worm Threat

[Guest]

MS antispyware does not see this worm

Win32.Sndc.A is a worm that spreads via Peer-to-Peer file
sharing networks. It also contains backdoor functionality
that allows unauthorized access to an affected machine.

 

[Mikolaj]

MS antispyware does not see this worm

Win32.Sndc.A is a worm that spreads via Peer-to-Peer file
sharing networks. It also contains backdoor functionality
that allows unauthorized access to an affected machine.

Of course it does not, because detection of worms belongs to antivirus
application and MSAS is not such application.
Take a look here - it is the description what actually spyware is:
http://www.microsoft.com/athome/security/spyware/spywarewhat.mspx

 

[Bill Sanderson]

I agree with Mikolaj, but if you have an infected machine, please send a
Tools, suspected spyware report with details.

Although Microsoft Antispyware is not an antivirus, it is possible that
there's an integration point which could be added to the monitoring agents
which might be pointed up by such a report.

 

[Mikolaj]

I agree with Mikolaj, but if you have an infected machine, please send a

Tools, suspected spyware report with details.

Although Microsoft Antispyware is not an antivirus, it is possible that
there's an integration point which could be added to the monitoring agents
which might be pointed up by such a report.

Of course you are right, I have just described the current state, you think
more perspectively. Your way is better

 

[Bill Sanderson]

My sense of this, having taken a good look at some other projects--the
Malicious Spyware Removal Tool, for example--is that they are building an
information store of good objects and bad objects that is broader than a
single product line. I'm just observing here, but having a solid base of
information with MD5 hashes and all of good stuff (services installing,
executables wanting to talk through a firewall) and bad stuff (spyware,
viruses) can be useful for a variety of purposes.

They are now publishing some excellent information which is somewhat broader
than you might expect from the header on this page, for example:

http://www.microsoft.com/security/malwareremove/families.mspx

There's a lot of depth to this info, more than you might expect to just back
up the MRT which, after all, in most cases runs with no UI!

I don't know, proportionally, what part Spynet submissions have in this, but
I think that kind of feedback will be a significant part of the effort to
keep up with both new good stuff and new bad stuff.
--

 

[Mikolaj]

My sense of this, having taken a good look at some other projects--the

Malicious Spyware Removal Tool, for example--is that they are building an
information store of good objects and bad objects that is broader than a
single product line. I'm just observing here, but having a solid base of
information with MD5 hashes and all of good stuff (services installing,
executables wanting to talk through a firewall) and bad stuff (spyware,
viruses) can be useful for a variety of purposes.

They are now publishing some excellent information which is somewhat
broader than you might expect from the header on this page, for example:

http://www.microsoft.com/security/malwareremove/families.mspx

There's a lot of depth to this info, more than you might expect to just
back up the MRT which, after all, in most cases runs with no UI!

Yes, I am familiar with that page. It's my omit that I have forgotten the
link between the MSAS and MSRT and all the implications of that fact.
However, thanks to your comment I'll keep my eyes more open

I don't know, proportionally, what part Spynet submissions have in this,
but I think that kind of feedback will be a significant part of the effort
to keep up with both new good stuff and new bad stuff.
--

I totally agree that the submissions take a great part in the process of
selecting and eliminating threats. And because of that, I usually suggest to
send the report to the SpyNet in case of infection. And the more
removal/antisomething tools will use this gathered and processed by the
SpyNet info, the more will all users benefit of that.

(Please excuse me my "English", it's really not my native language )