February 1st, 2006, 19:53 PM
Old and Cranky
Microsoft Won't Issue Advance Kama Sutra Fix
Infected PCs will be in danger on Friday. Microsoft said its next scheduled set of fixes--on Feb. 14--will detect and remove the worm.
Microsoft Monday posted a security advisory on the Kama Sutra/Blackworm/MyWife worm that's set to overwrite Office documents on infected PCs Friday, but the company has decided against updating its Windows Malicious Software Removal Tool before the next regularly-scheduled release of Feb. 14.
The security advisory -- a mechanism Microsoft uses to both alert users of impending threats and give them advice or workarounds to apply -- repeats recommendations that most security vendors have been offering since the worm debuted two weeks ago.
It also notes that infected PCs will be in danger on Friday, Feb. 3, when the worm will overwrite several popular file formats, including those of Microsoft Office, with useless data.
But according to the team in charge of Microsoft's Windows Software Removal Tool, that program won't be updated until after the Friday deadline passes.
"Microsoft releases a new version of the Windows Malicious Software Removal Tool every month on the second Tuesday of the month together with the other security updates," wrote developers on the group's blog. "The next version, targeted for release on February 14th, will detect and remove this worm."
The blog offered no explanation why the tool wouldn't be updated earlier, nor did Microsoft immediately respond to questions. Each month, Microsoft pushes a revised tool to Windows users who have Automatic Update enabled for Windows Update or Microsoft Update.
The Redmond, Wash.-based company has released the Malicious Software Removal Tool off-schedule once before, in August 2005, shortly after the Zotob worm began striking Windows 2000 systems.
Both the company's free online security service, Windows Live Safety, and its in-beta OneCare Live software, however, will disinfect compromised computers, Microsoft said.
February 1st, 2006, 22:23 PM
The security advisory was updated today (1st Feb)
Microsoft Security Advisory (904420)
Published: January 30, 2006 | Updated: February 1, 2006
Microsoft wants to make customers aware of the Mywife mass mailing malware variant named Win32/Mywife.E@mm. The mass mailing malware tries to entice users through social engineering efforts into opening an attached file in an e-mail message. If the recipient opens the file, the malware sends itself to all the contacts that are contained in the system’s address book. The malware may also spread over writeable network shares on systems that have blank administrator passwords.
Customers using Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003, or Windows Server 2003 Service Pack 1 may be at reduced risk from this malware; if the account password is blank, the account is not valid as a network credential. In an environment where you can guarantee physical security, you do not need to use the account across the network, and you are using Windows XP or Windows Server 2003, a blank password is better than a weak password. By default, blank passwords can only be used locally in Windows XP and Windows Server 2003.
Customers who are using the most recent and updated antivirus software could be at a reduced risk of infection from the Win32/Mywife.E@mm malware. Customers should verify this with their antivirus vendor. Antivirus vendors have assigned different names to this malware but the Common Malware Enumeration (CME) group has assigned it ID CME-24.
On systems that are infected by Win32/Mywife@E.mm, the malware is intended to permanently corrupt a number of common document format files on the third day of every month. February 3, 2006 is the first time this malware is expected to permanently corrupt the content of specific document format files. The malware also modifies or deletes files and registry keys associated with certain computer security-related applications. This prevents these applications from running when Windows starts.
As with all currently known variants of the Mywife malware, this variant does not make use of a security vulnerability, but is dependent on the user opening an infected file attachment. The malware also attempts to scan the network looking for systems it can connect to and infect. It does this in the context of the user. If it fails to connect to one of these systems, it tries again by logging on with "Administrator" as the user name together with a blank password.
Customers who believe that they are infected with the Mywife malware, or who are not sure whether they are infected, should contact their antivirus vendor. Alternatively, Windows Live Safety Center Beta Web site provides the ability to choose “Protection Scan” to ensure that systems are free of infection. Additionally, the Windows OneCare Live Beta, which is available for English language systems, provides detection for and protection against the Mywife malware and its known variants.
February 1st, 2006, 23:30 PM
Old and Cranky
Hmm. There must've been some pressure on them or maybe just a change of heart on Microsofts part. The article I posted was dated yesterday...