Scob variant using IIS 6.0 or just upgrades ?

Grok Headline matches for Scob variant using IIS 6.0 or just upgrades ?

Registry Fix For Variant of Scob

Registry Fix For Variant of Scob 07/03/2004 11:49 AM
Drew Copley (Jul 02 2004)

RE: Registry Fix For Variant of Scob

RE: Registry Fix For Variant of Scob 07/05/2004 02:38 PM
Thor Larholm (Jul 03 2004)

Scob infection statistics, etc..

Scob infection statistics, etc.. 06/28/2004 04:54 PM
Hubbard, Dan (Jun 28 2004)

Web servers still doling out "Scob" code

Web servers still doling out "Scob" code 07/08/2004 05:13 PM
BOSTON - More than 100 Web servers are still distributing the "Scob" malicious code, first identified two weeks ago as code used in a widespread attack to plant Trojan horse programs on vulnerable computers, according to one computer security company. That attack used compromised Microsoft Corp. Internet Information Services (IIS) Web servers to distribute the Trojan horse programs.

JS.Scob.Trojan Source Code ...

JS.Scob.Trojan Source Code ... 06/29/2004 12:08 PM
K-OTiK Security (Jun 28 2004)

Scob code still widespread, says
security expert

Scob code still widespread, says
security expert 07/09/2004 06:22 AM
Computer Weekly Jul 9 2004 11:10AM GMT

Scob Virus Targets Financial Data
(NewsFactor)

Scob Virus Targets Financial Data
(NewsFactor) 06/28/2004 03:05 PM
NewsFactor - The so-called "Scob" virus that infiltrated possibly thousands of popular and mainstream Web sites apparently was trolling for financial data from unprotected PCs, according to antivirus firms tracking this latest malicious code.

Re: New MyDoom variant

Re: New MyDoom variant 08/04/2004 03:24 PM
Paul Kurczaba (Aug 04 2004)

New MyDoom variant

New MyDoom variant 08/04/2004 03:24 PM
albatross_at_tim.it (Aug 04 2004)

Price isn't right for new Bagle variant

Price isn't right for new Bagle variant 08/10/2004 05:37 AM
Worm du jour

Re: New MiMail variant is DDoS'ing
SCO.com

Re: New MiMail variant is DDoS'ing
SCO.com 01/28/2004 03:36 PM
Bob Toxen (Jan 27 2004)

Price not right on Bagle variant

Price not right on Bagle variant 08/09/2004 05:06 PM
New version of worm floods e-mail in-boxes with bogus price quote messages.

New Sasser variant indicates copycat

New Sasser variant indicates copycat 05/12/2004 11:16 AM
The worm reappears as Sasser.F, even after the arrest of a teenager suspected of writing the original.

Another Bagle variant tries to spread

Another Bagle variant tries to spread 09/01/2004 03:38 PM
New version turns off security and attempts to download malicious programs from the Net--but it's not likely to get far.

New MiMail variant is DDoS'ing SCO.com

New MiMail variant is DDoS'ing SCO.com 01/27/2004 01:49 PM
tlarholm_at_pivx.com (Jan 26 2004)

Another New Bagle Variant Spreads

Another New Bagle Variant Spreads 07/17/2004 06:27 AM
Techzonez Jul 17 2004 11:10AM GMT

New Bagle variant seen in the wild

New Bagle variant seen in the wild 07/16/2004 10:22 AM
Antivirus software companies late Thursday and early Friday began warning e-mail users that the persistent Bagle virus has re-emerged in a new version, Bagle.AF or Beagle.AB.

New Code Red variant reported

New Code Red variant reported 03/13/2003 10:16 AM
Antivirus vendors rated CodeRed.F a low risk, saying that it exploits an IIS vulnerability that many systems administrators have long since patched.

Sasser variant appears despite arrest

Sasser variant appears despite arrest 05/10/2004 06:04 AM
Computer Weekly May 10 2004 10:08AM GMT

New Sober variant creating trouble

New Sober variant creating trouble 04/19/2005 11:15 AM
TechWorld Apr 19 2005 3:05PM GMT

Infected PCs spew MyDoom variant

Infected PCs spew MyDoom variant 08/16/2004 12:07 PM
Business as usual

Sasser variant suggests copycat

Sasser variant suggests copycat 05/12/2004 09:38 PM
Sympatico May 13 2004 1:07AM GMT

MyDoom variant attacks Microsoft.com

MyDoom variant attacks Microsoft.com 01/28/2004 08:43 PM
Same author, less damage

New Netsky Variant -- No Attachment
Needed

New Netsky Variant -- No Attachment
Needed 04/15/2004 11:36 PM
Internet.com Apr 16 2004 3:07AM GMT

Beagle worm variant getting worse

Beagle worm variant getting worse 07/17/2004 01:39 AM
Sunday Times South Africa Jul 17 2004 5:16AM GMT

New MyDoom Variant Targets Symantec

New MyDoom Variant Targets Symantec 09/17/2004 02:18 PM
theWHIR Sep 17 2004 6:33PM GMT

Google, other engines hit by worm
variant

Google, other engines hit by worm
variant 07/26/2004 02:14 PM
Top search sites troubled by latest MyDoom release.

plinks - a purple numbers variant

plinks - a purple numbers variant 05/30/2004 02:54 AM

Via Tim Bray, I came across the concept of Purple Numbers. In a nutshell these are permalinks attached to every paragraph on a page which, to paraphrase Tim, make every paragraph on a page a first-class Web citizen.

That's a very worthy concept, but the implementations I've seen have so far failed to inspire me. First of all, while the ability to link to any paragraph on a page is useful, the links themselves are either ugly, distracting or both. While reading Tim's entry I found myself mentally pausing after each paragraph: probably because I'm used to the purple # marks on Scripting News and other such sites designating the end of an entry. They're also extra cruft in my markup.

So, my ideal purple numbers implementation would minimise markup pollution and visual clutter.

Another issue with purple numbers is permanency: they're absolutely no good if they don't stay as true permalinks. This rules out naively generating them on the fly when a page is outputted as future edits to an article could result in links targetting different paragraphs entirely. Instead, the links (in the form of id attributes on paragraph tags) need to be assigned when the content is created. If additional paragraphs are later added to the content they should be numbered in such a way as not to intefere with the original paragraph links, which I shall call plinks for the sake of brevity.

We'll ignore the issue of visual clutter for the moment: let's look instead at how plinks can be introduced without polluting the markup of my pages. While the IDs that form the target of the links are a critical part of the structure of the page, the actual links are something of a convenience for people who don't want to dig through my source code looking for IDs and are unaware of the various bookmarklets that can reveal them (such as Jesse Ruderman's named anchors). As such, I don't see the links as a critical part of the page content, so I have no qualms whatsoever about appending them to the page using JavaScript after the page has loaded. Here's the function I'm using:

function addpLinks() {
  var paras = document.getElementsByTagName('p');
  for (var i = 0; i < paras.length; i++) {
    var current = paras[i];
    if (/^p-/.test(current.id)) {
      // It's a purple link paragraph
      var plink = document.createElement('a');
      plink.href = document.location.href.split('#')[0] + 
        '#' + current.id;
      plink.className = 'plink';
      plink.appendChild(document.createTextNode(' #'));
      current.appendChild(plink);
    }
  }
}

The function iterates over every paragraph on the page looking for paragraphs with an id that starts with "p-", my chosen format for plink IDs. When it finds one, it creates a new link using the DOM and assigns it an href attribute which is the base URL of the current page (not including any existing fragment identifier) with a # and the paragraph's ID appended on the end.

My plinks all have a class of "plink", which allows me to style them. This is where I can reduce the visual clutter on the page as much as possible. Consider the following:

p a.plink {
  text-decoration: none;
  color: #c8a8ff;
  display: none;
}
p:hover a.plink {
  display: inline;
}

In an ideal world this would make the links invisible until the mouse cursor was positioned over the containing paragraph. Unfortunately, IE for Windows only honors the :hover pseudo-selector when it is applied to links. I'd like IE users to have at least a chance of discovering my plinks, so I came up with this:

p a.plink {
  text-decoration: none;
  color: #fff; /* the page background colour */
}
p:hover a.plink, p a:hover.plink {
  color: #c8a8ff;
}

The plinks are initially invisible by virtue of having the same colour as the page background. In browsers that support :hover on paragraphs, they become visible (by changing colour) when the mouse hovers over the paragraph. In browsers that only support :hover on links, they become visible when the mouse hovers over the links. Sure, they're a lot harder to find but I see it as an easter egg for IE users. Another example of MOSe in action.

There are a couple of more pieces to the puzzle. Firstly, adding all of those IDs to those paragraph tags is the kind of task that humans avoid and computers thrive on. Now I could automate this in my CMS, but I'm not in the mood for PHP at the moment so I've automated it in a bookmarklet instead: Add plink IDs (drag to your bookmarks). The bookmarklet will look inside any textareas on the current page and add an ID to every paragraph, provided it's a simple <p>. It's something of a quick hack but it does the job. Here's the bookmarklet code expanded to show how it works:

javascript:(function() {
  var tas = document.getElementsByTagName('textarea');
  for (var i = 0; i < tas.length; i++) {
    var ta = tas[i];
    var text = ta.value.replace('<p>', function() {
      if (typeof arguments.callee.counter == 'undefined') {
        arguments.callee.counter = 0;
      }
      return '<p id="p-'+arguments.callee.counter++ +'">';
    });
    ta.value = text;
  }
})();

Incidentally, the above uses a technique I picked up today while flicking through David Flanagan's eternally useful JavaScript: The Definitive Guide. Inside a JavaScript function a special object called arguments is available. The object has a property called callee which refers to the function itself, even if as above it's an anonymous function. Since functions are objects they can have properties: in this case, I create a counter property and use it to keep track of the IDs as I assign them. The whole lot is contained within a function argument to a replace call, where the function is called every time a <p> is found to determine what to replace it with.

At this point I had everything I needed, but then inspiration struck: how about a method of highlighting a paragraph if a user should visit a page using a link that targetted it? Suporting this meant adding yet another function to be executed once the page had loaded:

function plinkHighlight() {
  if (/#p-/.test(document.location)) {
    // The user arrived via a plink
    var plink_id = document.location.split('#')[1];
    var para = document.getElementById(plink_id);
    para.className = para.className + ' plinkHighlight';
  }
}

A custom style for the highlighted paragraph can now be defined using the plinkHighlight class hook.

I've now implemented all of the above on this site (mostly in the file plinks.js) although currently this is the only entry that contains plink IDs. Best of all, I didn't have to touch a single line of my CMS! This JavaScript thing could really catch on some day.

Doomjuice variant ups the ante in MS
attack

Doomjuice variant ups the ante in MS
attack 02/11/2004 04:32 PM
Prelude to Friday the 13th assault?

Destructive MiMail variant hits web

Destructive MiMail variant hits web 11/03/2003 10:05 AM
vnunet.com Nov 3 2003 8:50AM ET

Nachi variant wipes MyDoom from PCs

Nachi variant wipes MyDoom from PCs 02/12/2004 08:03 AM
The Register Feb 12 2004 12:42PM GMT

Blaster Variant Creator Pleads Guilty

Blaster Variant Creator Pleads Guilty 08/11/2004 10:57 PM
Slashdot Aug 12 2004 3:14AM GMT

Netsky Worm Variant Attacks P2P Services

Netsky Worm Variant Attacks P2P Services 04/11/2004 11:46 PM

Latest Bagle variant bites back

Latest Bagle variant bites back 08/10/2004 10:15 AM
Personal Computer World Aug 10 2004 2:05PM GMT

Nachi variant sends a political message

Nachi variant sends a political message 02/12/2004 06:13 PM
Nachi.B comes with an HTML document titled, "Let History Tell Future," and is aimed at computers running Japanese versions of Windows.

New Sober variant tricks users in German

New Sober variant tricks users in German 04/19/2005 08:38 AM
A new Sober mass mailer worm is slithering its way around the Net and tricking users into opening attachments with clever messages in both English and German, antivirus companies warned Tuesday.

MyDoom Variant Emerges, Targets
Microsoft

MyDoom Variant Emerges, Targets
Microsoft 01/28/2004 03:36 PM
Reuters Jan 28 2004 8:18PM GMT

Mydoom variant appears, targets
Microsoft

Mydoom variant appears, targets
Microsoft 01/28/2004 08:42 PM
A new version of the Windows Mydoom e-mail worm is circulating on the Internet, according to warnings from antivirus companies. The worm, named Mydoom-B, is similar to a worm that appeared on Monday, but contains a scheduled denial of service (DOS) attack against Microsoft Corp.'s Web site and a feature that blocks access to antivirus Web sites on infected machines, according to warnings from antivirus companies Wednesday.

MyDoom variant emerges, targets
Microsoft

MyDoom variant emerges, targets
Microsoft 01/28/2004 08:43 PM
The New Zealand Herald Jan 29 2004 0:56AM GMT
Grok Description matches for Scob variant using IIS 6.0 or just upgrades ?
GrokA matches for Scob variant using IIS 6.0 or just upgrades ?

Scob variant using IIS 6.0 or just upgrades ?

The following phrases have been identified by the grok system as matching this entry: