NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 08/26/04 Today's focus: Critical Netscape hole could be widespread
Dear [EMAIL PROTECTED], In this issue: * Patches from Sun, Debian, others * Beware latest Rbot variants * Nokia, Pointsec team on mobile data security, and other ��interesting reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Alterpoint Read the latest analyst report on Network Change and Configuration Management (NCCM) written by EMA's Dennis Drogseth. This report discusses the latest developments in the NCCM market, including an in-depth look at DeviceAuthority Suite, a comprehensive solution for configuring, changing, and controlling today's complex, multi-vendor IT network infrastructures. Download the report today to learn how you can leverage NCCM to reduce the cost and complexity of managing network change. http://www.fattail.com/redir/redirect.asp?CID=73309 _______________________________________________________________ CONTEMPLATING A CAREER MOVE? For many of us, it is time to contemplate a change. You're great at managing networks, but what about your career? Get information and advice for managing and developing your career and guiding your staff's career choices at NW Fusion's Career Research Center. Click here: http://www.fattail.com/redir/redirect.asp?CID=73231 _______________________________________________________________ Today's focus: Critical Netscape hole could be widespread By Jason Meserve The option to download Windows XP Service Pack 2 presented itself on my wife's laptop this morning. I hit the download button before I left the house. Hopefully it will be completed by the time I get home tonight. Her machine is only a couple weeks old and does not have a ton of applications loaded, so hopefully things will go smoothly. I'll report back with my success or failure next week. <http://www.nwfusion.com/news/2004/0826microconti.html?nl> One other note: If you're reading this, Kaspersky's e-Jihad warning was a bit over hyped: <http://isc.sans.org/diary.php?date=2004-08-24> (see last entry in the Handler's Diary) Today's bug patches and security alerts: ISS: Critical Netscape hole could be widespread Internet Security Systems (ISS) is warning its customers about a critical security hole in a commonly used technology from the Mozilla Foundation called the Netscape Network Security Services (NSS) library that could make Webservers vulnerable to remote attack. IDG News Service, 08/24/04. <http://www.nwfusion.com/news/2004/0824isscriti.html?nl> ISS X-Force advisory: <http://xforce.iss.net/xforce/alerts/id/180> Mozilla patch: <http://www.nwfusion.com/go2/0823bug2a.html> HP-UX users can get a fix for this issue by logging into the HP IT Resource Center: <http://itrc.hp.com/> ********** Cisco warns of flaws in Secure Access Control Server A number of vulnerabilities have been found in Cisco's Secure Access Control Server, which provides authentication, authorization, and accounting services to network devices. Many of the flaws could be exploited in a Denial of Service attack against the affected server. One of the more serious flaws could be used to bypass authentication. For more, go to: <http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml ********** Sun patches CDE Mailer A buffer overflow in the CDE Mailer application for Solaris could be exploited by local user to gain Group ID (gid) mail privileges. For more, go to: <http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57627> ********** Debian patches Icecast server A flaw in the Debian Icecast server implementation, used for streaming MP3 files, could be exploited by an attacker to run any Java script command on the affected server. For more, go to: <http://www.debian.org/security/2004/dsa-541> ********** DoS vulnerability in NtRegmon A denial-of-service vulnerability has been found in NtRegmon, a registry monitoring tool, Any user could exploit the bug and cause the application to crash. For more, go to: <http://www.ngsec.com/docs/advisories/NGSEC-2004-7.txt> ********** Today's roundup of virus alerts: W32/Rbot-GR - Are you being watched on your Web cam? Oh my, is someone watching me? Nevermind, my cam is unplugged. This variant of Rbot seems to have the ability to activate your Webcam so an attacker accessing your machine via an IRC backdoor could watch you. <http://www.securityfocus.com/news/9377> W32/Rbot-GS - An Rbot variant that tries to exploit a number of potential Windows vulnerability in order to infect a target machine. The virus provides backdoor access via IRC and can be used a packet sniffer, keylogger, DDoS client and a proxy server. (Sophos) W32/Rbot-GP - Another Rbot variant that spreads via network shares with weak or no password protection and allows backdoor access via IRC. This variant installs itself as "wuamgrd.exe" in the Windows System folder. It can be used to steal data from the infected unit. (Sophos) W32/Rbot-GX - Again, this Rbot uses network shares to spread, except it selects a random filename for the infection point. It may try to delete network shares as well. (Sophos) W32/Rbot-FC - Our fifth Rbot variant of the week can log keystrokes and steal CD game keys. It too spreads via network shares and uses IRC for backdoor access. The infected file is "winsyst32.exe". (Sophos) W32/Rbot-HB - Surprise! Another Rbot variant. This one uses the file "soundblaster.exe". No word on other functionality it may contain. (Sophos) W32/Agobot-MF - An Agobot variant that spreads via network shares and can use IRC to allow backdoor access. The file infected in the Windows System directory is "syxstem32.exe". In addition to allowing access, it also terminates anti-virus applications and access to related sites. (Sophos) Troj/LeechPie-A - This virus is not dangerous by itself as it seems to dropped a hacked application server on the infected machine. This could be used as a relay for other activities. (Sophos) W32/Sdbot-NO - Like most bots, this Sdbot variant spreads via network shares, allows backdoor access via IRC and can be used to steal CD keys of popular games. The infected file is "Sersices.exe" in the Windows System directory. (Sophos) W32/Sdbot-NQ - Similar to the Sdbot-NO variant above. This one uses the file "MSNSERVICES.EXE". (Sophos) W32/Sdbot-NR - See the two Sdbot descriptions above, replacing the file name with "WINCAT32.EXE". (Sophos) W32/Apler-A - Very similar to the various bot variants in that Apler spreads via network shares and installs a file in the Windows System folder, in this case "MSGRAN.EXE". Could delete network drives. (Sophos) W32/Forbot-K - This bot spreads via network shares and infects "svxhost.exe" in the Windows System directory. In addition to allowing backdoor access via IRC, this virus can be used a Proxy server, file repository or keystroke logger. (Sophos) ********** >From the interesting reading department: Nokia, Pointsec team on mobile data security Enterprises seeking higher security for their growing number of mobile devices may be interested in new encryption technology that Nokia is deploying in its smart phone products. IDG News Service, 08/26/04. <http://www.nwfusion.com/news/2004/0826nokiapoint.html?nl> Deutsche Bank hit again by phishing attack Deutsche Bank AG late Tuesday was the target of a renewed phishing attack extending into Wednesday, after facing its first-ever reported assault last week, according to a bank spokesman. IDG News Service, 08/25/04. <http://www.nwfusion.com/news/2004/0825deutsbank.html?nl> HP puts choke hold on virus throttling product After unveiling cutting-edge technology for choking off the spread of viruses in March, HP is quietly shelving the project, citing conflicts with Microsoft's Windows operating system, a company executive said. IDG News Service, 08/24/04. <http://www.nwfusion.com/news/2004/0824hpputs.html?nl> Face-off: Companies should outsource their e-mail security Outsourced, or perimeter-based, message management services are designed to ensure the integrity and security of e-mail before it enters corporate network infrastructures, without scalability worries. Network World, 08/23/04. <http://www.nwfusion.com/columnists/2004/0823faceoffyes.html?nl> Face-off: Companies should not outsource their e-mail security Deciding to use a managed service rather than handling e-mail security in-house means leaving your organization vulnerable to threats that include policy violations, fraud, eavesdropping and intrusions. Network World, 08/23/04. <http://www.nwfusion.com/columnists/2004/0823faceoffno.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by Alterpoint Read the latest analyst report on Network Change and Configuration Management (NCCM) written by EMA's Dennis Drogseth. This report discusses the latest developments in the NCCM market, including an in-depth look at DeviceAuthority Suite, a comprehensive solution for configuring, changing, and controlling today's complex, multi-vendor IT network infrastructures. Download the report today to learn how you can leverage NCCM to reduce the cost and complexity of managing network change. http://www.fattail.com/redir/redirect.asp?CID=73308 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE WONDERING IF YOUR PAY IS UP TO SNUFF? Check out Network World's 2004 Salary Calculator to see if you're getting paid what you're worth. Using data collected in the 2004 Network World Salary Survey, we've programmed this calculator with several categories that could affect your pay. Answer the questions and find out what the average salary is for your job category. Click here: <http://www.nwfusion.com/salary/2004/calculator.html> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED] ------------------------ Yahoo! Groups Sponsor --------------------~--> $9.95 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/BCfwlB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/kumpulan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
