MSMVPS.COM
The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.
Security Manifest » Crog aka Fatso - MSN Messenger Outbreak

Crog aka Fatso - MSN Messenger Outbreak

Crog (also known by several other names, such as Sumom, Serflog, and Fatso - the last name which is likely to become the media name) is an MSN Messenger worm that appeared today and is spreading quickly, earning Medium risk from some antivirus companies. The worm sends itself to victims via MSN Messenger from the infected computer. File names are likely to end in a .pif extension, but there is a 1-in-12 chance that the extension will instead be .scr. Most of the file names infer a photograph, either humorous or pornographic in nature.

Crog has been declared a Medium Risk threat at Sophos, Trend Micro, and Secunia.

Details
Crog was discovered on March 7, 2005, with details first published shortly after midnight GMT. It is a worm that spreads via MSN Messenger and the eMule P2P network. Additionally, machines infected with Crog will have their security settings adjusted to lower levels. Access to security related web sites is blocked on Crog-infected computers, and a range of security programs also is disabled by the worm. The worm also intercepts CD writes and adds itself to them - this is an uncommon feature in worms.

Protection
Updated detections for most antivirus programs should appear within the next 24 hours or so. It is unlikely emergency detection will be published, as the worm reminds a Low risk threat on all descriptions at this time. In the meantime, MSN Messenger users should exercise common sense and not open any executable file format that is sent to them randomly, including .pif and .scr, which this worm uses.

Infected users should wait for detection files and/or more detailed information and removal information to be published before attempting to remove the worm. Until then, infected users should avoid connecting to the Internet or any open network.

Links
McAfeeHelp Forums - Excellent resource for latest information and updates.
Secunia - Compiles latest descriptions and links. Refers to worm as “Fatso.“
Trend Micro - Excellent, highly detailed write-up with pictures. Refers to worm as “Fatso.”
Symantec - Fairly detailed write-up without some additional details. Uncluttered. Refers to worm as “Serflog.”
Panda - Fairly detailed write-up. Excellent removal instructions. Refers to worm as “Fatso.“
F-Secure - Fairly detailed write-up. No removal instructions. Refers to worm as “Sumom.“
McAfee - Fairly detailed write-up. No removal instructions.
Sophos - Fairly detailed write-up. No removal instructions. Refers to worm as “Sumom.”

Posted Mar 07 2005, 03:38 PM by trafton
Filed under: , ,

Comments

trafton wrote buy hydrocodone
on 03-30-2005 17:43
http://hydrocodone.net2.ro/index.html http://hydrocodone.net2.ro/buyhydrocodone.html http://hydrocodone.net2.ro/buy_hydrocodone_online_.html http://hydrocodone.net2.ro/buy_cheap_hydrocodone_online.html http://hydrocodone.net2.ro/buy_hydrocodone_online.html http://hydrocodone.net2.ro/buy_hydrocodone_online_with_no_prescription.html http://hydrocodone.net2.ro/hydrocodone-buy-.html http://hydrocodone.net2.ro/buy_cheap_hydrocodone.html http://hydrocodone.net2.ro/buy-hydrocodone.html http://hydrocodone.net2.ro/buy-hydrocodone-club-join.html http://hydrocodone.net2.ro/buy-hydrocodone-cod.html http://hydrocodone.net2.ro/buyhydrocodoneline.html http://hydrocodone.net2.ro/buy-hydrocodone-overnight.html http://hydrocodone.net2.ro/buy_hydrocodone_prescription.html http://hydrocodone.net2.ro/buy_hydrocodone_where.html http://hydrocodone.net2.ro/buy-liquid-codeine-lortab-hydrocodone-cough-syrup.html http://hydrocodone.net2.ro/hydrocodone-buy-online-.html http://hydrocodone.net2.ro/hydrocodone_online_.html http://hydrocodone.net2.ro/online_hydrocodone_.html http://hydrocodone.net2.ro/bu_hydrocodone_online.html http://hydrocodone.net2.ro/buying_hydrocodone_online.html http://hydrocodone.net2.ro/cheap_hydrocodone_online.html http://hydrocodone.net2.ro/cheap_online_prescription_hydrocodone_overnight_delivery.html http://hydrocodone.net2.ro/cod_hydrocodone_online.html http://hydrocodone.net2.ro/hydrocodone_buying_narcotic_online.html http://hydrocodone.net2.ro/hydrocodone-free-online-prescription.html http://hydrocodone.net2.ro/hydrocodone_online_ordering.html http://hydrocodone.net2.ro/hydrocodone-online-pharmacy.html http://hydrocodone.net2.ro/hydrocodoneonlineprecriptions.html http://hydrocodone.net2.ro/hydrocodone-prescription-online.html http://hydrocodone.net2.ro/online-consultation-and-hydrocodone.html http://hydrocodone.net2.ro/onlinepharmacyandnoprescriptionandhydrocodone.html http://hydrocodone.net2.ro/online-pharmacy-drug-hydrocodone-10-500.html http://hydrocodone.net2.ro/onlinepharmacyhydrocodonevicodin.html http://hydrocodone.net2.ro/onlinepharmacysellhydrocodone.html http://hydrocodone.net2.ro/online-rx-hydrocodone.html http://hydrocodone.net2.ro/orderhydrocodoneonline.html http://hydrocodone.net2.ro/pain_medication_online_hydrocodone.html http://hydrocodone.net2.ro/purchase-hydrocodone-online.html
http://hydro1.zap3x.com/
http://www.hydro2.home.ro
http://www.hydro1.go.ro
http://vicodinphar.premium.ws/
http://premium.ws/vicodinphar/
http://www.vicodinphar.premium.ws/
http://www.premium.ws/vicodinphar/
http://phenterminepage.visit.ws/
http://visit.ws/phenterminepage/
http://www.phenterminepage.visit.ws/
http://www.visit.ws/phenterminepage/
http://hydrocodoneapap.rocks.it
http://hydrocodonebitartrate.does.it
http://hyd1.makes.it
http://hydphar.128bit.at
http://hydrocodoneorder.venture.at
TrackBack wrote re:Crog aka Fatso - MSN Messenger Outbreak
on 04-13-2005 7:10
^_^,Pretty Good!
TrackBack wrote re:Crog aka Fatso - MSN Messenger Outbreak
on 04-25-2005 4:18
^_~,pretty good!18showsseeoo
TrackBack wrote re:Crog aka Fatso - MSN Messenger Outbreak
on 05-10-2005 4:30
^_~,pretty good!csharpsseeoo
TrackBack wrote re:Crog aka Fatso - MSN Messenger Outbreak
on 06-01-2005 20:21
Crog aka Fatso - MSN Messenger Outbreakooeess
trafton wrote yellow pages main
on 08-17-2005 5:20
Thank you! http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com/India/">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com/India/ <a href='http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com'>business yellowpages</a>. <a href="http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com ">international directory</a>: add your firm, business organization directory, DIRfor pages. Also [url]http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com/China/[/url] and [link=http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com]companies of the world[/link] from http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com">http://www.dirfor.com .
trafton wrote online directory main
on 08-17-2005 5:20
trafton wrote re: Crog aka Fatso - MSN Messenger Outbreak
on 10-04-2005 11:08
http://medlem.jubii.dk/diaporamasexe/annuaire-sexe
http://medlem.jubii.dk/diaporamasexe/annuaire-sexe-gratuit
http://medlem.jubii.dk/diaporamasexe/chat-sexe
http://medlem.jubii.dk/diaporamasexe/film-sexe
http://medlem.jubii.dk/diaporamasexe/free-sexe
http://medlem.jubii.dk/diaporamasexe/gratuit-sexe
http://medlem.jubii.dk/diaporamasexe/gros-sexe
http://medlem.jubii.dk/diaporamasexe/image-sexe
http://medlem.jubii.dk/diaporamasexe/mangas-sexe
http://medlem.jubii.dk/diaporamasexe/photo-sexe
http://medlem.jubii.dk/diaporamasexe/photo-sexe-gratuite
http://medlem.jubii.dk/diaporamasexe/rencontre-sexe
http://medlem.jubii.dk/diaporamasexe/sexe
http://medlem.jubii.dk/diaporamasexe/sexe-amateur
http://medlem.jubii.dk/diaporamasexe/sexe-amateur-gratuit
http://medlem.jubii.dk/diaporamasexe/sexe-anal
http://medlem.jubii.dk/diaporamasexe/sexe-arabe
http://medlem.jubii.dk/diaporamasexe/sexe-asiatique
http://medlem.jubii.dk/diaporamasexe/sexe-bizarre
http://medlem.jubii.dk/diaporamasexe/sexe-black
http://medlem.jubii.dk/diaporamasexe/sexe-extreme
http://medlem.jubii.dk/diaporamasexe/sexe-feminin
http://medlem.jubii.dk/diaporamasexe/sexe-femme
http://medlem.jubii.dk/diaporamasexe/sexe-gaulois
http://medlem.jubii.dk/diaporamasexe/sexe-gay
http://medlem.jubii.dk/diaporamasexe/sexe-hard
http://medlem.jubii.dk/diaporamasexe/sexe-homme
http://medlem.jubii.dk/diaporamasexe/sexe-mature
http://medlem.jubii.dk/diaporamasexe/sexe-porno
http://medlem.jubii.dk/diaporamasexe/video-sexe
http://medlem.jubii.dk/diaporamasexe/video-sexe-gratuite
http://medlem.jubii.dk/diaporamasexe/webcam-sexe
trafton wrote re: Crog aka Fatso - MSN Messenger Outbreak
on 10-06-2005 7:44
http://www.meseos-hisia.loost.com @ http://www.videos-sexi-porno.loost.com @ http://www.anatolitikos-exeretikos.loost.com @ http://www.movie-episimos-klima.loost.com @ http://www.mystiriodis-gamimeno.loost.com @ http://www.akreos-tetraplo.loost.com @ http://www.movie-orimos-foto.loost.com @ http://www.exoterika-kori.loost.com @ http://www.videos-magoulo-mpompina.loost.com @ http://www.na-hezo-dropalos.loost.com @ http://www.picture-iaponeza.loost.com @ http://www.stin-kouzina.loost.com @ http://www.iaponeza-apokaliptikos.loost.com @ http://www.iaponeza-exeretikos.loost.com @ http://www.anoitos-koyventa.loost.com @ http://www.stomatiko-gelios.loost.com @ http://www.picture-iaponeza-video.loost.com @ http://www.stratos-omorfi.loost.com @ http://www.picture-kartoun-ikonidia.loost.com @ http://www.pozarontas-videos.loost.com @ http://www.xxx-vasilisa-tenia.loost.com @ http://www.password-pipa-ikones.loost.com @ http://www.password-vasilisa-kinimatographos.loost.com @ http://www.tv-ekspermatosi-poza.loost.com @ http://www.free-giatros-video.loost.com @ http://www.terastios-pidixou.loost.com @ http://www.download-bastardos-tenia.loost.com @ http://www.pics-nosokoma-ouranos.loost.com @ http://www.pic-istories-ouranos.loost.com @ http://www.mov-megalos-syloges.loost.com @ http://www.metrios-poza.loost.com @ http://www.orimos-syloges.loost.com @ http://www.picture-agoria-tenia.loost.com @ http://www.mov-gimnistis-ikones.loost.com @ http://www.sex-geisa-eleftheros.loost.com @ http://www.free-mouni-fotografia.loost.com @ http://www.gamisou-arestos.loost.com @ http://www.synesthimatikos-souideza.loost.com @ http://www.moro-avi.loost.com @ http://www.download-geladarisa-ikonidio.loost.com @ http://www.striptiz-akreos.loost.com @ http://www.anoitos-adinatos.loost.com @ http://www.film-kryo.loost.com @ http://www.free-vazo-dahtilo-klipaki.loost.com @ http://www.ikonidio-apesios.loost.com @ http://www.password-terastios-ikones.loost.com @ http://www.tv-botes-mpompina.loost.com @ http://www.axiagapitos-aperigraptos.loost.com @ http://www.opisthia-i-pio-haritomeni.loost.com @ http://www.mikrokamomenos-nearos.loost.com
trafton wrote re: Crog aka Fatso - MSN Messenger Outbreak
on 11-28-2005 9:55

Add a Comment

(required)  
(optional)
(required)  
Remember Me?


Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems