtain the current date, according to researchers at the SANS Institute. The worm then uses the date information to generate a list of domain names, which it then contacts in an attempt to download additional malicious files onto a user's affected computer.


5. Microsoft warns of new Windows attacks

The new attacks, which Microsoft's Malware Protection Center said began over the weekend but spiked during the past two days, use the same worm that Symantec first spotted last Friday.


6. Microsoft: Worm Exploiting Networked Computers via HTTP

Microsoft informed in its most recent security bulletin that a worm dubbed Win32/Conficker.gen!A is messing around with computers across a network by exploiting a vulnerability in the Windows Server service, allowing remote code execution to take place while file sharing is enabled.


How did computing fall into this mess? Well, the following article magically vanished (we did try to find it again, to no avail), but its headline was (is) "Microsoft Not Rushing To Fix Vista Kernel Vulnerability." The disappearance of this article might be innocent, but it still raises a brow.

We covered this last week. Even when severe flaws are found, Microsoft will leave them unpatched unless or until there is an attack exploiting them, i.e. when it's too late. It is not only vain but it's also irresponsible. It also enables Microsoft to 'massage' and lie about security using meaningless figures [1, 2, 3].

Once infected, nothing on a machine can be trusted, as proven by this new report.

A DANGEROUS new variant of malware is attacking PCs in the UK, the INQ has discovered. It hijacks the victim's browser and directs them to a fake site masquerading as AVG's own front page.


Needless to say, without radical change, things are bound to get worse before they get better. It's time for consideration of secure platforms.

Fire alarm

Comments

Recent Techrights' Posts

Links 26/10/2025: Microsoft Spies on Gamers, Open Transport Community Conference
Links for the day
Links 26/10/2025: LLM Slop / Plagiarism Programs Continue to Disappoint, CISA Layoffs Threaten Systems
Links for the day
Gemini Links 26/10/2025: Gemsync and Joining the Small Web
Links for the day
India.com a Click-baiting, SEO-Spamming, Slopfarming Heap
They do this almost every day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, October 25, 2025
IRC logs for Saturday, October 25, 2025
Without XBox Consoles, XBox is No More, It's Just a Brand (More Rumours of Microsoft Ending XBox, Then Laying Off Lots of Staff)
All signs indicate that Microsoft wants to "exit" the XBox business (not brand), but it does not want to publicly admit this as it would alarm staff and shareholders
Gemini Links 25/10/2025: Portugal, Midnightpub, and "Tech Right Admins"
Links for the day
Almost 2026 Already (When We Turn Twenty)
In just over a year the site will turn 20
When "Sponsored Feature" in The Register MS Means Ponzi Scheme Promotion From the Communist Party of China (CPC)
the promotion of a financial scam
Week of EPO Leaks: Workers of the EPO Are Getting a Pay Cut While Prices Rise Fast
More to come in the next few days
Microsoft is Finally Giving Up on XBox, The Chief Says the Grapes Are Sour Anyway
Microsoft loses hundreds of dollars on each XBox that it sells
Slopwatch: LinuxSecurity, UbuntuPIT, and Various Slopfarms Propped up by Google News
Why can't Google News do better than this?
Links 25/10/2025: Two New Smokescreens for Scam Altman and ‘TikTok USA’ Remains in Limbo
Links for the day
Bad faith: can't change Debian Social Contract (DSC) without unanimous consent of every joint author
Reprinted with permission from Daniel Pocock
Confirmed: Very Close Friend of Bill Gates and Microsoft's Biggest Patent Troll Nathan Myhrvold Flew the Lolita Express (a Gateway to Pedophilia), According to Bill Gates-Sponsored Seattle Times
There is no speculation or any "conspiracy theories" here;' those are verified facts
Gemini Links 25/10/2025: "The Highest Leader of The Global Civil Society Community", SSL Certificates Causing Bitrot
Links for the day
Links 25/10/2025: Target Layoffs and "Shutdown Sparks 85% Increase in US Government Cyberattacks"
Links for the day
"Big Data" Was a Big Lie
Remember "Big Data"? Remember "Data Scientists"...?
statCounter Has Been Broken for a Long Time
Considering the huge proportion of Web requests that come from LLM bots (more so this past year or two), statCounter may struggle to justify the operating costs
Techrights Anniversary Party on November 7th
Let us know if you need any accommodation-related arrangements
Trends That Must Alarm Microsoft and Mozilla
Expect Firefox to no longer be supported by various sites in the US
Why Microsoft Became the Layoffs Leader
The corporate media is projecting or signalling its own dishonesty when it tells us that Microsoft is a very "valuable" company while the data shows Microsoft is also a "market leader" in layoffs
Speaking for Ourselves and Letting the Facts Speak for Themselves
we've already published over 50,000 pages
For Second Time in a Day The Register MS Takes Money From Private Companies to Sell a Ponzi Scheme
Do not have empathy for those who have zero empathy towards you
IBM is Misleading IBM Shareholders
IBM is still all about vapourware and buzzwords
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, October 24, 2025
IRC logs for Friday, October 24, 2025
The Serial Slopper Starts Up - or Restarts - His Plagiarism Machine (LLMs)
Serial Sloppers like these don't belong in news sites. That's why he got sacked by BetaNews.
Links 24/10/2025: Esperanto Music History, Anxiety, and New Portals
Links for the day
[Video] Richard Stallman's Talk in Sweden, Attended by Nearly 700 People, is Now Online
The Web page is in Swedish, but the talk is in English
Slopwatch: LinuxSecurity.com, Linux Journal, and Pet Slopfarms of Google News
Why does Google News still advance these fake sites to the top of search results?
Links 24/10/2025: Inequality Grows, Billion-Dollar Scam Center Industry
Links for the day
Links 24/10/2025: "Independent Media in Cambodia is Collapsing" and Serious F5 Breach
Links for the day
Coping With the Site Going More Mainstream
Fame is no laughing matter
They Never 'Put Down' Corporations
There are "pests" that are traded in Wall Street
21 Pages in Less Than 7 Hours is No Joking Matter
We've become a lot more effective and efficient
Correct Information is a Valued Asset in the Age of Slopfarms and Public Relations (PR) or Spin
Publishing suppressed facts is never easy
The Register MS Continues to Bag Money to Promote a Ponzi Scheme, Even Money From China
Today in the front page
analytics.usa.gov: The Only Supported Version of Windows (This Past Week) is Only Used by About 13.9% of People in the US, the Home Base of Windows
Even Vista 7 is still used more
Rust is Very Secure
If only Rust itself is secure
Who Will be Held Accountable for Breaking Ubuntu by Imposing Rust on Otherwise-Functional Programs, in Effect Replacing GNU With Proprietary Microsoft (GitHub)?
they're practical people who merely point out that a bunch of buffoons not only ruin Ubuntu but also every future distro based on Ubuntu
Generation Chaff - Phase VIII: In Summary
Like "Science" with a capital "S", what we see here commercial interests usurping everything
Generation Chaff - Phase VII: Curtailing Alternative Media
There was always an obligation - a collective duty of sorts - to uphold independent journalism
Generation Chaff - Phase VI: Centralisation of Information (X, Cheetok/Fentanylware)
Would you trust information when controlled by such people?
Generation Chaff - Phase V: Censorship of Dissent (Painted as Harassment or Terrorism)
Censorship is all around us now
Generation Chaff - Phase IV: Apps Only Few Companies Decide On
Tools are being collectively confiscated, under the premise or false prospect of "security"
Generation Chaff - Phase III: Slop and Plagiarism
A lot of the current so-called 'economy' is built upon false valuations
Generation Chaff - Phase II: "Cloud", Blockchains and Other Hype
For those of us who turned down those propositions there was a struggle; we needed to justify not having skinnerboxes or "social" accounts in some site run by a private company
Generation Chaff - Phase I: Social Control Media
IRC predates the Web
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, October 23, 2025
IRC logs for Thursday, October 23, 2025
More Clues Shed on Collapse of Microsoft XBox
XBox is basically circling down the drain as Microsoft implements 2-3 waves of layoffs each month
'Vibe Coding' Doesn't Work
In a lot of ways, so-called 'Vibe Coding' is already considered vapourware or a passing fad promoted in the media by managers who try to justify mass layoffs, especially ridding companies of "very expensive" software engineers
Links 24/10/2025: Microsoft's Killing of XBox Connected to Revenue/Profit Problems, "How Elon Musk Ruined Twitter"
Links for the day
Gemini Links 24/10/2025: 86,400 Seconds and "Society's Task"
Links for the day