Total time logged in: 0 minutes.
Current Time:August 21, 2018, 09:06:14 AM |
 The DC Zone
 Tech Talk
 Software
Software security, worms and viruses newsbeat |
|
Topic: Software security, worms and viruses newsbeat (Read 7116 times) |
Print |
|
|
|
Please post any news regarding worms, viruses, exploits and operating system critical updates etc here.
|
|
-------------------------------
|
|
|
|
|
Thanks to Tabby for the heads up on this one. Worms bite Windows 2000 corporate PCs. Full storyMay not directly affect our systems but good to be informed. |
|
-------------------------------
|
|
|
|
|
|
|
Microsoft Security Advisory (912840)Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution. Published: December 28, 2005 | Updated: January 3, 2006 On Tuesday, December 27, 2005, Microsoft became aware of public reports of malicious attacks on some customers involving a previously unknown security vulnerability in the Windows Meta File (WMF) code area in the Windows platform.
Upon learning of the attacks, Microsoft mobilized under its Software Security Incident Response Process (SSIRP) to analyze the attack, assess its scope, define an engineering plan, and determine the appropriate guidance for customers, as well as to engage with anti-virus partners and law enforcement.
Microsoft confirmed the technical details of the attack on December 28, 2005 and immediately began developing a security update for the WMF vulnerability on an expedited track.
Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft’s goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing. Windows PCs face ‘huge’ virus threatBy Kevin Allison in San Francisco Published: January 2 2006 18:18 | Last updated: January 3 2006 12:01 Computer security experts were grappling with the threat of a new weakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.
The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers.
“The potential [security threat] is huge,†said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.†Firms urged to use unofficial Windows patch By Tom Espiner Special to CNET News.com Published: January 3, 2006, 3:16 PM PST Experts are advising corporations to use an unofficial patch to combat the latest Microsoft Windows Meta File exploit.
Antivirus vendor F-Secure and the Internet Storm Center, a volunteer security group, separately urged businesses on Tuesday to use the unofficial patch, as Microsoft has not yet offered an authorized fix for the problem.
Microsoft, though, has advised businesses not to use third-party updates, even though its own patch won't be available until next Tuesday.
The WMF vulnerability can be exploited in Windows XP with Service Pack 1 and 2, as well as Windows Server 2003, security experts said.
Mikko Hypponen, director of antivirus research at F-Secure, said he believes corporations can trust the unofficial patch, which was created by security software developer Ilfak Guilfanov. Download WMF vulnerability hotfix
|
|
|
|
|
|
|
Current WMF exploit detection by AV scanners as of January 1, 2006AV-Test, an independent test lab that tracks malware and anti-malware products, has been closely tracking detection of exploits based on the WMF flaw. Below are current numbers as of the morning of January 1, 2006, based on 73 different variants of the threat. Find out how your antivirus detects the said WMF exploit.
|
|
|
|
|
|
|
Antivirus makers catch up to WMF bugBy Joris Evers, CNET News.com Published on ZDNet News: January 4, 2006, 6:00 PM PT While users wait for a Microsoft fix, many antivirus products will protect PCs against attacks that exploit a recently disclosed Windows flaw, but not all.
According to a test of a range of antivirus products published on Wednesday, Trend Micro was the only major antivirus vendor that failed to catch a number of malicious files that exploit the new Windows vulnerability.
In the test, administered by independent testing organization AV-Test, 206 malicious files were pushed through virus shields from a number of vendors. Of the top three antivirus companies, Symantec and McAfee caught all bad files, while Trend Micro missed 63, according to the test results, which were e-mailed to CNET News.com.
|
|
|
|
|
|
|
Microsoft Security Bulletin Advance NotificationUpdated: January 5, 2005 Important Information for Thursday 5 January 2006Microsoft announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows Meta File (WMF) area of code in the Windows operating system on Tuesday, January 2, 2006, in response to malicious and criminal attacks on computer users that were discovered last week. Microsoft will release the update today on Thursday, January 5, 2006, earlier than planned.Microsoft originally planned to release the update on Tuesday, January 10, 2006 as part of its regular monthly release of security bulletins, once testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release. In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible. Microsoft’s monitoring of attack data continues to indicate that the attacks are limited and are being mitigated both by Microsoft’s efforts to shut down malicious Web sites and with up-to-date signatures form anti-virus companies. The security update will be available at 2:00 pm PT as MS06-001. Enterprise customers who are using Windows Server Update Services will receive the update automatically. In additional the update is supported Microsoft Baseline Security Analyzer 2.0, Systems Management Server, and Software Update Services. Enterprise customers can also manually download the update from the Download Center. more here http://www.microsoft.com/technet/security/bulletin/advance.mspx
|
|
|
|
|
|
|
Beware!: Kama Sutra/Blackworm Worm TimebombThere is a new mass mailing worm that has been infecting many users. Going by some different names, its best known as the Blackworm or Kama Sutra. On February 3rd, this worm is scheduled to overwrite the following file types with bogus data:
# *.DOC
# *.XLS
# *.MDE
# *.MDB
# *.PPT
# *.PPS
# *.RAR
# *.PDF
# *.PSD
# *.DMP
# *.ZIP
Feb 3rd is just the beginning, because its scheduled to activate on the 3rd of every month. Once someone is infected, the worm visits a webpage at rcn.net to increment a counter. This counter theoretically displays the number of infections.
|
|
|
|
|
|
|
Microsoft Security Bulletins Feb. 2006 Microsoft released this month's security bulletins affecting Windows and Microsoft Office. Also affecting Windows Media Player and Internet Explorer (components in Windows): Bulletins: 2 Critical Bulletins - MS06-004 - Cumulative Security Update for Internet Explorer (910620) - MS06-005 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565) 5 Important Bulletins - MS06-006 - Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564) - MS06-007 - Vulnerability in TCP/IP Could Allow Denial of Service (913446) - MS06-008 - Vulnerability in Web Client Service Could Allow Remote Code Execution (911927) - MS06-009 - Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190) - MS06-010 - Vulnerability in PowerPoint 2000 Could Allow Information Disclosure (889167) Reminder: As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system. Note About KB 913446 TCP/IP Vulnerability UpdateSo far here, on XP SP2 Pro, two machines DID NOT correctly install the 913446 update when visiting the Windows Update site..The Windows Update site would not allow this particular security update to install. (ALL other updates installed fine.) In order to install the update, I downloaded the manual installer file from the link below, then ran the file. It installed fine but only when using the manual download. http://www.microsoft.com/technet/security/bulletin/MS06-007.mspxThis particular update only applies to Windows XP SP1, SP2 and the Windows Server 2003 versions mentioned in the article. |
|
|
|
|
|
|
WMF-Like Zero-Day Attack Underway The first wave of zero-day attacks against an unpatched flaw in Microsoft's Internet Explorer browser has begun and security experts warn that the threat will grow significantly over the weekend.
Less than 24 hours after Microsoft issued an advisory with interim workarounds for IE users, malware hunters have started detecting drive-by downloads on more than 20 maliciously rigged Web sites.
eWEEK has seen a list of more than 20 unique domains and 100 unique URLs hosting the exploits, which are dropping a variant of SDbot, a dangerous family of backdoors that give hackers complete ownership of infected computers.
SDbot allow attackers to control victims' computers remotely by sending specific commands via IRC (Inter Relay Chat) channels. The backdoors have also been used as a keylogger to steal sensitive user information and spread to local network and to computers vulnerable to exploits.
According to Dan Hubbard, senior director of security and technology research at Websense Security Labs, his company's honeyclient crawler is capturing about 10 new malicious URLs every hour. http://www.eweek.com/article2/0,1759,1942566,00.asp?kc=EWRSS03119TX1K0000594 |
|
|
|
|
|
|
Firefox Multiple VulnerabilitiesSecunia Advisory: SA19631
Release Date: 2006-04-14
Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
DoS
System access
Where: From remote
Solution Status: Vendor Patch
Description:
Multiple vulnerabilities have been reported in Firefox, which can be exploited by malicious people to conduct cross-site scripting and phishing attacks, bypass certain security restrictions, disclose sensitive information, and potentially compromise a user's system.
|
|
|
|
|
« previous next »
Forum Index Unread Posts
|
| Print
|
|
|
|
The DC Zone
