Sponsored by..

Thursday 19 June 2008

msmvps.com, msinfluentials.com and Spyware Sucks offline

I'm a regular reader of Spyware Sucks and was surprised to see that it had been offline for a few days. It turns out that the server that runs the msmvps.com blogging service (used by main Microsoft specialists) got infected with this nasty.

The Google cache of the SBS Diva Blog throws up this information:

In getting ready for the upgrade to CS 2008 I was trying to make some special backups... that wouldn't work. Well in digging into the matter more, that' service that is missing some files which is causing the peer to peer backups between Brianna and Yoda to fail.. isn't a real service at all.

http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotgos.html

We have backups so first thing tomorrow morning I'll be calling PSS Security to, more than anything else find out the "how" this happened.

Bottom line we got a critter on the box and I didn't (intentially anyway) put it there.

And to check to see if Yoda should be quarantened (aka web server turned off) to protect web visitors as well. So if the blog goes off the air a bit we're just doing it to better protect viewers.


and

In looking at the log files and event logs of Yoda, I'm not liking what I'm seeing... so the blog site at www.msmvps.com and www.msinfluentials.com will be offline starting at 7p.m. Pacific possibly until Friday.

Apologies for the inconvenience to all the bloggers on the site and we'll get back online as soon as we can.

Microsoft recommends that any systems found to be compromised or suspected of being compromised be formatted and re-installed from a known good build (i.e. operating system CD + all security patches while disconnected from the network). CERT has a good web site that provides information on recovering from security incidents located at: http://www.cert.org/nav/recovering.html
Oh well.. it can happen to anyone.

No comments: