myITforum.com
Welcome to myITforum.com Sign in | Join | Help
in Search
Site Home Home Bloggers List Blogs Photos Downloads

Harry Waldron at myITforum.com

Sharing Security Developments, and Best Practices for corporate and home users

MSRC: Inside Microsoft's Zotob Situation Room

A neat "behind the scenes" of what MSRC was doing during the MS05-039 worm attacks: 

MSRC: Inside Microsoft's Zotob Situation Room

QUOTE: In the wee hours of Sunday morning, an enterprise customer contacted the MSRC with the first positive identification of what would become the Zotob attack. Toulouse declined to name the customer.

"They came to us with a sample of a new attack that they believed was exploiting the Plug and Play vulnerability," he said. "We took the code and started our own investigation. We also passed it to our VIA [Virus Information Alliance] partners to make sure everyone can get their signatures updated to provide protection."

The MSRC's investigation confirmed that an actual attack exploiting MS05-039 was under way and would only get worse.

"Early Sunday morning, our investigators tell us to get started on our process. We weren't seeing a widespread attack, and the anti-virus vendors weren't seeing anything major yet. But, with everything we knew, we decided to activate our security response process."

By 10 a.m. Sunday, pagers started buzzing. The Situation Room was set up in Building 27 at Microsoft's Redmond campus.

....

Published Aug 26 2005, 03:48 PM by hwaldron

Comments

No Comments

This Blog

Syndication
Copyright - www.myITforum.com, Inc. - 2007 All Rights reserved.
Powered by Community Server (Commercial Edition), by Telligent Systems