============================================================ -------- PCMAG.COM'S SECURITY WATCH -------- -------- for September 22, 2004 -------- ============================================================
============================================================ ********** Sponsored by McAfee ********** Now McAfee is helping companies with limited IT resources keep their computer systems secure from malicious threats by automating security for them. Learn more about McAfee Secure-1 and get your free Small Business Security Checklist, plus a special e-book bonus, at mcafee.com http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104066-1 ************************************************************ ============================================================ Welcome to the PCMag.com Security Watch Newsletter. Every week we bring you an overview of the current viruses, worms, and other threats and the information you need to combat them. Last week, Microsoft released a security bulletin reporting vulnerability in the graphics subsystem in Windows and a wide range of Microsoft products. This week, Netcraft, the UK web monitoring company, is reporting that exploit code for the flaw is available on the web. We saw two new Phishing examples on Monday that circumvent detection by using a single monolithic bitmap followed by random text. Both phishes were for Citizens bank, and contained a bitmap with a link to the phishing site. Symantec released their Symantec Internet Security Threat Report this week for the first 6 months of 2004. It came with some good news and some bad news. The bad news for users slow to apply operating system updates is that the mean time between a security vulnerability announcement and an exploit has shrunk to an average of under 6 days. Symantec's report also found that variations of bot worms, which mostly spread through IRC (Internet Relay Chat) channels, were up 600%. For more on these vulnerabilities, threats and updates, visit the Watch. http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104069-1 IN THIS ISSUE: * Top Threat: Bots, Bots, and more Bots * Top 10 e-mail viruses as reported by MessageLabs on Monday, September 20, 2004 * Top 5 Vulnerabilities as reported by MessageLabs on Monday, September 20, 2004 * Top Phish of the week * Security Tip: Fix Your Hosts File * Windows Security Alerts and Updates * Jargon Watch * Security Watch News Feed. ============================================================ Top Threat: Bots Bots and more Bots Among the most prolific threats, in terms of number of variations, is the 'bot' worms -- Rbot, SDBot, Gaobot, spybot (no relation to the anti-spyware software). Capable of spreading through a number of methods, the majority use IRC networks and network shares to propagate and IRC channels to "call home" to their attackers. To learn more, visit our top threat. http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104072-1 ============================================================ Top 10 e-mail viruses as reported by MessageLabs on Monday September 20, 2004 W32/Netsky.P-mm W32/Netsky.Z-mm W32/NetSky.D-mm For the full list, visit the Top Ten section http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104075-1 ============================================================ Top 5 Vulnerabilities as reported by MessageLabs on Monday September 20, 2004 Date: 9/14/04 Title: Microsoft [Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution] Severity: High For more Microsoft, Apple and Apache vulnerabilities, visit our top five section. http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104078-1 ============================================================ Top Phish of the week SunTrust -- Address Bar Cover-up Name: SunTrust -- Address Bar Cover-up Date: September 2004 Subject Line: Security Update For details on this tricky scam, see our Top Phish of the week section. http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104081-1 ============================================================ Security Tip: Fix Your Hosts File Many users are familiar with how browsers find web pages with DNS servers, but did you know that there is a mini DNS in every copy of Windows called the "HOSTS" file? Checked first by the browser before it checks with the central DNS on the web, the HOSTS file is a favorite target for viruses, spyware and browser hijackers. To find out how to fix a corrupted host file, see our Security tips section. http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104084-1 ============================================================ Windows Security Alerts and Updates On the tail of last week's announcement of multiple vulnerabilities in Mozilla and Netscape, comes a report of another Mozilla/Firefox Cross Domain vulnerability. Mac OS X iChat users will want to apply the latest update to avoid the possibility of a remote access attack.. Online gamers using Lords of the Realm III version 1.x may want to be careful of networks they connect with while playing with the report of a moderately critical Denial of Service Vulnerability. To learn more about these alerts and updates, visit the watch. http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104087-1 ============================================================ Jargon Watch Each week, we define a few pertinent terms to break down the jargon barrier and help you better understand potential PC issues. This week we cover: IRC, and Bot. Go to our Jargon Watch for definitions to these terms. http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104090-1 ============================================================ Security Watch News Feed. FTC Endorses Bounty for Spammers http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104093-1 Code Flaws Open Linux Apps to Attack http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104096-1 Microsoft Needs to Secure All Users--Period http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104099-1 Get more links in the Feed http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104102-1 ============================================================ The PCMag.com Bookstore PC Magazine's Windows XP Solutions Ever wish they'd consulted you before they designed Windows XP? Sure, it's a great system, but there's this one feature that makes you crazy. Or that annoying problem that keeps occurring. Well, you can rely on Neil Randall and your friends at PC Magazine to correct that oversight. Here's the complete compendium of solutions to the things that bug you, threaten your security, slow you down, or other-wise prevent Windows XP from running like it should. http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104105-1 PC Magazine Guide to Home Networking Ready to plunge into creating your own home network? Reading this book is like having PC Magazine contributing editor Les Freed drop by and set the whole thing up for you. http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104108-1 More Books http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104111-1 ============================================================ Tech Jobs http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104114-1 ============================================================ Ziff Davis Channel Zone http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104117-1 ============================================================ DevSource http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104120-1 ============================================================ Free Offers Brought to you by PeopleSoft ============================================================ Demand-Driven Manufacturing PeopleSoft offers you a complete demand-driven solution that allows you to anticipate changing demand, adapt production and integrate suppliers all in real time, while optimizing every stage of manufacturing. Click here to find out more! http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104123-1 ============================================================ Upcoming Events ============================================================ Test Drive the Latest Personal Technology! Come to DigitalLife, Oct. 14-17, Javits Convention Center, NYC. Test drive and compare today's hottest cell phones, digital cameras, flat screen TVs, PDAs, video games, PCs and laptops, MP3s, home networking solutions and more. Get coupons and win prizes. For 50% off tickets go to www.digitallife.com. Enter promo code ZDM2004 at checkout. http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104126-1 ============================================================ 9/27 On-Demand/Utility Computing FREE eSeminar! As enterprises keep growing, the provisioning of hardware, software and network resources becomes more complex and thus more difficult and time consuming for IT staff. On-demand computing aims to automate parts of IT management and configuration, reducing the costs and time needed for expansion or re-allocation of network, storage and database resources, enabling clients, departments and even divisions focus on their business. This eSeminar will help information managers and IT directors understand the basic principals of on-demand/utility computing, examine the cost benefits and discuss the training needed for implementation and administration. Register now. http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104129-1 ============================================================ Elsewhere on Ziff Davis Internet ============================================================ On the Bench: ATI's New Radeon X700 XT http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104132-1 Sun Pushes Trading Tech on Wall Street http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104135-1 Apple iMac G5: An iPod Writ Large http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104138-1 Case Study: AFLAC http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104141-1 ============================================================ eNewsletter Information ============================================================ You are subscribed to PCMag.com's Security Watch with the e-mail: [EMAIL PROTECTED] To unsubscribe to this newsletter, click below: http://www.pcmag.com/unsubscribe_newsletter/0,4223,,00.asp?n=71&type=u&[EMAIL PROTECTED] To change your e-mail address, change your text/HTML preferences, or to subscribe to other FREE PC Magazine Online e-mail newsletters, visit: http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104144-1 If you'd like to advertise in our eNewsletters, visit: http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104147-1 ============================================================ PC Magazine Print Subscriptions ============================================================ Start or Renew a subscription: http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104150-1 Give a gift subscription: http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104153-1 Help with your subscription: http://eletters.pcmag.com/zd1/cts?d=81-1118-14-15-53809-104156-1 Copyright (c) 2004 Ziff Davis Media Inc. All Rights Reserved. Ziff Davis Media Inc., 28 East 28th Street, New York, NY 10016
