NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 09/13/04 Today's focus: New Mac OS X update available
Dear [EMAIL PROTECTED], In this issue: * Patches from Conectiva, Gentoo, others * Beware latest MyDoom variant and variety of Sbot and Rbot variants * This ISP flatfoot enjoys giving spammers the boot , and other interesting reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Cisco IP Communications represents a major opportunity for businesses large and small. By eliminating the need to maintain separate telephone and data infrastructures, extraordinary benefits are often achieved. For information on the union of telephony and data on a single physical network and the security issues involved see the Special Report IP Telephony Security: http://www.fattail.com/redir/redirect.asp?CID=81054 _______________________________________________________________ CHECK OUT NW FUSION'S NEW WHITE PAPER LIBRARY NW Fusion's White Paper Library was recently re-launched with new features and improved capabilities! Sort NW Fusion's library of white papers by Date and Vendor, view white papers by TECHNCIAL CATEGORY, mouse over white paper descriptions and take advantage of our IMPROVED white paper search engine. CLICK HERE: http://www.fattail.com/redir/redirect.asp?CID=81033 _______________________________________________________________ Today's focus: New Mac OS X update available By Jason Meserve XP Service Pack 2 update: Finally, got the behemoth downloaded and installed on my wife's new laptop. Nothing happened the first time I pushed "download" a few weeks back after getting the initial prompt. This go around I ran the Windows Update myself to force the download. Our version of the update came to 102 megabytes, which took around 20 minutes or so to download over our Verizon DSL line (freshly upgraded to 3M bit/sec download speeds). The install probably took another 20 minutes or so. After that, everything ran pretty smoothly. We have found any major issues yet. The only minor things were our McAfee Security Center and the new Microsoft Security Center wanted to battle for control and the Microsoft firewall seemed to want to block every application. But I think we have the squared away. Now to install it on my primary desktop, which was originally converted from Windows ME to XP. But first, I need to back the thing up... Today's bug patches and security alerts: New Apple security update available A new Apple Mac OS X updates for Versions 2.8 (Jaguar) through 3.5 (Panther). The update fixes problems with Apache, CoreFoundation, IPSec, Kerberos, lukemftpd, OpenLDAP, OpenSSH, PPPDialer, QuickTime Streaming Server, rsync, Safari, SquirrelMail and tcpdump. For more, go to: <http://docs.info.apple.com/article.html?artnum=61798> ********** Samba DoS fixed SecuriTeam is waring of a flaw in version of Samba prior to 3.0.6 and 2.2.11 that could exploited in a denial-of-service attack against the Samba Daemon (smbd). For more, go to: <http://us4.samba.org/samba/history/3.0_DOS_sept04_announce.txt> Gentoo: <http://security.gentoo.org/glsa/glsa-200409-14.xml> ********** SecurityTracker warns of OpenSSH flaw A flaw in the way OpenSSH works with anonymous services could be exploited in "port bouncing" attack. This could leave a machine vulnerable long enough for e-mail to be forwarded from it. For more, go to: <http://www.securitytracker.com/alerts/2004/Sep/1011143.html> ********** Conectiva patches wv A buffer overflow in wv, an application that allows access to Microsoft Word files, could be exploited by an attacker to run their code of choice on the affected machine. For more, go to: <http://www.nwfusion.com/go2/0913bug1a.html> Conectiva releases Kerberos 5 update A couple of vulnerabilities have been found in the MIT Kerberos 5 code. One flaw could be exploited to run code on an affected system, the other in a denial-of-service attack. For more, go to: <http://www.nwfusion.com/go2/0913bug1b.html> ********** Gentoo patches LHa According to an alert from Gentoo, "Several buffer overflows and a shell metacharacter command execution vulnerability have been found in LHa. These vulnerabilities can be used to execute arbitrary code." For more, go to: <http://security.gentoo.org/glsa/glsa-200409-13.xml> ********** Today's roundup of virus alerts: W32/Sdbot-RY - Another newsletter, another bot that spreads via network shares and uses IRC as a backdoor. This Sdbot variant copies itself into the Windows System folder as "spoolsvc.exe" and can be used as a proxy server, to delete network shares and steal game information. (Sophos) W32/Sdbot-OV - This Sdbot variant infects the file "usb32.exe" in the Windows System folder and can used to launch denial-of-service attacks, as a proxy server and stealing game application information. (Sophos) W32/Sdbot-OY - This is a typical Sdbot variant. The file it infects in the Windows System directory: "sload32.exe". (Sophos) Troj/Delf-DU - A Trojan horse that copies itself to "services.exe" in the Windows System directory and terminates a number of applications. It can also be used to download code via IRC. (Sophos) W32/Rbot-IK - An Rbot variant used to steal applications keys for popular games. This variant uses a random file name as its infection point and spreads via network shares by attempting to exploit vulnerabilities or previous infections. (Sophos) W32/Rbot-IL - A typical Rbot variant that spreads by network shares and gets remote commands via IRC. This one deletes a number of commonly named network drives. (Sophos) W32/Rbot-IO - Yet another Rbot variant. This one infects the file "WUAMGDR.EXE" in the Windows System folder. No word on any permanent damage caused, but it does have IRC backdoor functionality. (Sophos) W32/Rbot-IT - See Rbot-IO above, replacing the file name with "mswinc.exe". (Sophos) W32/Forbot-Q - A bot that can used for distributed denial of service attacks, to run a Socks proxy server or obtain information about the infected computer. It spreads by trying to exploit the Windows LSASS vulnerability and infects the file ""ssvchost.exe" in the Windows System folder. (Sophos) W32/MyDoom-V - Yet another MyDoom variant. Similar to its predecessor, this one spreads via e-mail and infects the file "windrv32.exe". It uses a variety of e-mail subjects, body text and attachment names in its quest to spread. (Sophos) ********** >From the interesting reading department: This ISP flatfoot enjoys giving spammers the boot The most trying part of Louis Rush's job is confronting scofflaws, some of whom are hardened criminals, to inform them they've been caught. Network World, 09/13/04. <http://www.nwfusion.com/news/2004/091304widernetearthlink.html?nl> Crime and punishment Computer security breaches are a recurring problem for companies, particularly those that conduct business online. Based on results of its annual survey of e-commerce crime, security company CyberSource estimates online crooks made away with 1.7%, or $1.6 billion, of 2003 U.S. business-to-consumer e-commerce revenue. Network World, 09/13/04. <http://www.nwfusion.com/careers/2004/0913man.html?nl> Relocation services firm digs out worms Relocation services firm Sirva was hit so hard by the wave of computer worms and viruses that swept the Internet this time last year, that preventing future attacks became a top priority for the company. Network World, 09/13/04. <http://www.nwfusion.com/news/2004/091304sirva.html?nl> Symantec service to fight phishing Symantec this week will release an anti-fraud service designed to protect financial institutions and retailers, as well as their customers, from phishing attacks. Network World, 09/13/04. <http://www.nwfusion.com/news/2004/091304symantec.html?nl> Vendors unveil new security lines of defense Security vendor McAfee last week unveiled a line of appliances and services for combating spam and viruses, while start-up iPolicy Networks introduced a line of intrusion-prevention systems with content filtering. Network World, 09/13/04. <http://www.nwfusion.com/news/2004/091304security.html?nl> New options for secure remote access 3am Labs this month is debuting three products that aim to do just that: Provide highly secure PC remote access and administrative tools to manage users' connections. And two of the three products are free. Network World, 09/13/04. <http://www.nwfusion.com/nlvirusbug574> Enterprise WLAN security meets small offices Interlink Networks' new product, LucidLink, aims to give small offices with limited or no IT support the best of both worlds. Network World, 09/13/04. <http://www.nwfusion.com/nlvirusbug575> ISP Telenor cripples zombie PC network Authorities in Singapore shut down a large network of around 10,000 robot, or "zombie," computers this week, after technicians at Norwegian Internet service provider Telenor stumbled on the illicit network by tracing Internet Relay Chat communications from compromised customer PCs on its system. IDG News Service, 09/10/04. <http://www.nwfusion.com/news/2004/0910isptelen.html?nl> Spam on the menu at annual virus conference Computer viruses and worms will have to share the stage with a new challenger for the attention of attendees at a conference of anti-virus researchers: spam e-mail. IDG News Service, 09/09/04. <http://www.nwfusion.com/news/2004/0909spamonth.html?nl> German teenager indicted over Sasser worm Prosecutors in Verden, Germany, Wednesday indicted an 18-year-old student for allegedly creating the Sasser worm that crashed hundreds of thousands of computers worldwide after spreading at lighting speed over the Internet. IDG News Service, 09/09/04. <http://www.nwfusion.com/news/2004/0909germateena.html?nl> McAfee AV ate my application An Australian software developer has been left fuming after the latest virus definition update from McAfee caused his package to be wrongly identified as a Trojan horse programme. The Register, 09/07/04. <http://www.theregister.co.uk/2004/09/07/mcafee_false_alarm/> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by SBC Gimme Shelter! Converged Services Spell Relief For Beleaguered Network Managers Switched IP networks are rapidly becoming the corporate communications architecture of choice. By converging voice, data and video onto IP telephony platforms and Virtual Private Networks, enterprises can supply bandwidth when and where end users need it, while significantly lowering administrative and equipment costs. Click here to download this Whitepaper now http://www.fattail.com/redir/redirect.asp?CID=81087 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE NETWORK WORLD SPECIAL REPORTS NOW AVAILABLE Focused reports on compelling industry topics, Network World Special Reports are available online at Network World Fusion. Network World Special Reports on IP Telephony Security, the State of Wireless LANs, trends in the networked world and more are currently available. Download any or all of our Special Reports at: <http://www.nwfusion.com/vendorview/specialreports.html> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED] ------------------------ Yahoo! Groups Sponsor --------------------~--> $9.95 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/BCfwlB/TM --------------------------------------------------------------------~-> <a href=http://English-12948197573.SpamPoison.com>Fight Spam! Click Here!</a> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/kumpulan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
