What hit us in nov 2006 was one 'payload', and it did not care if it was xp, Linux or a new intel mac. The only pc that did not go down on that network was a 2003 mac osx (panther). That was the only one which had a different 'architecture'. Whether that is the reason or not, i will leave it to smarter security people to figure out.

I keep that mac offline, play games, do photoediting etc. The internet right now is a dangerous place. We had all patches, internet security defs up to date, did not do dumb stuff, had recommended policies, strong passwords and it stopped nothing. It came according to it's payload log: ACTION-COMMAND LINE.

Guess I have about 1000 pages of these 'payload logs', files in javascript, c windows, the intel mac logs, their boot.efi; have several dvds from at least 3-4 pcs of c windows,registry.

Today in Linux got the hardware settings of my Hp. Very revealing, but just emailed it to myself, novell since that is the distro and to Hp security alert.

Consistent in the intel mac and xp is they complain of all devices 'not having the code for the architecture specified', bios and ram errors and the cpu ain't too happy about that malcode taking it's spot. Not sure which register the code is stealing, but perhaps the smart people will know what it means.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11359/34831#34831