The DC Zone
 
A Distributed Computing Community
Home Home  Member Map
Help  HelpSearch  Search
Welcome, Guest. Please login or register.
Did you miss your activation email?

  Total time logged in: 0 minutes.
  Current Time:May 22, 2018, 08:50:11 AM
+  The DC Zone
|-+  Tech Talk
| |-+  Software
| | |-+  Software security, worms and viruses newsbeat
Pages: [1]
Topic: Software security, worms and viruses newsbeat (Read 6809 times) Print
vaio

Group: Global Moderator
Position: DC Zoner
**********

Offline Offline

Posts: 9408

[email protected] cheerleader and Mod!!!

Please post any news regarding worms, viruses, exploits and operating system critical updates etc here.
-------------------------------
Schizophrenia is all a matter of opinions!


We eat pie not count Pi
IP: [ Logged ]
vaio

Group: Global Moderator
Position: DC Zoner
**********

Offline Offline

Posts: 9408

[email protected] cheerleader and Mod!!!

Thanks to Tabby for the heads up on this one.



Worms bite Windows 2000 corporate PCs.



Full story



May not directly affect our systems but good to be informed.
-------------------------------
Schizophrenia is all a matter of opinions!


We eat pie not count Pi
IP: [ Logged ]
Brent W
Position: Board Regular
******

Offline Offline

Posts: 121

Unpatched Firefox 1.5 exploit made public
IP: [ Logged ]
Brent W
Position: Board Regular
******

Offline Offline

Posts: 121

Microsoft Security Advisory (912840)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.
Published: December 28, 2005 | Updated: January 3, 2006

Quote
On Tuesday, December 27, 2005, Microsoft became aware of public reports of malicious attacks on some customers involving a previously unknown security vulnerability in the Windows Meta File (WMF) code area in the Windows platform.

Upon learning of the attacks, Microsoft mobilized under its Software Security Incident Response Process (SSIRP) to analyze the attack, assess its scope, define an engineering plan, and determine the appropriate guidance for customers, as well as to engage with anti-virus partners and law enforcement.

Microsoft confirmed the technical details of the attack on December 28, 2005 and immediately began developing a security update for the WMF vulnerability on an expedited track.

Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft’s goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing.



Windows PCs face ‘huge’ virus threat
By Kevin Allison in San Francisco
Published: January 2 2006 18:18 | Last updated: January 3 2006 12:01

Quote
Computer security experts were grappling with the threat of a new weakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.

The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers.

“The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.”


Firms urged to use unofficial Windows patch
 By Tom Espiner
Special to CNET News.com
Published: January 3, 2006, 3:16 PM PST

Quote
Experts are advising corporations to use an unofficial patch to combat the latest Microsoft Windows Meta File exploit.

Antivirus vendor F-Secure and the Internet Storm Center, a volunteer security group, separately urged businesses on Tuesday to use the unofficial patch, as Microsoft has not yet offered an authorized fix for the problem.

 Microsoft, though, has advised businesses not to use third-party updates, even though its own patch won't be available until next Tuesday.

The WMF vulnerability can be exploited in Windows XP with Service Pack 1 and 2, as well as Windows Server 2003, security experts said.

Mikko Hypponen, director of antivirus research at F-Secure, said he believes corporations can trust the unofficial patch, which was created by security software developer Ilfak Guilfanov.


Download WMF vulnerability hotfix
Quote

The hotfix for the WMF vulnerability can be downloaded from the following URLs:

* http://www.grc.com/miscfiles/wmffix_hexblog14.exe
* http://handlers.sans.org/tliston/wmffix_hexblog14.exe
* http://castlecops.com/modules.php?name=Downloads&d_op=getit&lid=496
* http://csc.sunbelt-software.com/wmf/wmffix_hexblog14.exe
* http://www.antisource.com/download/wmffix_hexblog14.exe

The MD5 checksum of the file is 15f0a36ea33f39c1bcf5a98e51d4f4f6.

MSI repackages can be downloaded here:

* http://accentconsulting.com/wmf.shtml by Brian Higgins (MD5: a5108c0fa866101d79bb8006617641ee)
* http://handlers.sans.org/tliston/WMFHotfix-1.1.14.msi by Evan Anderson (MD5: 0dd56dac6b932ee7abf2d65ec34c5bec)

The WMF vulnerability checker can be downloaded from the following URLs:

* http://csc.sunbelt-software.com/wmf/wmf_checker_hexblog.exe
* http://castlecops.com/modules.php?name=Downloads&d_op=getit&lid=495
* http://www.antisource.com/download/wmf_checker_hexblog.exe

The MD5 checksum of the file is ba65e1954070074ea634308f2bab0f6a.

f you want to included into this list, please let me know.
A discussion forum is open here. It has courteously been offered by CastleCops.
A FAQ is available here.

Due to incredibly high load, the page has been reduced to the bare minimum.
Thanks for understanding.
Safe computing!
Ilfak Guilfanov
IP: [ Logged ]
Brent W
Position: Board Regular
******

Offline Offline

Posts: 121

Current WMF exploit detection by AV scanners as of January 1, 2006

AV-Test, an independent test lab that tracks malware and anti-malware products, has been closely tracking detection of exploits based on the WMF flaw. Below are current numbers as of the morning of January 1, 2006, based on 73 different variants of the threat.

Find out how your antivirus detects the said WMF exploit.
IP: [ Logged ]
Brent W
Position: Board Regular
******

Offline Offline

Posts: 121

Antivirus makers catch up to WMF bug

By  Joris Evers,  CNET News.com
Published on ZDNet News: January 4, 2006, 6:00 PM PT

Quote
While users wait for a Microsoft fix, many antivirus products will protect PCs against attacks that exploit a recently disclosed Windows flaw, but not all.

According to a test of a range of antivirus products published on Wednesday, Trend Micro was the only major antivirus vendor that failed to catch a number of malicious files that exploit the new Windows vulnerability.

In the test, administered by independent testing organization AV-Test, 206 malicious files were pushed through virus shields from a number of vendors. Of the top three antivirus companies, Symantec and McAfee caught all bad files, while Trend Micro missed 63, according to the test results, which were e-mailed to CNET News.com.
IP: [ Logged ]
Brent W
Position: Board Regular
******

Offline Offline

Posts: 121

Microsoft Security Bulletin Advance Notification
Updated: January 5, 2005

Important Information for Thursday 5 January 2006
Microsoft announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows Meta File (WMF) area of code in the Windows operating system on Tuesday, January 2, 2006, in response to malicious and criminal attacks on computer users that were discovered last week.

Microsoft will release the update today on Thursday, January 5, 2006, earlier than planned.

Microsoft originally planned to release the update on Tuesday, January 10, 2006 as part of its regular monthly release of security bulletins, once testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release.

In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible.

Microsoft’s monitoring of attack data continues to indicate that the attacks are limited and are being mitigated both by Microsoft’s efforts to shut down malicious Web sites and with up-to-date signatures form anti-virus companies.

The security update will be available at 2:00 pm PT as MS06-001.

Enterprise customers who are using Windows Server Update Services will receive the update automatically. In additional the update is supported Microsoft Baseline Security Analyzer 2.0, Systems Management Server, and Software Update Services. Enterprise customers can also manually download the update from the Download Center.

more here
http://www.microsoft.com/technet/security/bulletin/advance.mspx
IP: [ Logged ]
Brent W
Position: Board Regular
******

Offline Offline

Posts: 121

Beware!: Kama Sutra/Blackworm Worm Timebomb

Quote
There is a new mass mailing worm that has been infecting many users. Going by some different names, its best known as the Blackworm or Kama Sutra. On February 3rd, this worm is scheduled to overwrite the following file types with bogus data:

# *.DOC
# *.XLS
# *.MDE
# *.MDB
# *.PPT
# *.PPS
# *.RAR
# *.PDF
# *.PSD
# *.DMP
# *.ZIP


Feb 3rd is just the beginning, because its scheduled to activate on the 3rd of every month. Once someone is infected, the worm visits a webpage at rcn.net to increment a counter. This counter theoretically displays the number of infections.
IP: [ Logged ]
Brent W
Position: Board Regular
******

Offline Offline

Posts: 121

Microsoft Security Bulletins Feb. 2006

Microsoft released this month's security bulletins affecting Windows and Microsoft Office. Also affecting Windows Media Player and Internet Explorer (components in Windows):

Bulletins:

2 Critical Bulletins

- MS06-004 - Cumulative Security Update for Internet Explorer (910620)
- MS06-005 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)

5 Important Bulletins

- MS06-006 - Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)
- MS06-007 - Vulnerability in TCP/IP Could Allow Denial of Service (913446)
- MS06-008 - Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)
- MS06-009 - Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)
- MS06-010 - Vulnerability in PowerPoint 2000 Could Allow Information Disclosure (889167)


Reminder:
As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.


Note About KB 913446 TCP/IP Vulnerability Update

So far here, on XP SP2 Pro, two machines DID NOT correctly install the 913446 update when visiting the Windows Update site..The Windows Update site would not allow this particular security update to install. (ALL other updates installed fine.)

In order to install the update, I downloaded the manual installer file from the link below, then ran the file. It installed fine but only when using the manual download.

http://www.microsoft.com/technet/security/bulletin/MS06-007.mspx

This particular update only applies to Windows XP SP1, SP2 and the Windows Server 2003 versions mentioned in the article.
IP: [ Logged ]
Brent W
Position: Board Regular
******

Offline Offline

Posts: 121

WMF-Like Zero-Day Attack Underway

Quote
The first wave of zero-day attacks against an unpatched flaw in Microsoft's Internet Explorer browser has begun and security experts warn that the threat will grow significantly over the weekend.

Less than 24 hours after Microsoft issued an advisory with interim workarounds for IE users, malware hunters have started detecting drive-by downloads on more than 20 maliciously rigged Web sites.

eWEEK has seen a list of more than 20 unique domains and 100 unique URLs hosting the exploits, which are dropping a variant of SDbot, a dangerous family of backdoors that give hackers complete ownership of infected computers.

SDbot allow attackers to control victims' computers remotely by sending specific commands via IRC (Inter Relay Chat) channels. The backdoors have also been used as a keylogger to steal sensitive user information and spread to local network and to computers vulnerable to exploits.

According to Dan Hubbard, senior director of security and technology research at Websense Security Labs, his company's honeyclient crawler is capturing about 10 new malicious URLs every hour.


http://www.eweek.com/article2/0,1759,1942566,00.asp?kc=EWRSS03119TX1K0000594
IP: [ Logged ]
Brent W
Position: Board Regular
******

Offline Offline

Posts: 121

Firefox Multiple Vulnerabilities

Quote
Secunia Advisory:   SA19631   
Release Date:   2006-04-14

Critical:   
Highly critical

Impact:   Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
DoS

System access
Where:   From remote

Solution Status:   Vendor Patch

Description:
Multiple vulnerabilities have been reported in Firefox, which can be exploited by malicious people to conduct cross-site scripting and phishing attacks, bypass certain security restrictions, disclose sensitive information, and potentially compromise a user's system.
IP: [ Logged ]
« previous next »

Forum Index Unread Posts

Print
Pages: [1]
« previous next »
Jump to:

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Theme Copyright by Electron Inc
Page created in 0.059 seconds with 21 queries.
test