Major Security / Virus Warnings [Archive] - Page 2

NICK ADSL UK

03-29-06, 16:18

W32.Mular.A
Discovered on: March 29, 2006
Last Updated on: March 30, 2006 01:09:56 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mular.a.html

W32.Detnat
Discovered on: March 28, 2006
Last Updated on: March 30, 2006 01:12:02 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.detnat.html

VBS.Welinf.A
Discovered on: March 28, 2006
Last Updated on: March 28, 2006 10:22:21 AM
http://securityresponse.symantec.com/avcenter/venc/data/vbs.welinf.a.html

W32.Welinf.A
Discovered on: March 28, 2006
Last Updated on: March 28, 2006 10:23:45 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.welinf.a.html

Trojan.Textcash
Discovered on: March 28, 2006
Last Updated on: March 29, 2006 10:56:09 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.textcash.html

PWSteal.Marlap.B
Discovered on: March 28, 2006
Last Updated on: March 28, 2006 12:21:09 PM
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.marlap.b.html

PWSteal.Marlap
Discovered on: March 27, 2006
Last Updated on: March 28, 2006 12:10:24 PM
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.marlap.html

NICK ADSL UK

03-30-06, 16:01

Backdoor.Haxdoor.I
Discovered on: March 30, 2006
Last Updated on: March 30, 2006 11:07:11 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.i.html

W97M.Kritz
Discovered on: March 30, 2006
Last Updated on: March 30, 2006 11:09:04 AM
http://securityresponse.symantec.com/avcenter/venc/data/w97m.kritz.html

W32.Looked.H
Discovered on: March 30, 2006
Last Updated on: March 30, 2006 06:31:28 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.looked.h.html

W32.Skenkly.A@mm
Discovered on: March 30, 2006
Last Updated on: March 30, 2006 12:49:13 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.skenkly.a@mm.html

Trojan.Renver
Discovered on: March 29, 2006
Last Updated on: March 30, 2006 12:00:41 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.renver.html

NICK ADSL UK

03-31-06, 17:31

W32.Rontokbro.Z@mm
Discovered on: March 31, 2006
Last Updated on: March 31, 2006 01:13:49 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.rontokbro.z@mm.html

NICK ADSL UK

04-02-06, 16:56

Keylogger.Mose
Discovered on: April 02, 2006
Last Updated on: April 02, 2006 05:42:20 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.rontokbro.z@mm.html

NICK ADSL UK

04-04-06, 18:10

W32.Areses.A@mm
Discovered on: April 04, 2006
Last Updated on: April 04, 2006 03:48:44 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.areses.a@mm.html

Trojan.Sufiage
Discovered on: April 04, 2006
Last Updated on: April 04, 2006 03:49:33 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.sufiage.html

NICK ADSL UK

04-05-06, 18:54

Trojan.Acdropper
Discovered on: April 05, 2006
Last Updated on: April 05, 2006 11:41:09 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.acdropper.html

Backdoor.Ripiner
Discovered on: April 05, 2006
Last Updated on: April 05, 2006 04:40:27 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ripiner.html

SymbOS.Onejump.A
Discovered on: April 05, 2006
Last Updated on: April 05, 2006 02:31:41 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.onejump.a.html

NICK ADSL UK

04-06-06, 17:15

Trojan.Emcodec
Discovered on: April 06, 2006
Last Updated on: April 06, 2006 11:57:51 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.emcodec.html

Trojan.Zlob.J
Discovered on: April 06, 2006
Last Updated on: April 06, 2006 12:13:12 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.zlob.j.html

NICK ADSL UK

04-08-06, 17:58

MSIL.Letum.A@mm
Discovered on: April 08, 2006
Last Updated on: April 08, 2006 05:42:26 PM
http://securityresponse.symantec.com/avcenter/venc/data/msil.letum.a@mm.html

NICK ADSL UK

04-11-06, 08:09

PWSteal.Marlap.C
Discovered on: April 11, 2006
Last Updated on: April 11, 2006 12:43:47 PM
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.marlap.c.html

W32.Numan.A@mm
Discovered on: April 11, 2006
Last Updated on: April 11, 2006 12:23:19 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.numan.a@mm.html

Trojan.Qhosts.C
Discovered on: April 11, 2006
Last Updated on: April 11, 2006 03:56:31 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.c.html

Trojan.Pajatan
Discovered on: April 11, 2006
Last Updated on: April 11, 2006 02:22:06 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.pajatan.html

Trojan.Hachilem.B
Discovered on: April 10, 2006
Last Updated on: April 11, 2006 11:25:19 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.hachilem.b.html

NICK ADSL UK

04-12-06, 19:13

Trojan.Satiloler.F
Discovered on: April 12, 2006
Last Updated on: April 12, 2006 12:36:37 PM
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.marlap.c.html

NICK ADSL UK

04-13-06, 18:26

W32.Kedebe.I@mm
Discovered on: April 13, 2006
Last Updated on: April 13, 2006 02:06:19 PM
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.marlap.c.html

Trojan.Alemod.B
Discovered on: April 13, 2006
Last Updated on: April 13, 2006 10:03:46 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.alemod.b.html

NICK ADSL UK

04-14-06, 18:52

W32.Beagle.EA@mm
Discovered on: April 14, 2006
Last Updated on: April 14, 2006 04:48:12 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ea@mm.html

Trojan.Sufiage.C
Discovered on: April 14, 2006
Last Updated on: April 14, 2006 02:45:29 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.sufiage.c.html

NICK ADSL UK

04-16-06, 18:38

W32.Beagle.EB
Discovered on: April 16, 2006
Last Updated on: April 16, 2006 12:12:45 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.eb.html

NICK ADSL UK

04-17-06, 17:58

Trojan.Colecto
Discovered on: April 17, 2006
Last Updated on: April 17, 2006 07:49:20 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.colecto.html

Backdoor.Peerdoor
Discovered on: April 17, 2006
Last Updated on: April 17, 2006 02:04:33 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.peerdoor.html

NICK ADSL UK

04-18-06, 17:37

Backdoor.Ranky.W
Discovered on: April 18, 2006
Last Updated on: April 18, 2006 02:05:02 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.w.html

Trojan.Mdropper.G
Discovered on: April 18, 2006
Last Updated on: April 18, 2006 02:19:11 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.mdropper.g.html

NICK ADSL UK

04-20-06, 04:46

Trojan.Lisentkey
Discovered on: April 20, 2006
Last Updated on: April 20, 2006 05:05:24 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.lisentkey.html

W32.Opanki.P
Discovered on: April 20, 2006
Last Updated on: April 20, 2006 02:24:03 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.opanki.p.html

W32.Antinny.BF
Discovered on: April 19, 2006
Last Updated on: April 20, 2006 01:55:06 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.antinny.bf.html

W32.Mytob.PJ@mm
Discovered on: April 19, 2006
Last Updated on: April 20, 2006 10:00:48 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.pj@mm.html

W32.Mytob.PI@mm
Discovered on: April 19, 2006
Last Updated on: April 19, 2006 09:41:00 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.pi@mm.html

NICK ADSL UK

04-20-06, 13:30

These security warnings courtesy of Harry Waldon [MVP]

Recent MyTob variants are beginning to spread and email messages as follows should be avoided:

AVOID THESE EMAIL MESSAGES

Subject: (any of the following)
• You have successfully updated your password
• Your new account password is approved
• Your password has been successfully updated
• Your password has been updated

Message body: Varies

Attachment: (any of the following with EXE and other extensions)
• accepted-password
• account-password
• approved-password
• email-password
• new-password
• password
• updated-password

More information can be found as follows:

Recent new Mytob variants
http://secunia.com/virus_information/28516/mytob.pz/
http://secunia.com/virus_information/28515/mytob.pj/
http://www.sophos.com/virusinfo/analyses/w32mytobhj.html
http://www.viruslist.com/en/alert?alertid=184538968
http://www.viruslist.com/en/viruses/encycl...?virusid=118626 (http://www.viruslist.com/en/viruses/encyclopedia?virusid=118626)

Kapersky Weblog -- New Mytob becoming prevalent
http://www.viruslist.com/en/weblog?calendar=2006-04

Some new Mytob variants are showing up in the top 10
http://myavert.avertlabs.com/myavert/default.aspx
http://www.virustotal.com/en/indexf.html
http://www.fortinet.com/FortiGuardCenter/g...reat_stats.html (http://www.fortinet.com/FortiGuardCenter/global_threat_stats.html)

NICK ADSL UK

04-20-06, 16:34

W32.Banleed.A
Discovered on: April 20, 2006
Last Updated on: April 20, 2006 03:59:54 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.banleed.a.html

NICK ADSL UK

04-21-06, 18:25

W32.Banleed.A
Discovered on: April 20, 2006
Last Updated on: April 21, 2006 01:53:31 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.banleed.a.html

NICK ADSL UK

04-23-06, 17:31

W32.Kidala.A@mm
Discovered on: April 22, 2006
Last Updated on: April 23, 2006 11:59:57 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kidala.a@mm.html

Matlab.Lagob
Discovered on: April 22, 2006
Last Updated on: April 23, 2006 10:16:29 AM
http://securityresponse.symantec.com/avcenter/venc/data/matlab.lagob.html

NICK ADSL UK

04-26-06, 09:21

Trojan.PPDropper
Discovered on: April 26, 2006
Last Updated on: April 26, 2006 11:50:32 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.html

W32.Olmi.A@mm
Discovered on: April 26, 2006
Last Updated on: April 26, 2006 02:22:44 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.olmi.a@mm.html

NICK ADSL UK

04-27-06, 04:32

W32.Olmi.A@mm
Discovered on: April 26, 2006
Last Updated on: April 27, 2006 02:24:08 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.olmi.a@mm.html

Trojan.Tabela.E
Discovered on: April 26, 2006
Last Updated on: April 27, 2006 11:31:53 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.tabela.e.html

NICK ADSL UK

04-27-06, 17:28

Backdoor.Nithsys
Discovered on: April 27, 2006
Last Updated on: April 27, 2006 12:35:38 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nithsys.html

NICK ADSL UK

04-28-06, 18:29

W32.Kidala.D@mm
Discovered on: April 28, 2006
Last Updated on: April 28, 2006 11:45:13 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kidala.d@mm.html

W32.Kidala.C@mm
Discovered on: April 28, 2006
Last Updated on: April 28, 2006 04:03:05 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kidala.c@mm.html

NICK ADSL UK

04-30-06, 18:19

W32.Fakepatch@mm
Discovered on: April 30, 2006
Last Updated on: April 30, 2006 09:53:54 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.fakepatch@mm.html

W32.Nugache.A@mm
Discovered on: April 30, 2006
Last Updated on: April 30, 2006 12:52:10 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.nugache.a@mm.html

NICK ADSL UK

05-01-06, 16:32

Trojan.Hyborate
Discovered on: May 01, 2006
Last Updated on: May 01, 2006 10:02:54 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.hyborate.html

Trojan.Randsom.A
Discovered on: May 01, 2006
Last Updated on: May 01, 2006 11:50:31 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.randsom.a.html

NICK ADSL UK

05-02-06, 18:21

Trojan.Flush.G
Discovered on: May 02, 2006
Last Updated on: May 02, 2006 04:31:14 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.flush.g.htm

PWSteal.Kurofoo
Discovered on: May 02, 2006
Last Updated on: May 02, 2006 02:29:15 PM
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.kurofoo.html

W32.Beagle.EG@mm
Discovered on: May 02, 2006
Last Updated on: May 02, 2006 12:14:38 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.eg@mm.html

W32.Mytob.PO@mm
Discovered on: May 02, 2006
Last Updated on: May 02, 2006 11:17:04 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.po@mm.html

NICK ADSL UK

05-04-06, 18:52

W32.Amirecivel
Discovered on: May 04, 2006
Last Updated on: May 04, 2006 12:19:57 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.amirecivel.html

Trojan.Lootseek.AV
Discovered on: May 04, 2006
Last Updated on: May 04, 2006 03:47:19 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.lootseek.av.html

NICK ADSL UK

05-07-06, 17:12

Trojan.Archiveus
Discovered on: May 06, 2006
Last Updated on: May 06, 2006 12:27:56 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.archiveus.html

NICK ADSL UK

05-09-06, 06:20

W32.Amirecivel.B
Discovered on: May 09, 2006
Last Updated on: May 09, 2006 10:59:01 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.amirecivel.b.html

Infostealer.Gashlio
Discovered on: May 09, 2006
Last Updated on: May 09, 2006 05:27:07 PM
http://securityresponse.symantec.com/avcenter/venc/data/infostealer.gashlio.html

Backdoor.Spookdoor.Cli
Discovered on: May 08, 2006
Last Updated on: May 08, 2006 04:27:37 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.spookdoor.cli.html

Trojan.Emcodec.B
Discovered on: May 08, 2006
Last Updated on: May 08, 2006 05:10:12 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.emcodec.b.html

W32.Kittykat
Discovered on: May 07, 2006
Last Updated on: May 09, 2006 10:22:24 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kittykat.html

NICK ADSL UK

05-10-06, 18:57

VBS.Soraci.B
Discovered on: May 10, 2006
Last Updated on: May 10, 2006 02:51:32 PM
http://securityresponse.symantec.com/avcenter/venc/data/vbs.soraci.b.html

W32.Amirecivel.C
Discovered on: May 10, 2006
Last Updated on: May 10, 2006 11:50:02 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.amirecivel.c.html

Bloodhound.Exploit.68
Discovered on: May 10, 2006
Last Updated on: May 10, 2006 12:11:07 PM
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.68.html

NICK ADSL UK

05-11-06, 17:54

W32.Bactera
Discovered on: May 11, 2006
Last Updated on: May 11, 2006 04:17:07 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.bactera.html

W32.Fontra
Discovered on: May 11, 2006
Last Updated on: May 11, 2006 05:05:55 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.fontra.html

Backdoor.Zyklobot
Discovered on: May 11, 2006
Last Updated on: May 11, 2006 09:25:03 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.zyklobot.html

Trojan.Agentdoc
Discovered on: May 11, 2006
Last Updated on: May 11, 2006 02:57:26 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.agentdoc.html

NICK ADSL UK

05-12-06, 17:56

Hacktool.DDEExploit
Discovered on: May 12, 2006
Last Updated on: May 12, 2006 04:33:10 PM
http://securityresponse.symantec.com/avcenter/venc/data/hacktool.ddeexploit.html

NICK ADSL UK

05-14-06, 19:51

W32.Detnat.D
Discovered on: May 14, 2006
Last Updated on: May 14, 2006 11:49:41 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.detnat.d.html

W32.Virut.A
Discovered on: May 14, 2006
Last Updated on: May 14, 2006 06:52:50 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.virut.a.html

NICK ADSL UK

05-15-06, 18:24

W32.Areses.H@mm
Discovered on: May 15, 2006
Last Updated on: May 15, 2006 02:18:22 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.areses.h@mm.html

Backdoor.Dumbot
Discovered on: May 15, 2006
Last Updated on: May 15, 2006 03:20:18 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dumbot.html

Backdoor.Eterok
Discovered on: May 15, 2006
Last Updated on: May 15, 2006 02:13:54 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.eterok.html

Infostealer.Kurofoo.B
Discovered on: May 15, 2006
Last Updated on: May 15, 2006 04:54:50 PM
http://securityresponse.symantec.com/avcenter/venc/data/infostealer.kurofoo.b.html

W97M.Eseloes
Discovered on: May 15, 2006
Last Updated on: May 15, 2006 05:01:28 PM
http://securityresponse.symantec.com/avcenter/venc/data/w97m.eseloes.html

NICK ADSL UK

05-16-06, 18:47

Trojan.Checkraise
Discovered on: May 16, 2006
Last Updated on: May 16, 2006 11:06:12 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.checkraise.html

Trojan.Exponny.B
Discovered on: May 16, 2006
Last Updated on: May 16, 2006 11:49:40 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.exponny.b.html

Trojan.Tabela.F
Discovered on: May 16, 2006
Last Updated on: May 16, 2006 11:02:48 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.tabela.f.html

NICK ADSL UK

05-17-06, 16:50

SymbOS.Bootton.F
Discovered on: May 17, 2006
Last Updated on: May 17, 2006 01:28:28 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.bootton.f.html

SymbOS.Mabtal.B
Discovered on: May 17, 2006
Last Updated on: May 17, 2006 01:04:23 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.mabtal.b.html

NICK ADSL UK

05-18-06, 18:10

Trojan.Tabela.G
Discovered on: May 18, 2006
Last Updated on: May 18, 2006 10:27:09 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.tabela.g.html

SymbOS.Commwarrior.G
Discovered on: May 18, 2006
Last Updated on: May 18, 2006 02:03:17 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.commwarrior.g.html

SymbOS.Commwarrior.H
Discovered on: May 18, 2006
Last Updated on: May 18, 2006 03:42:48 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.commwarrior.h.html

SymbOS.Commdropper.B
Discovered on: May 18, 2006
Last Updated on: May 18, 2006 11:25:58 AM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.commdropper.b.html

Trojan.Yabe
Discovered on: May 18, 2006
Last Updated on: May 18, 2006 11:47:41 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.yabe.html

NICK ADSL UK

05-19-06, 16:50

Trojan.Nebular
Discovered on: May 19, 2006
Last Updated on: May 19, 2006 05:06:42 PM http://securityresponse.symantec.com/avcenter/venc/data/trojan.nebular.html

Infostealer.Wabber
Discovered on: May 19, 2006
Last Updated on: May 19, 2006 03:10:11 PM
http://securityresponse.symantec.com/avcenter/venc/data/infostealer.wabber.html

Backdoor.Ginwui
Discovered on: May 19, 2006
Last Updated on: May 19, 2006 01:58:02 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ginwui.html

SymbOS.Doomboot.T
Discovered on: May 19, 2006
Last Updated on: May 19, 2006 04:49:04 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.doomboot.t.html

SymbOS.RommWar.A
Discovered on: May 19, 2006
Last Updated on: May 19, 2006 04:02:32 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.rommwar.a.html

NICK ADSL UK

05-19-06, 16:51

Microsoft Word users should be extra careful about the files they download because hackers are exploiting an unpatched vulnerability in the popular word-processing software.

Security vendor McAfee warned users Thursday of a new Trojan horse program, called BackDoor-CKB!cfaae1e6, that secretly installs software on a computer. For the program to work, however, hackers must first trick users into opening a malicious Word document. Once that has been done, the results can be nasty.

Installed, the malware lets hackers "execute any external commands, download additional Trojans, capture desktop screen shots, monitor and record keystrokes or passwords," McAfee said in a statement on its Web site.

Unlike viruses and worms, Trojan horse programs do not make copies of themselves that keep spreading throughout the Internet. Hackers directly distribute the programs, which are often disguised as useful or interesting downloads.

Symantec confirmed that hackers are circulating the malware via malicious Word document e-mail attachments. But at present its use is "limited to attacks against select targets," Symantec said in a note on its DeepSight threat analysis service. The Trojan horse works on Microsoft Word 2003, but causes Word 2000 to crash without installing the malware, Symantec said.

http://www.pcworld.com/news/article/0,aid,125798,00.asp

NICK ADSL UK

05-20-06, 18:13

SymbOS.Stealwar.B
Discovered on: May 20, 2006
Last Updated on: May 20, 2006 05:24:38 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.stealwar.b.html

SymbOS.Stealwar.A
Discovered on: May 20, 2006
Last Updated on: May 20, 2006 05:13:08 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.stealwar.a.html

Backdoor.Ginwui.B
Discovered on: May 20, 2006
Last Updated on: May 20, 2006 05:04:57 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ginwui.b.html

NICK ADSL UK

05-21-06, 18:10

W32.Naras
Discovered on: May 21, 2006
Last Updated on: May 21, 2006 10:27:55 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.naras.html

Download.Swif
Discovered on: May 21, 2006
Last Updated on: May 21, 2006 04:33:05 PM
http://securityresponse.symantec.com/avcenter/venc/data/download.swif.html

SymbOS.Doomboot.U
Discovered on: May 21, 2006
Last Updated on: May 21, 2006 12:11:19 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.doomboot.u.html

NICK ADSL UK

05-22-06, 18:24

W32.Browaf
Discovered on: May 22, 2006
Last Updated on: May 22, 2006 04:17:24 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.browaf.html

NICK ADSL UK

05-23-06, 18:12

W32.Mytob.PP@mm
Discovered on: May 23, 2006
Last Updated on: May 23, 2006 01:49:31 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.pp@mm.html

Trojan.Voxom
Discovered on: May 23, 2006
Last Updated on: May 23, 2006 11:20:40 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.voxom.html

NICK ADSL UK

05-24-06, 18:41

W32.Mytob.QA@mm
Discovered on: May 24, 2006
Last Updated on: May 24, 2006 12:17:48 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.qa@mm.html

Backdoor.Haxdoor.K
Discovered on: May 24, 2006
Last Updated on: May 24, 2006 05:14:08 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.k.html

SymbOS.Cardtrp.AD
Discovered on: May 24, 2006
Last Updated on: May 24, 2006 09:27:08 AM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.cardtrp.a.d.html

Trojan.Hoosmi
Discovered on: May 24, 2006
Last Updated on: May 24, 2006 04:35:43 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.hoosmi.html

NICK ADSL UK

05-25-06, 17:11

W32.Banwarum@mm
Discovered on: May 25, 2006
Last Updated on: May 25, 2006 12:51:28 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.banwarum@mm.html

W97M.Lunedo.B
Discovered on: May 25, 2006
Last Updated on: May 25, 2006 12:32:29 PM
http://securityresponse.symantec.com/avcenter/venc/data/w97m.lunedo.b.html

SymbOS.Commwarrior.I
Discovered on: May 25, 2006
Last Updated on: May 25, 2006 11:42:26 AM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.commwarrior.i.html

SymbOS.RommWar.D
Discovered on: May 25, 2006
Last Updated on: May 25, 2006 01:12:56 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.rommwar.d.html

SymbOS.RommWar.C
Discovered on: May 25, 2006
Last Updated on: May 25, 2006 01:11:50 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.rommwar.c.html

NICK ADSL UK

06-03-06, 18:51

W32.Sinteri.A@mm
Discovered on: June 03, 2006
Last Updated on: June 03, 2006 04:13:11 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.sinteri.a@mm.html

NICK ADSL UK

06-05-06, 18:10

Trojan.Looksky
Discovered on: June 05, 2006
Last Updated on: June 05, 2006 11:19:35 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.looksky.html

NICK ADSL UK

06-06-06, 17:26

Infostealer.Bancos.AB
Discovered on: June 06, 2006
Last Updated on: June 06, 2006 03:22:00 PM
http://securityresponse.symantec.com/avcenter/venc/data/infostealer.bancos.ab.html

NICK ADSL UK

06-08-06, 18:08

W32.Timeserv@mm
Discovered on: June 08, 2006
Last Updated on: June 08, 2006 12:22:35 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.timeserv@mm.html

W32.Fijjy
Discovered on: June 08, 2006
Last Updated on: June 08, 2006 10:25:05 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.fijjy.html

Trojan.Silm
Discovered on: June 08, 2006
Last Updated on: June 08, 2006 10:24:15 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.silm.html

Backdoor.Ginwui.C
Discovered on: June 08, 2006
Last Updated on: June 08, 2006 03:31:19 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ginwui.c.html

Trojan.Mdropper.I
Discovered on: June 08, 2006
Last Updated on: June 08, 2006 03:31:42 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.mdropper.i.html

NICK ADSL UK

06-09-06, 18:03

W32.Nopir.D
Discovered on: June 09, 2006
Last Updated on: June 09, 2006 11:41:30 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.nopir.d.html

NICK ADSL UK

06-11-06, 18:24

Downloader.Bancos
Discovered on: June 10, 2006
Last Updated on: June 11, 2006 12:33:31 PM
http://securityresponse.symantec.com/avcenter/venc/data/downloader.bancos.html

W32.Detnat.F
Discovered on: June 10, 2006
Last Updated on: June 10, 2006 06:14:45 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.detnat.f.html

NICK ADSL UK

06-12-06, 17:37

JS.Yamanner@m
Discovered on: June 12, 2006
Last Updated on: June 12, 2006 03:10:20 PM
http://securityresponse.symantec.com/avcenter/venc/data/js.yamanner@m.html

Trojan.Skowr
Discovered on: June 12, 2006
Last Updated on: June 12, 2006 05:10:15 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.skowr.html

W32.Detnat.G
Discovered on: June 12, 2006
Last Updated on: June 12, 2006 05:05:20 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.detnat.g.html

NICK ADSL UK

06-13-06, 17:54

Backdoor.Eterok.C
Discovered on: June 13, 2006
Last Updated on: June 13, 2006 01:15:59 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.eterok.c.html

Backdoor.Daserf
Discovered on: June 13, 2006
Last Updated on: June 13, 2006 05:23:54 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.daserf.html

NICK ADSL UK

06-14-06, 18:34

Infostealer.Sealoln
Discovered on: June 14, 2006
Last Updated on: June 14, 2006 11:48:10 AM
http://securityresponse.symantec.com/avcenter/venc/data/infostealer.sealoln.html

Downloader.Booli.A
Discovered on: June 14, 2006
Last Updated on: June 14, 2006 12:59:02 PM
http://securityresponse.symantec.com/avcenter/venc/data/downloader.booli.a.html

Trojan.Mdropper.J
Discovered on: June 14, 2006
Last Updated on: June 14, 2006 12:59:36 PM http://securityresponse.symantec.com/avcenter/venc/data/trojan.mdropper.j.html

NICK ADSL UK

06-15-06, 17:56

Backdoor.Naninf.E
Discovered on: June 15, 2006
Last Updated on: June 15, 2006 02:22:56 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.naninf.e.html

Infostealer.Yohokie
Discovered on: June 15, 2006
Last Updated on: June 15, 2006 04:55:37 PM
http://securityresponse.symantec.com/avcenter/venc/data/infostealer.yohokie.html

Trojan.Slapew
Discovered on: June 15, 2006
Last Updated on: June 15, 2006 04:57:50 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.slapew.html

Backdoor.Haxdoor.M
Discovered on: June 15, 2006
Last Updated on: June 15, 2006 10:58:07 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.m.html

NICK ADSL UK

06-16-06, 18:02

A security flaw in the PayPal web site is being actively exploited by fraudsters to steal credit card numbers and other personal information belonging to PayPal users. The issue was reported to Netcraft today via our anti-phishing toolbar.

The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS).
http://news.netcraft.com/archives/2006/06/16/paypal_security_flaw_allows_identity_theft.html

NICK ADSL UK

06-17-06, 18:14

Trojan.Tooso.R
Discovered on: June 16, 2006
Last Updated on: June 17, 2006 11:49:46 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.tooso.r.html

W32.Beagle.FD@mm
Discovered on: June 16, 2006
Last Updated on: June 17, 2006 11:49:22 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.fd@mm.html

Backdoor.Ripgof.B
Discovered on: June 16, 2006
Last Updated on: June 16, 2006 12:59:44 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ripgof.b.html

W32.Looked.J
Discovered on: June 16, 2006
Last Updated on: June 17, 2006 05:13:20 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.looked.j.html

Trojan.Lodear.J
Discovered on: June 16, 2006
Last Updated on: June 17, 2006 11:49:38 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.lodear.j.html

W32.Revolnam
Discovered on: June 16, 2006
Last Updated on: June 16, 2006 07:55:20 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.revolnam.html

Infostealer.Gamania
Discovered on: June 16, 2006
Last Updated on: June 17, 2006 11:49:30 AM
http://securityresponse.symantec.com/avcenter/venc/data/infostealer.gamania.html

W32.Sality.R
Discovered on: June 16, 2006
Last Updated on: June 16, 2006 08:01:06 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.sality.r.html

NICK ADSL UK

06-19-06, 18:23

Infostealer.Wowcraft.D
Discovered on: June 19, 2006
Last Updated on: June 19, 2006 05:31:15 PM
http://securityresponse.symantec.com/avcenter/venc/data/infostealer.wowcraft.d.html

Trojan.Haradong
Discovered on: June 19, 2006
Last Updated on: June 19, 2006 12:19:41 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.haradong.html

NICK ADSL UK

06-21-06, 06:45

W32.Beagle.FF@mm
Discovered on: June 20, 2006
Last Updated on: June 20, 2006 02:22:54 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ff@mm.html

Infostealer.Nailmews
Discovered on: June 20, 2006
Last Updated on: June 21, 2006 02:48:44 PM
http://securityresponse.symantec.com/avcenter/venc/data/infostealer.nailmews.html

Downloader.Centim
Discovered on: June 20, 2006
Last Updated on: June 21, 2006 04:38:41 PM
http://securityresponse.symantec.com/avcenter/venc/data/downloader.centim.html

Infostealer.Orcu
Discovered on: June 20, 2006
Last Updated on: June 21, 2006 01:34:17 PM
http://securityresponse.symantec.com/avcenter/venc/data/infostealer.orcu.html

MSIL.Kolilo
Discovered on: June 20, 2006
Last Updated on: June 20, 2006 05:13:08 PM
http://securityresponse.symantec.com/avcenter/venc/data/msil.kolilo.html

W32.Sixem.A@mm
Discovered on: June 20, 2006
Last Updated on: June 20, 2006 12:26:46 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.sixem.a@mm.html

NICK ADSL UK

06-22-06, 18:06

W32.Amirecivel.E@mm
Discovered on: June 22, 2006
Last Updated on: June 22, 2006 02:30:31 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.amirecivel.e@mm.html

SymbOS.Dropper.A
Discovered on: June 22, 2006
Last Updated on: June 22, 2006 02:57:20 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.dropper.a.html

SymbOS.Cardtrp.AG
Discovered on: June 22, 2006
Last Updated on: June 22, 2006 02:51:54 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.cardtrp.ag.html

Trojan.Flemex
Discovered on: June 22, 2006
Last Updated on: June 22, 2006 12:47:26 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.flemex.html

W32.Kraze
Discovered on: June 22, 2006
Last Updated on: June 22, 2006 10:33:19 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kraze.html

NICK ADSL UK

06-24-06, 17:03

W32.Kidala.E@mm
Discovered on: June 23, 2006
Last Updated on: June 23, 2006 01:30:35 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kidala.e@mm.html

Trojan.Frogexer!gen
Discovered on: June 23, 2006
Last Updated on: June 23, 2006 08:58:57 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.frogexer!gen.html

Trojan.Hlinic
Discovered on: June 23, 2006
Last Updated on: June 24, 2006 11:06:27 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.hlinic.html

Downloader.Booli.B
Discovered on: June 23, 2006
Last Updated on: June 23, 2006 01:44:48 PM
http://securityresponse.symantec.com/avcenter/venc/data/downloader.booli.b.html

Perl.Lekbot.B
Discovered on: June 23, 2006
Last Updated on: June 23, 2006 11:02:09 AM
http://securityresponse.symantec.com/avcenter/venc/data/perl.lekbot.b.html

Backdoor.Ginwui.D
Discovered on: June 23, 2006
Last Updated on: June 24, 2006 11:45:33 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ginwui.d.html

Backdoor.Pahador
Discovered on: June 23, 2006
Last Updated on: June 24, 2006 11:01:03 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.pahador.html

Trojan.Kuserv
Discovered on: June 23, 2006
Last Updated on: June 23, 2006 11:56:14 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.kuserv.html
Backdoor.Rajump
Discovered on: June 23, 2006
Last Updated on: June 23, 2006 02:21:28 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.rajump.html

SymbOS.Commdropper.F
Discovered on: June 23, 2006
Last Updated on: June 23, 2006 12:47:53 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.commdropper.f.html

NICK ADSL UK

06-26-06, 18:06

Backdoor.Beasty.J
Discovered on: June 26, 2006
Last Updated on: June 26, 2006 01:12:42 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.j.html

Trojan.Exobre
Discovered on: June 26, 2006
Last Updated on: June 26, 2006 12:52:26 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.exobre.html

BAT.Antir
Discovered on: June 26, 2006
Last Updated on: June 26, 2006 04:59:21 PM
http://securityresponse.symantec.com/avcenter/venc/data/bat.antir.html

Trojan.Gared
Discovered on: June 26, 2006
Last Updated on: June 26, 2006 02:47:17 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.gared.html

Backdoor.Hacarmy.G
Discovered on: June 26, 2006
Last Updated on: June 26, 2006 01:10:01 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hacarmy.g.html

Infostealer.Panobu
Discovered on: June 25, 2006
Last Updated on: June 26, 2006 12:54:31 PM
http://securityresponse.symantec.com/avcenter/venc/data/infostealer.panobu.html

Downloader.Browsilla
Discovered on: June 25, 2006
Last Updated on: June 26, 2006 12:54:12 PM
http://securityresponse.symantec.com/avcenter/venc/data/downloader.browsilla.html

NICK ADSL UK

06-28-06, 18:49

W32.Icogon
Discovered on: June 28, 2006
Last Updated on: June 28, 2006 04:55:26 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.icogon.html

W32.Banleed.B
Discovered on: June 28, 2006
Last Updated on: June 28, 2006 03:00:10 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.banleed.b.html

NICK ADSL UK

06-29-06, 18:22

Backdoor.Graybird.S
Discovered on: June 29, 2006
Last Updated on: June 29, 2006 10:19:03 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.s.html

W32.Resik.A
Discovered on: June 29, 2006
Last Updated on: June 29, 2006 11:27:52 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.resik.a.html

Trojan.Bookmarker.K
Discovered on: June 29, 2006
Last Updated on: June 29, 2006 04:28:05 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.bookmarker.k.html

NICK ADSL UK

06-30-06, 17:41

OSX.Exploit.Launchd
Discovered on: June 30, 2006
Last Updated on: June 30, 2006 03:14:13 PM
http://securityresponse.symantec.com/avcenter/venc/data/osx.exploit.launchd.html

Trojan.Zlob.L
Discovered on: June 30, 2006
Last Updated on: June 30, 2006 11:35:33 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.zlob.l.html

W32.Areses.P@mm
Discovered on: June 30, 2006
Last Updated on: June 30, 2006 12:56:54 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.areses.p@mm.html

NICK ADSL UK

07-03-06, 18:10

W32.Sixem.C@mm
Discovered on: July 02, 2006
Last Updated on: July 03, 2006 11:06:28 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.sixem.c@mm.html

W32.Amirecivel.F@mm
Discovered on: July 02, 2006
Last Updated on: July 03, 2006 04:45:21 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.amirecivel.f@mm.html

SymbOS.Cdropper.Q
Discovered on: July 02, 2006
Last Updated on: July 03, 2006 04:24:13 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.cdropper.q.html

NICK ADSL UK

07-05-06, 18:02

Infostealer.Svcstor
Discovered on: July 05, 2006
Last Updated on: July 05, 2006 05:12:28 PM
http://securityresponse.symantec.com/avcenter/venc/data/infostealer.svcstor.html

Backdoor.Rustock.B
Discovered on: July 05, 2006
Last Updated on: July 05, 2006 11:58:27 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.rustock.b.html

Trojan.Lodeight.C
Discovered on: July 05, 2006
Last Updated on: July 05, 2006 09:39:53 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.lodeight.c.html

Trojan.Hongmosa
Discovered on: July 04, 2006
Last Updated on: July 05, 2006 04:30:47 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.hongmosa.html

W32.Esbot.E
Discovered on: July 04, 2006
Last Updated on: July 05, 2006 01:12:19 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.esbot.e.html

SymbOS.Doomboot.W
Discovered on: July 04, 2006
Last Updated on: July 05, 2006 11:57:26 AM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.doomboot.w.html

SymbOS.Doomboot.V
Discovered on: July 04, 2006
Last Updated on: July 05, 2006 10:31:43 AM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.doomboot.v.html

W32.Audio
Discovered on: July 04, 2006
Last Updated on: July 05, 2006 01:28:52 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.audio.html

NICK ADSL UK

07-06-06, 18:35

W32.Banwarum.G@mm
Discovered on: July 06, 2006
Last Updated on: July 06, 2006 06:32:59 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.banwarum.g@mm.html

Trojan.Nakani
Discovered on: July 06, 2006
Last Updated on: July 06, 2006 02:22:06 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.nakani.html

SymbOS.Cabir.X
Discovered on: July 06, 2006
Last Updated on: July 06, 2006 12:27:52 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.cabir.x.html

NICK ADSL UK

07-08-06, 18:28

W32.Jalabed.B@mm
Discovered on: July 07, 2006
Last Updated on: July 08, 2006 12:19:59 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.jalabed.b@mm.html

NICK ADSL UK

07-10-06, 18:20

Trojan.Mdropper.K
Discovered on: July 10, 2006
Last Updated on: July 10, 2006 06:23:29 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.mdropper.k.html

Backdoor.Sdbot.AU
Discovered on: July 10, 2006
Last Updated on: July 10, 2006 06:23:44 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.au.html

Backdoor.Pcclient.B
Discovered on: July 10, 2006
Last Updated on: July 10, 2006 12:12:23 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.pcclient.b.html

VBS.Birhip
Discovered on: July 09, 2006
Last Updated on: July 10, 2006 10:50:07 AM
http://securityresponse.symantec.com/avcenter/venc/data/vbs.birhip.html

NICK ADSL UK

07-11-06, 18:29

Trojan.Mdropper.K
Discovered on: July 10, 2006
Last Updated on: July 11, 2006 09:30:40 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.mdropper.k.html

Backdoor.Sdbot.AU
Discovered on: July 10, 2006
Last Updated on: July 11, 2006 11:54:18 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.au.html

Backdoor.Pcclient.B
Discovered on: July 10, 2006
Last Updated on: July 11, 2006 09:09:58 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.pcclient.b.html

NICK ADSL UK

07-12-06, 18:13

W32.Looked.P
Discovered on: July 12, 2006
Last Updated on: July 12, 2006 01:41:31 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.looked.p.html

W32.Dozic
Discovered on: July 12, 2006
Last Updated on: July 12, 2006 03:43:21 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.dozic.html

Backdoor.Haxdoor.N
Discovered on: July 12, 2006
Last Updated on: July 12, 2006 11:17:50 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.n.html

Trojan.PPDropper.B
Discovered on: July 12, 2006
Last Updated on: July 12, 2006 02:31:54 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html

W32.Looked.O
Discovered on: July 11, 2006
Last Updated on: July 12, 2006 11:40:13 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.looked.o.html

Infostealer.Corepias
Discovered on: July 11, 2006
Last Updated on: July 12, 2006 11:24:20 AM
http://securityresponse.symantec.com/avcenter/venc/data/infostealer.corepias.html

Trojan.Dachri
Discovered on: July 11, 2006
Last Updated on: July 12, 2006 11:25:21 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.dachri.html

NICK ADSL UK

07-16-06, 11:26

Trojan.FrozzieRisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 15, 2006
Updated: July 15, 2006 03:38:55 PM GDT
Also Known As: DoS.Frozzie
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
http://www.symantec.com/security_response/writeup.jsp?docid=2006-071513-5923-99

Perl.RaumoniRisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 14, 2006
Updated: July 14, 2006 11:36:01 AM GDT
Type: Worm
Infection Length: 38,374 bytes or 31,235 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
http://www.symantec.com/security_response/writeup.jsp?docid=2006-071414-2632-99

NICK ADSL UK

07-18-06, 18:36

Trojan.Gobrena.BRisk Level 1: Very Low
Discovered: July 18, 2006
Updated: July 18, 2006 05:42:35 PM GDT
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Trojan.Gobrena.B is a Trojan horse that downloads and executes files.
http://www.symantec.com/security_response/writeup.jsp?docid=2006-071815-1251-99

Trojan.Clagger.BRisk Level 1: Very Low
Discovered: July 18, 2006
Updated: July 18, 2006 03:20:53 PM GDT
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Trojan.Clagger.B is a Trojan horse that attempts to download and execute a file from the Internet.
http://www.symantec.com/security_response/writeup.jsp?docid=2006-071814-0044-99

NICK ADSL UK

07-19-06, 18:35

Trojan.Clagger.BRisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 18, 2006
Updated: July 19, 2006 05:11:19 PM GDT
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Trojan.Clagger.B is a Trojan horse that attempts to download and execute a file from the Internet.
http://www.symantec.com/security_response/writeup.jsp?docid=2006-071814-0044-99

Trojan.Gobrena.BRisk Level 1: Very LowPrinter Friendly Page
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 18, 2006
Updated: July 19, 2006 09:44:32 AM ZE9
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Trojan.Gobrena.B is a Trojan horse that downloads and executes files.
http://www.symantec.com/security_response/writeup.jsp?docid=2006-071815-1251-99

NICK ADSL UK

07-21-06, 19:09

Backdoor.GlupzyRisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 21, 2006
Updated: July 21, 2006 04:05:03 PM GDT
Type: Trojan Horse
Infection Length: 21185 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Backdoor.Glupzy is a Trojan horse that changes the administrator password on the compromised computer.
http://www.symantec.com/security_response/writeup.jsp?docid=2006-072111-1111-99

JS.StartPage.BRisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 20, 2006
Updated: July 21, 2006 11:43:04 AM GDT
Type: Trojan Horse
Infection Length: 5004 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

JS.StartPage.B is a JavaScript Trojan horse program that modifies the Internet Explorer home page and disables the registry editor.
http://www.symantec.com/security_response/writeup.jsp?docid=2006-072015-4209-99

NICK ADSL UK

07-24-06, 18:13

Backdoor.Haxdoor.ORisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL
http://www.symantec.com/security_response/writeup.jsp?docid=2006-072413-3859-99&tabid=1
Discovered: July 23, 2006
Updated: July 24, 2006 03:35:58 PM PDT
Also Known As: Backdoor.Haxdoor.I
Type: Trojan Horse
Infection Length: 56,276 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Backdoor.Haxdoor.O is a Trojan horse program that opens a back door on the compromised computer and allows a remote attacker to have unauthorized access. It also logs keystrokes, steals passwords, and drops rootkits that run in safe mode.

This Trojan appears to have been spammed through email to multiple users in a .zip file attachment.

Note: Virus definitions released prior to July 25, 2006 may detect this threat as Backdoor.Haxdoor.I.

Fer.KruelRisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL
http://www.symantec.com/security_response/writeup.jsp?docid=2006-072315-4310-99
Discovered: July 23, 2006
Updated: July 24, 2006 05:09:15 PM GDT
Also Known As: FER_KRUEL.A [TREND MICROSYSTEMS]
Type: Virus
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Fer.Kruel is a ferite script-based virus that will overwrite other ferite script files. The script virus will run on any platform that supports ferite scripts.

NICK ADSL UK

07-25-06, 18:15

W32.Amirecivel.H@mmRisk Level 2: Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 25, 2006
Updated: July 25, 2006 12:49:20 PM PDT
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

W32.Amirecivel.H@mm is a mass-mailing worm that also spreads through file-sharing networks. The worm requires Microsoft .Net Framework 2.0 in order to run.
http://www.symantec.com/security_response/writeup.jsp?docid=2006-072514-2118-99

W32.DarjenRisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 25, 2006
Updated: July 26, 2006 02:05:42 AM ZE9
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

W32.Darjen is a worm that copies itself to drives on the local computer.
http://www.symantec.com/security_response/writeup.jsp?docid=2006-072512-1925-99

NICK ADSL UK

07-28-06, 18:39

Backdoor.TrickerRisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 28, 2006
Updated: July 28, 2006 08:17:59 AM ZE9
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Backdoor.Tricker is a back door Trojan horse that replaces MSN Instant Messenger and downloads remote files.
http://www.symantec.com/security_response/writeup.jsp?docid=2006-072811-3757-99

NICK ADSL UK

08-01-06, 18:27

Symantec.com > Security Response > W32.Draggdor
W32.DraggdorRisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: August 1, 2006
Updated: August 1, 2006 12:19:33 PM GDT
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

W32.Draggdor is a worm that spreads by copying itself to local folders and network drives. It also opens a back door on the compromised computer.
http://www.symantec.com/security_response/writeup.jsp?docid=2006-080116-5635-99

Trojan.Emcodec.FRisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: August 1, 2006
Updated: August 1, 2006 11:46:57 AM PDT
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Trojan.Emcodec.F is a Trojan horse that drops and executes a copy of Trojan.Zlob. The Trojan masquerades as an installer for IntCodec 6.0.

http://www.symantec.com/security_response/writeup.jsp?docid=2006-080111-1618-99

NICK ADSL UK

08-05-06, 18:34

W32.Munia!inf Risk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: August 5, 2006
Updated: August 5, 2006 05:21:42 PM GDT
Type: Virus
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

W32.Munia!inf is a detection that detects files that are infected by the W32.Munia virus.
http://www.symantec.com/security_response/writeup.jsp?docid=2006-080515-1424-99

W32.Munia Risk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: August 5, 2006
Updated: August 5, 2006 03:29:51 PM GDT
Type: Virus
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

W32.Munia is a virus that infects executable files when the target file is opened. It also steals password information.
http://www.symantec.com/security_response/writeup.jsp?docid=2006-080510-5539-99

NICK ADSL UK

08-10-06, 18:48

W64.BoundsRisk Level 1: Very Low
SUMMARY Discovered: August 9, 2006
Updated: August 10, 2006 10:02:34 AM ZE9
Type: Virus
Systems Affected: Windows 64-bit (IA64)

W64.Bounds is a virus that infects 64-bit Windows executable files.

Symantec Security Response is currently investigating this threat and will post more information as it becomes available.
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-081009-3153-99

W32.BoundsRisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: August 9, 2006
Updated: August 10, 2006 09:58:41 AM ZE9
Type: Virus
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

W32.Bounds is a proof of concept polymorphic entrypoint-obscuring infector of Windows executable files.

http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-080913-5115-99

NICK ADSL UK

08-13-06, 11:38

QUOTE
Advisory
This is a THREAT Advisory for IRC-Mocbot!MS06-040.

Justification
IRC-Mocbot!MS06-040, which exploits the recently-patched MS06-040 Server Service vulnerability, was discovered late
Saturday night. An extra.dat is available at the link below. VirusScan and Entercept/HIPS Buffer Overflow Protection does
not protect against this threat. DATs are being released early as a preventative measure, although reports from the field
are still low.

Read About It
Information about IRC-Mocbot!MS06-040 is located on VIL at: http://vil.nai.com/vil/content/v_140394.htm

Detection
IRC-Mocbot!MS06-040 was first discovered on 8/12/2006 and detection will be added to the 4828 dat files (Release Date:
8/13/2006).

An EXTRA.DAT file may be downloaded via the McAfee AVERT Extra.dat Request Page:
<https://www.webimmune.net/extra/getextra.aspx>

If you suspect you have IRC-Mocbot!MS06-040, please submit a sample to <http://www.webimmune.net>

Risk Assessment Definition
For further information on the Risk Assessment and Avert Labs Recommended Actions please see:
http://www.mcafee.com/us/threat_center/outbreaks/virus_library/risk_assessment.html

NICK ADSL UK

08-14-06, 18:06

Backdoor.Ranky.XRisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: August 14, 2006
Updated: August 14, 2006 01:25:31 PM PDT
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Backdoor.Ranky.X is a back door Trojan horse that allows the compromised computer to be used as a covert proxy. The threat is downloaded by the W32.Wargbot worm. The threat opens a back door on a randomly chosen TCP port.

http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-081415-2212-99

NICK ADSL UK

08-17-06, 17:44

Backdoor.Haxdoor.PRisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: August 17, 2006
Updated: August 17, 2006 04:56:38 PM GDT
Also Known As: Backdoor.Haxdoor.IS [Trend]
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Backdoor.Haxdoor.P is a Trojan horse that opens a back door on the compromised computer and allows a remote attacker to have unauthorized access.
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-081712-1915-99

NICK ADSL UK

08-21-06, 17:56

Trojan.BaklomaRisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: August 21, 2006
Updated: August 21, 2006 03:12:11 PM PDT
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Trojan.Bakloma is a Trojan horse that steals information from the compromised computer. The Trojan may be installed when a user clicks on a link contained within a spam email that masquerades as being a security warning from Symantec.

Note: Definitions prior to August 23, 2006 may detect this threat as Infostealer or Trojan Horse.
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-082112-4801-99

NICK ADSL UK

08-25-06, 18:25

Trojan.Mdropper.ORisk Level 1: Very Low
SUMMARY Discovered: August 25, 2006
Updated: August 25, 2006 11:06:42 AM PDT
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Trojan.Mdropper.O is a Trojan horse that may exploit an unverified vulernability affecting Microsoft Word to drop an executable file.

Symantec Security Response is currently investigating this threat and will post more information as it becomes available.
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-082510-2812-99

NICK ADSL UK

09-02-06, 18:17

W32.Bacalid!infRisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: September 1, 2006
Updated: September 2, 2006 11:59:07 AM GDT
Type: Virus
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
http://www.symantec.com/security_response/writeup.jsp?docid=2006-090112-1337-99

W32.Mobler.ARisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: September 1, 2006
Updated: September 2, 2006 02:13:01 PM GDT
Also Known As: WORM_MOBLER.A [Trend Micro]
Type: Worm
Infection Length: 287,744 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
http://www.symantec.com/security_response/writeup.jsp?docid=2006-090110-0812-99

NICK ADSL UK

09-05-06, 18:17

Trojan.Schoeberl.DRisk Level 1: Very Low
SUMMARY TECHNICAL DETAILS REMOVAL Discovered: September 5, 2006
Updated: September 5, 2006 02:17:59 PM GDT
Type: Trojan Horse
Infection Length: 16,384 bytes.
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Trojan.Schoeberl.D is a Trojan horse that downloads and executes remote files on the compromised computer.
http://www.symantec.com/home_homeoffice/security_response/writeup.jsp?docid=2006-090512-5620-99

NICK ADSL UK

09-08-06, 17:03

W32.KinerRisk Level 1: Very Low
SUMMARY Discovered: September 8, 2006
Updated: September 8, 2006 10:39:34 AM PDT
Type: Virus
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

W32.Kiner is a virus that spreads by infecting executable files.
http://www.symantec.com/home_homeoffice/security_response/writeup.jsp?docid=2006-090810-3458-99

NICK ADSL UK

09-13-06, 19:03

VULNERABILITY ALERT:
Microsoft Publisher remote code execution vulnerability
RISK LEVEL: High

On Wednesday, September 13, 2006 , the CA Security Advisory Team is issuing an alert regarding a high risk level vulnerability threat called Microsoft Publisher remote code execution vulnerability.

For more information, including our remediation steps, please visit our detail page.

http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34566

NICK ADSL UK

09-15-06, 17:06

Microsoft Security Advisory (925444)
Vulnerability in the Microsoft DirectAnimation Path ActiveX Control Could Allow Remote Code Execution
Published: September 14, 2006

Microsoft is investigating new public reports of vulnerability in Microsoft Internet Explorer on Windows 2000 Service Pack 4, on Windows XP Service Pack 1, and on Windows XP Service Pack 2. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. We are also aware of proof of concept code published publicly but we are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. We will continue to investigate these public reports.

The ActiveX control is the Microsoft DirectAnimation Path ActiveX control, which is included in Daxctle.ocx.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. A security update will be released through our monthly release process or an out-of-cycle security update will be provided, depending on customer needs.

Mitigating Factors:

• In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site.

• An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• The Restricted sites zone helps reduce attacks that could try to exploit this vulnerability by preventing Active Scripting from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, they could still be vulnerable to this issue through the Web-based attack scenario.

By default, Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail messages in the Restricted sites zone. Additionally, Outlook 2000 opens HTML e-mail messages in the Restricted sites zone if the Outlook E-mail Security Update has been installed. Outlook Express 5.5 Service Pack 2 opens HTML e-mail messages in the Restricted sites zone if Microsoft Security Bulletin MS04-018 has been installed.

• By default, Internet Explorer on Windows Server 2003 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability because ActiveX and Active Scripting are disabled by default.

http://www.microsoft.com/technet/security/advisory/925444.mspx

NICK ADSL UK

09-25-06, 17:30

Ubuntu Security Notice - Thunderbird vulnerabilities (USN-352-1)

===========================================================
Ubuntu Security Notice USN-352-1 September 25, 2006
mozilla-thunderbird vulnerabilities
CVE-2006-4253, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566,
CVE-2006-4567, CVE-2006-4570, CVE-2006-4571
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
mozilla-thunderbird 1.5.0.7-0ubuntu0.6.06

After a standard system upgrade you need to restart Thunderbird to
effect the necessary changes.

Details follow:

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious email containing JavaScript. Please note that JavaScript
is disabled by default for emails, and it is not recommended to enable
it. (CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4571)

The NSS library did not sufficiently check the padding of PKCS #1 v1.5
signatures if the exponent of the public key is 3 (which is widely
used for CAs). This could be exploited to forge valid signatures
without the need of the secret key. (CVE-2006-4340)

http://www.net-security.org/advisory.php?id=6742

NICK ADSL UK

10-23-06, 17:35

W32.Stration.DD@mmRisk Level 2: Low

Discovered: October 22, 2006
Updated: October 23, 2006 11:20:41 AM GDT
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

W32.Stration.DD@mm is a mass-mailing worm that attempts to download files from the Internet.
http://www.symantec.com/home_homeoffice/security_response/writeup.jsp?docid=2006-102311-3614-99

NICK ADSL UK

11-04-06, 18:34

Microsoft Security Advisory (927892)
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
Published: November 3, 2006

Microsoft is investigating public reports of a vulnerability in the XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 on Windows. We are aware of limited attacks that are attempting to use the reported vulnerability.

Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. Customers would need to visit an attacker’s Web site to be at risk. We will continue to investigate these public reports.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. A security update will be released through our monthly release process or an out-of-cycle security update will be provided, depending on customer needs.

Customers are encouraged to keep their anti-virus software up to date.

Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources. For more information about Safe Browsing, visit the Trustworthy Computing Web site.

We continue to encourage customers to follow our Protect Your PC guidance of enabling a firewall, applying software updates and installing antivirus software. Customers can learn more about these steps at the Protect Your PC Web site.

Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside the U.S. should contact the national law enforcement agency in their country.

Customers who believe they may have been affected by this issue can also contact Product Support Services. You can contact Product Support Services in the United States and Canada at no charge using the PC Safety line (1 866-PCSAFETY). Customers outside of the United States and Canada can locate the number for no-charge virus support by visiting the Microsoft Help and Support Web site.

Mitigating Factors:

• In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site.

• An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• The Restricted sites zone helps reduce attacks that could try to exploit this vulnerability by preventing Active Scripting from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, they could still be vulnerable to this issue through the Web-based attack scenario.

By default, Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail messages in the Restricted sites zone. Additionally, Outlook 2000 opens HTML e-mail messages in the Restricted sites zone if the Outlook E-mail Security Update has been installed. Outlook Express 5.5 Service Pack 2 opens HTML e-mail messages in the Restricted sites zone if Microsoft Security Bulletin MS04-018 has been installed.

• By default, Internet Explorer on Windows Server 2003 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability because ActiveX and Active Scripting are disabled by default.

http://www.microsoft.com/technet/security/...ory/927892.mspx (http://www.microsoft.com/technet/security/advisory/927892.mspx)

NICK ADSL UK

11-09-06, 17:33

Microsoft Security Bulletin MS06-042
Cumulative Security Update for Internet Explorer (918899)
Published: August 8, 2006 | Updated: November 8, 2006

Version: 3.1

Summary
Who should read this document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces several prior security updates. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

Caveats: On September 12, 2006, this Security Bulletin and Internet Explorer 6 Service Pack 1, Internet Explorer 5.01 Service Pack 4, and Internet Explorer 6 for Microsoft Windows Server 2003 security updates were updated to address a vulnerability documented in the Vulnerability Details section as Long URL Buffer Overflow – CVE-2006-3873. Customers using these versions of Internet Explorer should apply the new update immediately.

On August 24, 2006 this Security Bulletin and the Internet Explorer 6 Service Pack 1 security updates were updated to address an issue documented in Microsoft Knowledge Base Article 923762. This issue may lead to an additional buffer overrun condition only affecting Internet Explorer 6 Service Pack 1 customers that have applied the original version of that update released August 8th, 2006. The security issue is documented in the Vulnerability Details section as Long URL Buffer Overflow – CVE-2006-3869. Internet Explorer 6 Service Pack 1 Customers should apply the new update immediately.

Microsoft Knowledge Base Article 918899 documents this and any other currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 918899.

Tested Software and Security Update Download Locations:

Affected Software:

• Microsoft Windows 2000 Service Pack 4

• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

• Microsoft Windows XP Professional x64 Edition

• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

• Microsoft Windows Server 2003 x64 Edition

Tested Microsoft Windows Components:

Affected Components:

• Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 — Download the update

• Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1 — Download the update

• Internet Explorer 6 for Microsoft Windows XP Service Pack 2 — Download the update

• Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 — Download the update

• Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems — Download the update

• Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition — Download the update

• Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition — Download the update

The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.

Note The security updates for Microsoft Windows Server 2003, Windows Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows Server 2003 R2.

http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx

NICK ADSL UK

11-29-06, 17:33

Adobe Security Advisory: Potential vulnerabilities in Adobe Reader and Acrobat

Summary

Adobe is aware of a recently published report of potential vulnerabilities in Adobe Reader and Acrobat. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.

Affected software versions

Adobe Reader 7.0.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0.0 through 7.0.8 on the Windows platform when using Internet Explorer. Users of other browsers are not affected.
Solution

The Secure Software Engineering team is working with the Adobe Reader Engineering team on an update to Adobe Reader and Acrobat 7.0.8 that will resolve these issues, which is expected to be available in the near future. A security bulletin will be published on http://www.adobe.com/support/security as soon as that update is available.

The upcoming version of Adobe Reader, which will not be vulnerable to this issue, is also expected to be available in the near future. Acrobat 8 is not affected by this issue. The vulnerability is in an ActiveX control used by Internet Explorer; users of other browsers are not affected. The following workaround will prevent these vulnerabilities from occurring in Adobe Reader 7.0.X on Windows using Internet Explorer:

Exit Internet Explorer and Adobe Reader.
Browse to <volume>:\Program Files\Adobe\Acrobat 7.0\ActiveX. Note: If you did not install Acrobat to the default location, browse to the location of your Acrobat 7.0 folder.
Select AcroPDF.dll and delete it.

NOTE: This workaround will prevent PDF documents from opening within an Internet Explorer window. After applying this workaround, clicking on PDF files within Internet Explorer will either open in a separate instance of Adobe Reader or the user will be prompted to download the file, which can then be opened in Adobe Reader. This workaround may disrupt some enterprise workflows and use of PDF forms.

http://www.adobe.com/support/security/advi.../apsa06-02.html (http://www.adobe.com/support/security/advisories/apsa06-02.html)

NICK ADSL UK

12-06-06, 09:48

Microsoft Security Advisory (929433)
Vulnerability in Microsoft Word Could Allow Remote Code Execution

Microsoft is investigating a new report of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.

In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.

As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

http://www.microsoft.com/technet/security/advisory/929433.mspx

NICK ADSL UK

12-08-06, 16:12

Microsoft Windows Media Player ASX Playlist Remote Command Execution Vulnerability

A vulnerability has been identified in Microsoft Windows Media Player, which could be exploited by remote attackers to compromise a vulnerable system or cause a denial of service. This flaw is due to a buffer overflow error in the Windows Media Playback/Authoring library (WMVCORE.DLL) when processing ASX Playlists containing an overly long "REF HREF" tag, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page.

Affected Products
Microsoft Windows Media Player 10
Microsoft Windows Media Player 9

Solutions
Upgrade to Microsoft Windows Media Player 11 :
http://www.microsoft.com/windows/windowsmedia/default.mspx

http://www.frsirt.com/english/advisories/2006/4882

NICK ADSL UK

12-25-06, 09:40

Microsoft Security Bulletin Re-Releases
Issued: December 19, 2006
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS06-078

Bulletin Information:
=====================

* MS06-078

- http://www.microsoft.com/technet/security/...n/ms06-078.mspx (http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx)
- Reason for Revision: Bulletin updated has been revised and
re-released for the Korean only package on Microsoft Windows
Media Runtime Format 7.1 and 9.0 Series Runtime on Windows
2000 Service Pack 4 to address the issues identified in
Microsoft Knowledge Base Article 923689. Additional clarity
around file versions in the "I've installed the Windows Media
Format Runtime security update. What version of Windows Media
Format Runtime should I have installed?" in the "Frequently
Asked Questions (FAQ) Related to this Security Update" section.
- Originally posted: December 12, 2006
- Updated: December 19, 2006
- Bulletin Severity Rating: Critical
- Version: 2.0

NICK ADSL UK

12-29-06, 18:22

Microsoft Security Bulletin MS06-078
Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)
Published: December 12, 2006 | Updated: December 27, 2006

Version: 2.1

Summary
Who Should Read this Document: Customers who use Microsoft Windows Media Formats

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately

Security Update Replacement: None

Caveats: None

Tested Software and Security Update Download Locations:

http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx

NICK ADSL UK

12-29-06, 18:23

Microsoft Security Bulletin MS06-012
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)
Published: March 14, 2006 | Updated: December 27, 2006

Version: 1.5

Summary
Who should read this document: Customers who use Microsoft Office

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces several prior security updates. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

Caveats: None

Tested Software and Security Update Download Locations:

http://www.microsoft.com/technet/security/bulletin/ms06-012.mspx

NICK ADSL UK

01-04-07, 10:22

Apple Quicktime RTSP URL Handling Buffer Overflow Vulnerability

Description:
LMH has discovered a vulnerability in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when handling RTSP URLs. This can be exploited to cause a stack-based buffer overflow via a specially crafted QTL file with an overly long (more than 256 bytes) "src" parameter (e.g. "rtsp://[any character]:[>256 bytes]").

Successful exploitation allows execution of arbitrary code and requires that the user is e.g. tricked into opening a malicious QTL file or visiting a malicious web site.

The vulnerability is confirmed in version 7.1.3.100 (Windows version) and reportedly affects both Microsoft Windows and Mac OS X versions.

Solution:
Do not open untrusted QTL files or visit untrusted web sites.

Provided and/or discovered by:
LMH

http://secunia.com/advisories/23540/

NICK ADSL UK

01-10-07, 15:31

APSB07-01 - Update available for vulnerabilities in
> versions 7.0.8 and earlier of Adobe Reader and Acrobat
>
> Originally posted: January 9, 2007
>
> Summary:
> This Security Bulletin addresses several vulnerabilities,
> including issues that have already been disclosed. An
> update is available for a cross-site scripting (XSS)
> vulnerability in versions 7.0.8 and earlier of Adobe Reader
> and Acrobat that could allow remote attackers to inject
> arbitrary JavaScript into a browser session. This
> vulnerability, previously reported in APSA07-01 on January
> 4, 2007, has been assigned a moderate severity rating. In
> addition, critical vulnerabilities have been identified in
> versions 7.0.8 and earlier of Adobe Reader and Acrobat that
> could allow an attacker who successfully exploits these
> vulnerabilities to take control of the affected system.
>
> Severity Rating:
> Adobe categorizes this issue as critical:
http://direct.adobe.com/r?xJcJqcTEJJHcEccPvTnn

> Adobe recommends that users apply this update to their
> installations. Learn more:
http://direct.adobe.com/r?xJcJqcTEJJHWEccPvTTJ

NICK ADSL UK

01-18-07, 17:30

Microsoft Security Bulletin Re-Releases
Issued: January 18, 2007
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS07-002

Bulletin Information:
=====================

* MS07-002

- http://www.microsoft.com/technet/security/...n/ms07-002.mspx (http://www.microsoft.com/technet/security/bulletin/ms07-002.mspx)
- Reason for Revision: Bulletin has been revised and re-released
for Microsoft Excel 2000 to address the issues identified in
Microsoft Knowledge Base Article 931183.
- Originally posted: January 9, 2007
- Updated: January 18, 2007
- Bulletin Severity Rating: Critical
- Version: 2.0

********************************************************************

NICK ADSL UK

01-25-07, 06:31

Malware designed to steal users' Windows Live Messenger password has been released onto the net. The password stealer was released for download via BitTorrent earlier this week by a hacker using the handle "Our Godfather".

The malware comes in the form of an IMB download confirmed by anti-virus firm Sophos as containing a password-stealing Trojan horse. Victims would need to be tricked into downloading and executing the malware, which might be renamed in a bid to disguise its identity, in order for the exploit to work.

http://www.theregister.co.uk/2007/01/23/msn_password_stealer/

NICK ADSL UK

02-04-07, 18:24

Microsoft Security Advisory (932553)
Vulnerability in Microsoft Office Could Allow Remote Code Execution
Published: February 2, 2007

Microsoft is investigating new public reports of very limited Microsoft Excel “zero-day” attacks using a vulnerability in Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, and Microsoft Office 2004 for Mac

In order for this attack to be carried out, a user must first open a malicious Office file attached to an e-mail or otherwise provided to them by an attacker.

While we are currently only aware that Excel is the current attack vector, other Office applications are potentially vulnerable.

As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability.

Microsoft intends to actively share information with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks.

Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.

International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

http://www.microsoft.com/technet/security/advisory/932553.mspx

NICK ADSL UK

02-09-07, 16:41

Panda has issued an Orange Alert (MEDIUM RISK) for this new email worm that uses the theme of Love in it's subject field. Attachments are EXE files disguised as greeting cards or post cards, and this virus can be easily avoided

Nurech.A email worm - Panda issues MEDIUM RISK alert

http://www.pandasoftware.com/com/virus_info/encyclopedia/overview.aspx?IdVirus=149000

http://www.pandasoftware.com/about/press/viewNews.htm?noticia=8234

NICK ADSL UK

02-24-07, 16:16

Mozilla Firefox Multiple Vulnerabilities

Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
System access
Where: From remote
Solution Status: Vendor Patch

Software: Mozilla Firefox 1.x
Mozilla Firefox 2.0.x

Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, gain knowledge of sensitive information, and potentially compromise a user's system.

1) An error in the handling of the "locations.hostname" DOM property can be exploited to bypass certain security restrictions.

For more information:
SA24175

2) An integer underflow error in the Network Security Services (NSS) code when processing SSLv2 server messages can be exploited to cause a heap-based buffer overflow via a certificate with a public key too small to encrypt the "Master Secret".

Successful exploitation may allow execution of arbitrary code.

NOTE: Support for SSLv2 is disabled in Firefox 2.x. This version is only vulnerable if user has modified hidden internal NSS settings to re-enable SSLv2 support.

3) It is possible to conduct cross-site scripting attacks against sites containing a frame with a "data:" URI as source.

Successful exploitation requires that a user is tricked into visiting a malicious website and opening a blocked popup.

4) It is possible to open windows containing local files thereby stealing the contents when the full path of a locally saved file containing malicious script code is known. This can be exploited in combination with a flaw in the seeding of the pseudo-random number generator causing downloaded files to be saved to temporary files with a somewhat predictable name.

Successful exploitation requires that a user is tricked into visiting a malicious website and opening a blocked popup.

5) Browser UI elements like the host name and security indicators can be spoofed using a specially crafted custom cursor and manipulating the CSS3 hotspot property.

6) It may be possible to gain knowledge of sensitive information from a website due to an error resulting in two web pages colliding in the disk cache thereby potentially appending part of one document to the other.

Successful exploitation requires that a user is tricked into visiting a malicious website while visiting the target website.

7) Various errors in the Mozilla parser when handling invalid trailing characters in HTML tag attribute names and during processing of UTF-7 content when child frames inherit the character set of its parent window can be exploited to conduct cross-site scripting attacks.

8) A vulnerability in the Password Manager may be exploited to conduct phishing attacks.

For more information:
SA23046

9) Multiple memory corruption errors exist in the layout engine, JavaScript engine, and in SVG. Some of these may be exploited to execute arbitrary code on a user's system.

Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/

Solution:
Update to version 2.0.0.2 or 1.5.0.10.

NICK ADSL UK

02-28-07, 16:33

Microsoft just released a Windows Vista Patch.Update for Windows Vista for x64-based Systems (KB929451)

A client computer that is running Windows Vista registers an old IP address when the GUID of a network adapter changes

When the GUID of a network adapter changes on a client computer that is running Windows Vista, the computer registers an old IP address that was associated with the old GUID.

The client computer also registers new IP addresses that are associated with the new GUID. However, because the client computer registers old IP addresses, another client computer may try to use the old IP address. If the old address is not valid, a connection failure may occur.

Update for Windows Vista for x64-based Systems (KB929451)
http://www.microsoft.com/downloads/info.aspx?na=22&p=3&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=&u=%2fdownloads%2fdetails.aspx%3fFamilyID%3d8c328a96-f715-48a5-9d92-974e97c74165%26DisplayLang%3den

Update for Windows Vista (KB929451)
http://www.microsoft.com/downloads/info.aspx?na=22&p=2&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=&u=%2fdownloads%2fdetails.aspx%3fFamilyID%3dc585e831-41fd-40bd-8923-e542eb7a1b8a%26DisplayLang%3den

NICK ADSL UK

03-06-07, 16:51

Apple QuickTime Multiple Vulnerabilities

Secunia Advisory: SA24359
Release Date: 2007-03-06

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software: Apple QuickTime 7.x

CVE reference: CVE-2007-0711 (Secunia mirror)
CVE-2007-0712 (Secunia mirror)
CVE-2007-0713 (Secunia mirror)
CVE-2007-0714 (Secunia mirror)
CVE-2007-0715 (Secunia mirror)
CVE-2007-0716 (Secunia mirror)
CVE-2007-0717 (Secunia mirror)
CVE-2007-0718 (Secunia mirror)

Description:
Some vulnerabilities have been reported in Apple QuickTime, which potentially can be exploited by malicious people to compromise a user's system.

1) An integer overflow error exists in the handling of 3GP video files.

NOTE: This does not affect QuickTime on Mac OS X.

2) A boundary error in the handling of MIDI files can be exploited to cause a heap-based buffer overflow.

3) A boundary error in the handling of QuickTime movie files can be exploited to cause a heap-based buffer overflow.

4) An integer overflow exists in the processing of UDTA atom size values in movie files, which can be exploited to corrupt heap memory.

5) A boundary error in the handling of PICT files can be exploited to cause a heap-based buffer overflow.

6) A boundary error in the handling of QTIF files can be exploited to cause a stack-based buffer overflow.

7) An integer overflow exists in the handling of QTIF files.

8) An input validation error exists in the processing of QTIF files. This can be exploited to cause a heap corruption via a specially crafted QTIF file with the "Color Table ID" field set to "0".

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/

Solution:
Update to version 7.1.5.

Mac OS X:
http://www.apple.com/quicktime/download/mac.html

Windows:
http://www.apple.com/quicktime/download/win.html

NICK ADSL UK

03-10-07, 19:11

Gentoo Linux Security Advisory - SeaMonkey: Multiple vulnerabilities (GLSA 200703-08)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200703-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: SeaMonkey: Multiple vulnerabilities
Date: March 09, 2007
Bugs: #165555
ID: 200703-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been reported in SeaMonkey, some of which
may allow user-assisted arbitrary remote code execution.

Background
==========

The SeaMonkey project is a community effort to deliver
production-quality releases of code derived from the application
formerly known as the 'Mozilla Application Suite'.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/seamonkey < 1.1.1 >= 1.1.1
2 www-client/seamonkey-bin < 1.1.1 >= 1.1.1
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------

Description
===========

Tom Ferris reported a heap-based buffer overflow involving wide SVG
stroke widths that affects SeaMonkey. Various researchers reported some
errors in the JavaScript engine potentially leading to memory
corruption. SeaMonkey also contains minor vulnerabilities involving
cache collision and unsafe pop-up restrictions, filtering or CSS
rendering under certain conditions. All those vulnerabilities are the
same as in GLSA 200703-04 affecting Mozilla Firefox.

Impact
======

An attacker could entice a user to view a specially crafted web page or
to read a specially crafted email that will trigger one of the
vulnerabilities, possibly leading to the execution of arbitrary code.
It is also possible for an attacker to spoof the address bar, steal
information through cache collision, bypass the local file protection
mechanism with pop-ups, or perform cross-site scripting attacks,
leading to the exposure of sensitive information, such as user
credentials.

Workaround
==========

There is no known workaround at this time for all of these issues, but
most of them can be avoided by disabling JavaScript. Note that the
execution of JavaScript is disabled by default in the SeaMonkey email
client, and enabling it is strongly discouraged.

Resolution
==========

Users upgrading to the following release of SeaMonkey should note that
the corresponding Mozilla Firefox upgrade has been found to lose the
saved passwords file in some cases. The saved passwords are encrypted
and stored in the 'signons.txt' file of ~/.mozilla/ and we advise our
users to save that file before performing the upgrade.

All SeaMonkey users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.1"

All SeaMonkey binary users should upgrade to the latest version:

http://www.net-security.org/advisory.php?id=7287

NICK ADSL UK

03-20-07, 11:35

F-Secure have seen a new attack using an insecure feature of QuickTime called HREF Tracks. The sample Quicktime file will download & execute a spying JavaScript from a site.

QUOTE
The said script collects MySpace information from the user which includes username, friendID, MySpace display name, and other logins of the user and sends this information back to the tracking server - profileawareness.com

http://www.f-secure.com/weblog/archives/archive-032007.html#00001144

NICK ADSL UK

03-24-07, 16:58

Mozilla Releases Security Advisory to Address a Vulnerability in Client Products
added March 21, 2007

Mozilla has released Security Advisory 2007-11 to address a vulnerability in Firefox and SeaMonkey.

US-CERT strongly encourages users to upgrade to Firefox 2.0.0.3 as soon as possible.

http://www.us-cert.gov/current/current_activity.html#gozi

Gozi Trojan Targets Microsoft Internet Explorer Vulnerabilities
added March 22, 2007

SecureWorks recently issued a report detailing their findings of a Russian Trojan program called Gozi that is responsible for stealing user account and password information from more than 5,200 hosts and 10,000 user accounts. The Trojan is reportedly spread via IE browser exploits and has primarily targeted infected home computers. To read the full report, visit SecureWorks.

While new and sophisticated exploits can be difficult to defend against, US-CERT encourages users to take the following preventative measures to help mitigate browser-based security risks:
Install anti-virus software, and keep its virus signature files up-to-date.
Review the Securing Your Web Browser document.

http://www.us-cert.gov/current/current_activity.html#gozi

NICK ADSL UK

03-25-07, 16:48

Microsoft Windows Vista Windows Mail Local File Execution Vulnerability

Bugtraq ID: 23103
Class: Design Error
CVE:
Remote: Yes
Local: No
Published: Mar 23 2007 12:00AM
Updated: Mar 23 2007 09:13PM
Credit: Kingcope is credited with the discovery of this issue.
Vulnerable: Microsoft Windows Vista Ultimate
Microsoft Windows Vista Home Premium
Microsoft Windows Vista Home Basic
Microsoft Windows Vista Enterprise
Microsoft Windows Vista Business
http://www.securityfocus.com/bid/23103/info

NICK ADSL UK

03-29-07, 18:13

Microsoft Security Advisory (935423)
Vulnerability in Windows Animated Cursor Handling
Published: March 29, 2007

Microsoft is investigating new public reports of targeted attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker.

As a best practice, users should always exercise extreme caution when opening or viewing unsolicited emails and email attachments from both known and unknown sources.Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability.Microsoft intends to actively share information with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks.Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This will include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.

http://www.microsoft.com/technet/security/advisory/935423.mspx

NICK ADSL UK

04-10-07, 17:15

Attention AVG 7.0/7.1 users

A recent AVG update can cause problems for users still using outdated versions of AVG (version 7.0 or 7.1), or if AVG Free was previously used on the same computer. Symptoms can vary from an incorrect state of some AVG components, to errors during running tests, causing AVG to unexpectedly close. Detailed description of these symptoms and information on how to correctly solve this problem is available at the Support section, topic no. 545.
- April 10th, 2007 -

http://www.grisoft.com/doc/faq/us/crp/0?num=545#faq_545

NICK ADSL UK

04-13-07, 07:36

Microsoft Security Advisory (935964)
Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution.
Published: April 12, 2007

Microsoft is investigating new public reports of a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as these versions do not contain the vulnerable code.

Microsoft’s initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM.

Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1-866-PCSAFETY). International customers can use any method found at this location: http://support.microsoft.com/security

International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

http://www.microsoft.com/technet/security/advisory/935964.mspx

NICK ADSL UK

04-14-07, 02:52

Microsoft Security Advisory (935964)
Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution.
Published: April 12, 2007 | Updated: April 13, 2007

Microsoft is investigating new public reports of a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as these versions do not contain the vulnerable code.

Microsoft’s initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM.

Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1-866-PCSAFETY). International customers can use any method found at this location: http://support.microsoft.com/security

International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

Revisions:
•

April 12, 2007: Advisory published.
•

April 13, 2007: Advisory updated to include additional details about Windows Small Business Server. Mitigations also updated to include additional information regarding the affected network port range and firewall configuration. Additional details also provided for registry key mitigation values.

NICK ADSL UK

04-20-07, 07:11

VULNERABILITY ALERT:
Microsoft Windows DNS Server RPC interface remote code execution vulnerability
RISK LEVEL: High

On Friday, April 20, 2007 , the CA Security Advisory Team is issuing an alert regarding a high risk level vulnerability threat called Microsoft Windows DNS Server RPC interface remote code execution vulnerability.

For more information, including our remediation steps, please visit our detail page.
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35234

This is an update to last weeks publication

Revisions:

• April 12, 2007: Advisory published.

• April 13, 2007: Advisory updated to include additional details about Windows Small Business Server. Mitigations also updated to include additional information regarding the affected network port range and firewall configuration. Additional details also provided for registry key mitigation values. .

• April 15, 2007: Advisory “Suggested Actions” section updated to include additional information regarding TCP and UDP port 445 and the 15 character computer name known issue.

• April 16, 2007: Advisory updated: Ongoing monitoring indicates that we are seeing a new attack that is attempting to exploit this vulnerability.

• April 19, 2007: Advisory updated: To provide information on Windows Live OneCare malware detection capability and to clarify that the registry key workaround provides protection to all attempts to exploit this vulnerability. Advisory also updated to provide additional data regarding exploitability through port 139.

http://www.microsoft.com/technet/security/advisory/935964.mspx

NICK ADSL UK

04-24-07, 06:20

Apple QuickTime Java Handling Unspecified Code Execution

Secunia Advisory: SA25011
Release Date: 2007-04-24

Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: Apple Quicktime 3.x
Apple Quicktime 4.x
Apple Quicktime 5.x
Apple Quicktime 6.x
Apple QuickTime 7.x

Description:
A vulnerability has been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error within the Java handling in QuickTime. This can be exploited to execute arbitrary code when a user visits a malicious web site using a Java-enabled browser e.g. Safari or Firefox.

The vulnerability is reported on a Mac OS X system using Safari and Firefox. Other browsers and platforms may also be affected.

Solution:
Disable Java support.

Do not browse untrusted websites.

Provided and/or discovered by:
Dino Dai Zovi

Original Advisory:
Matasano:
http://www.matasano.com/log/812/break...n-quicktime-affects-win32-apple-code/

http://secunia.com/advisories/25011/

NICK ADSL UK

04-30-07, 09:04

----------------------------------------------------------------------
Adobe Products PNG.8BI PNG File Handling Buffer Overflow

Secunia Advisory: SA25044
Release Date: 2007-04-30

Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Photoshop Elements 5.x

Description:
Marsu has discovered a vulnerability in various Adobe Products, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the PNG.8BI Photoshop Format Plugin when handling PNG files. This can be exploited to cause a stack-based buffer overflow via a specially crafted PNG file.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in Adobe Photoshop CS2 and Adobe Photoshop Elements (Editor) version 5.0 for Windows and reportedly affects Adobe Photoshop CS3.

Solution:
Do not open untrusted PNG files.

Provided and/or discovered by:
Marsu

Original Advisory:
http://milw0rm.com/exploits/3812

http://secunia.com/advisories/25044/

NICK ADSL UK

05-05-07, 07:34

Windows Genuine Advantage Phished;We don't have to pay to "activate" a copy of Windows
Windows Genuine Advantage Phished;We don't have to pay to "activate" a copy of Windows

Symantec is warning users of the new trojan horse that phished Microsoft's Windows Genuine Advantage.

Users should KNOW that activating a copy of Windows is free (online activation or using some toll-free numbers).

If ever you see got that Windows asking for credit card information to activate the copy of Windows, DO NOT enter your credit card details. Run a scan using antivirus or antimalware program. You're maybe infected with Trojan.Kardphisher!

More info can be found here
http://www.symantec.com/enterprise/security_response/weblog/2007/05/ms_needs_your_credit_card_deta.html

NICK ADSL UK

05-08-07, 02:43

Vulnerability Summary for the Week of April 30, 2007" in forum "Vulnerabilities / Advisories".

----------------------------------------------------------------------
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.

High Vulnerabilities:

Adobe -- Photoshop
Adobe -- Photoshop Elements
Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements 5.0, allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.

Cerulean Studios -- Trillian Pro
Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding.

Cerulean Studios -- Trillian Pro
Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string.

Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.

MicroWorld Technologies -- eScan
The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.

Sun -- JRE
Sun -- SDK
Sun -- Java Enterprise System
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

Symantec -- LiveState Recovery
Symantec -- Ghost
Symantec -- BackupExec System Recovery
Symantec -- Norton Save & Recovery
Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string.

More at http://www.us-cert.gov/cas/bulletins/SB07-127.html

NICK ADSL UK

05-12-07, 04:19

ClamAV OLE2 Parser Denial of Service" in forum "Vulnerabilities / Advisories".

----------------------------------------------------------------------
Affected Software:
Clam AntiVirus (clamav) 0.x
ClamWin Free Antivirus 0.x
ClamXav 1.x

Description:
Victor Stinner has reported a vulnerability in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the OLE2 parser when handling objects with malformed FAT partitions and large property sizes. This can be exploited to cause a DoS due to storage and CPU resource consumption by scanning a specially crafted OLE2 file.

Solution: There is no known solution at this time.
http://secunia.com/advisories/25244/

----------------------------------------------------------------------

NICK ADSL UK

05-16-07, 02:52

"Vulnerability Summary for the Week of May 7, 2007" in forum "Vulnerabilities / Advisories".

----------------------------------------------------------------------
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.

High Vulnerabilities:

Computer Associates -- eTrust Integrated Threat Management
Computer Associates -- eTrust PestPatrol
Computer Associates -- eTrust EZ Antivirus
Stack-based buffer overflow in the Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via unspecified vectors involving login authentication credentials.

McAfee -- SecurityCenter Agent
McAfee -- VirusScan
McAfee -- SecurityCenter
Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument.

Microsoft -- Exchange Server
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.

Microsoft -- Office
Microsoft -- Excel
Microsoft -- Excel Viewer
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.

Microsoft -- Exchange Server
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".

Microsoft -- CAPICOM
Microsoft -- BizTalk Server
Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."

Microsoft -- Internet Explorer
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls", which allows remote attackers to execute arbitrary code via a crafted COM object.

Microsoft -- Internet Explorer
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."

Microsoft -- Word
Microsoft -- Works Suite
Microsoft Word 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text properties, which allows user-assisted remote attackers to trigger memory corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."

Nokia -- Intellisync Mobile Suite
Nokia -- Intellisync Wireless Email Express
Nokia -- Groupwise Mobile Server
usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action.

Trend Micro -- ServerProtect
Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll.

More at http://www.us-cert.gov/cas/bulletins/SB07-134.html
----------------------------------------------------------------------

NICK ADSL UK

05-22-07, 16:35

Opera Browser Security Release - v9.21 Available, Please upgrade to latest version

Changes Since Opera 9.20
User Interface
New shortcut 'ya' for searching with Yahoo! Answers.
Scripting
The onunload event is no longer fired if a new URL is entered manually via the address bar or bookmarks.
Fixed a bug where User JavaScript on HTTPS would keep prompting to be allowed to run on a page.
Fixed a crash caused by long object descendant property chains in JavaScript.
Security
Fixed a buffer overflow with malformed torrents, as reported by iDefense. See the advisory.
Miscellaneous
Stability fix for torrents.
Windows specific
Fixed support for the WMP for Firefox plug-in.
Corrected plug-in paths.
PAC (Proxy Auto-Config) setting is now read from system.

http://www.opera.com/download/

NICK ADSL UK

05-28-07, 15:43

Apple has released Security Update 2007-005 to fixed vulnerabilities in several Apple components mentioned in below bulletin/advisory:

http://docs.info.apple.com/article.html?artnum=305530
http://docs.info.apple.com/article.html?artnum=61798

NICK ADSL UK

05-30-07, 12:28

"F-Secure Anti-Virus Products Code Execution and DoS Vulnerabilities" in forum "Vulnerabilities / Advisories".

----------------------------------------------------------------------
Multiple vulnerabilities have been identified in various F-Secure Anti-Virus products, which could be exploited by attackers or malware to take complete control of an affected system or cause a denial of service.

The first issue is caused by a buffer overflow error when processing malformed LHA archives, which could be exploited by attackers to execute arbitrary commands by tricking a system protected by a vulnerable application to scan a malicious file.

The second vulnerability is caused by an infinite loop when handling malformed archives or packed executables, which could be exploited by attackers to crash a vulnerable application, creating a denial of service condition.

The third issue is caused due to improper access validation of the address space used by the Real-time Scanning component, which could be exploited by malicious local attackers to obtain elevated privileges via a specially crafted IRP (I/O request packet).

Affected Products

F-Secure Anti-Virus for Workstations version 5.44 and prior
F-Secure Anti-Virus for Windows Servers version 5.52 and prior
F-Secure Anti-Virus for Citrix Servers version 5.52
F-Secure Anti-Virus for MIMEsweeper version 5.61 and prior
F-Secure Anti-Virus Client Security version 6.03 and prior
F-Secure Anti-Virus for MS Exchange version 6.40 and prior
F-Secure Internet Gatekeeper version 6.60 and prior
F-Secure Internet Security 2005
F-Secure Internet Security 2006
F-Secure Internet Security 2007
F-Secure Anti-Virus 2005
F-Secure Anti-Virus 2006
F-Secure Anti-Virus 2007
F-Secure Protection Service for Consumers version 6.40 and prior
F-Secure Anti-Virus for Linux Servers version 4.65 and prior
F-Secure Anti-Virus for Linux Gateways version 4.65 and prior
F-Secure Anti-Virus Linux Client Security 5.30 and prior
F-Secure Anti-Virus Linux Server Security 5.30 and prior
F-Secure Internet Gatekeeper for Linux 2.16 and prior

Solution

Apply patches :
http://www.f-secure.com/security/fsc-2007-1.shtml
http://www.f-secure.com/security/fsc-2007-2.shtml
http://www.f-secure.com/security/fsc-2007-3.shtml

References

http://www.frsirt.com/english/advisories/2007/1985
http://www.f-secure.com/security/fsc-2007-1.shtml
http://www.f-secure.com/security/fsc-2007-2.shtml
http://www.f-secure.com/security/fsc-2007-3.shtml

NICK ADSL UK

06-06-07, 06:22

"Symantec Product Advisory: SYM07-013" in forum "Vulnerabilities / Advisories".

----------------------------------------------------------------------
SYM07-013 - Multiple Symantec Ghost Solution Suite Vulnerabilities
Multiple denial of service vulnerabilities have been identified in Symantec Ghost Solution Suite.

Affected Products: Symantec Ghost Solution Suite 2.0.0 and earlier

Three remote denial of service vulnerabilities have been identified in Symantec Ghost Solution Suite. All three vulnerabilities affect both the client and server daemons. Each vulnerability is triggered by sending a malformed UDP Packet to ether the client or server daemon.

Symantec response
Symantec has released updates for all supported 2.0.0 versions of Symantec Ghost Solution Suite. These updates are available through LiveUpdate.

Symantec has released the following downloadable updates for all supported 1.1 version of Symantec Ghost Solution Suite.

Download the updates from: http://securityresponse.symantec.com/avcenter/security/Content/2007.06.05b.html

NICK ADSL UK

06-06-07, 08:28

Bogus offer claims forwarding chain letter will glean hundreds of pounds in vouchers

IT security and control firm Sophos is warning computer users not to be duped by enticing email offers, following the rapid spread of a spoof chain-mail, allegedly sent by UK high street supermarket Marks and Spencer, in conjunction with Persimmon Homes.

The email promises at least £100 worth of M&S vouchers in return for forwarding the message on to at least eight people, and copying in a legitimate email address at British housebuilding firm Persimmon Homes. However, neither Marks and Spencer nor Persimmon Homes has endorsed the email and both advise recipients to delete it immediately.

http://www.sophos.com/pressoffice/news/articles/2007/06/markschain.html

NICK ADSL UK

06-07-07, 15:21

Yahoo! Messenger Two ActiveX Controls Buffer Overflows" in forum "Vulnerabilities / Advisories".

----------------------------------------------------------------------
Affected Software: Yahoo! Messenger 8.x

Description: Danny has discovered two vulnerabilities in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.

1) A boundary error within the Yahoo! Webcam Upload (ywcupl.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the "Server" property and then calling the "Send()" method.

2) A boundary error within the Yahoo! Webcam Viewer (ywcvwr.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the "Server" property and then calling the "Receive()" method.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

The vulnerabilities are confirmed in version 8.1.0.249. Other versions may also be affected.

Solution: Set the kill-bit for the affected ActiveX controls.

http://secunia.com/advisories/25547/

NICK ADSL UK

06-22-07, 17:41

Fake Adobe Shockwave Player download page!,
This is just a heads up that when your surfing and a box should pop up saying that you need the Adobe Shockwave Player to view something or to play a game that you should always get these updates either direct from here or the authors website only as there are many bogus links going around at this time which will download malware instead so do be careful

NICK ADSL UK

07-08-07, 04:41

Yahoo! Messenger 8.1 Unspecified Remote Buffer Overflow Vulnerability" in forum "Vulnerabilities / Advisories".

----------------------------------------------------------------------
Yahoo! Messenger is prone to an unspecified buffer-overflow vulnerability. The software purportedly fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.

Yahoo! Messenger version 8.1 is reportedly vulnerable to this issue.

WabiSabiLabi is offering this vulnerability for auction. It was discovered by an unknown researcher.

http://www.securityfocus.com/bid/24784/info

NICK ADSL UK

07-10-07, 03:31

"Windows Vista Kernel Unspecified Remote Denial Of Service Vulnerability"

----------------------------------------------------------------------
Microsoft Windows Vista is prone to an unspecified remote denial-of-service vulnerability.

Attackers may exploit this issue to crash the affected operating system, denying further service to legitimate users. Remote code-execution may be possible, but this has not been confirmed.

Vulnerable:
Microsoft Windows Vista x64 Edition 0
Microsoft Windows Vista December CTP
Microsoft Windows Vista Ultimate
Microsoft Windows Vista Home Premium
Microsoft Windows Vista Home Basic
Microsoft Windows Vista Enterprise
Microsoft Windows Vista Business
Microsoft Windows Vista beta 2
Microsoft Windows Vista Beta 1
Microsoft Windows Vista Beta
Microsoft Windows Vista 0

http://www.securityfocus.com/bid/24816/info

NICK ADSL UK

07-10-07, 17:41

Adobe Security Bulletins:
- Flash Player Update available to address security vulnerabilities
- Photoshop CS2 and CS3 updates available to address security vulnerabilities ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

APSB07-12 - Flash Player Update available to address security vulnerabilities

Originally posted: July 10, 2007

Summary:
Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform.

Severity Rating:
Adobe categorizes this update as critical:
http://www.adobe.com/support/security/severity_ratings.html

Adobe recommends that users apply this update to their installations. Learn more:
http://www.adobe.com/support/security/bulletins/apsb07-12.html

NICK ADSL UK

07-12-07, 06:49

Symantec released 5 Security Advisories"

----------------------------------------------------------------------
SYM07-015 - Symantec Backup Exec for Windows Server: RPC Interface Heap Overflow, Denial of Service
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11a.html

SYM07-016 - Symantec Client Security Internet E-mail Auto-Protect Stack Overflow
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html

SYM07-017 - Symantec AntiVirus Corporate Edition Local Elevation of Privilege
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11c.html

SYM07-018 - Symantec SYMTDI.SYS Device Driver Local Elevation of Privilege
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html

SYM07-019 - Symantec AntiVirus Malformed RAR and CAB Compression Type Bypass
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html

Please read the advisories and their response to the issue.

NICK ADSL UK

07-13-07, 09:16

AVG Anti-Virus "AVG7CORE.SYS " Driver IOCTL Privilege Escalation Vulnerability"

----------------------------------------------------------------------
A vulnerability has been identified in AVG Anti-Virus, which could be exploited by local attackers to obtain elevated privileges. This issue is caused due to improper address space validation within the "AVG7CORE.SYS" driver when processing IOCTL 0x5348E004, which could be exploited by malicious users to overwrite arbitrary kernel memory addresses and execute code with elevated privileges.

Affected Products
AVG Anti-Virus Free versions 7.x
AVG Anti-Virus Professional Edition versions 7.x

Solution
Upgrade to the latest version :
http://www.grisoft.com/doc/32/us/crp/0

NICK ADSL UK

07-15-07, 17:12

Internet Explorer OnBeforeUnload Javascript Browser Entrapment Vulnerability

----------------------------------------------------------------------
Affected Software:
Microsoft Internet Explorer 7.0
+ Microsoft Windows Vista Ultimate
+ Microsoft Windows Vista Ultimate
+ Microsoft Windows Vista Home Premium
+ Microsoft Windows Vista Home Premium
+ Microsoft Windows Vista Home Basic
+ Microsoft Windows Vista Home Basic
+ Microsoft Windows Vista Enterprise
+ Microsoft Windows Vista Enterprise
+ Microsoft Windows Vista Business
+ Microsoft Windows Vista Business
+ Microsoft Windows Vista 0
+ Microsoft Windows Vista 0
+ Microsoft Windows Vista 0

Microsoft Internet Explorer is prone to a vulnerability that allows attackers to trap users at a particular webpage and spoof page transitions.

Attackers may exploit this via a malicious page to spoof the contents and origin of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing.

Internet Explorer 7 is vulnerable to this issue; other versions may also be affected.

http://www.securityfocus.com/archive/1/473702
http://www.securityfocus.com/bid/24911/discuss
----------------------------------------------------------------------

NICK ADSL UK

07-17-07, 03:21

Yahoo! Messenger Address Book Remote Buffer Overflow Vulnerabilitiy

----------------------------------------------------------------------
Yahoo! Messenger is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the application or to cause denial-of-service conditions.

Versions 8.1 and prior are vulnerable.

http://www.securityfocus.com/bid/24926/discuss
----------------------------------------------------------------------

NICK ADSL UK

08-03-07, 15:48

Sun Java System Web Server Multiple HTTP Redirect Vulnerabilities"

----------------------------------------------------------------------
Sun Java System Web Server Multiple HTTP Redirect Vulnerabilities

Sun Java System Web Server is prone to multiple HTTP redirect related vulnerabilities. The vulnerabilities include HTTP response splitting, HTTP header injection, and unauthorized access to system resources.

An attacker may exploit the HTTP response splitting vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

Attackers typically exploit HTTP header injection issues to inject arbitrary cookie attributes into a session cookie. Since session IDs are usually stored in cookie form, an attacker can inject arbitrary cookie data
attributes into a session cookie and this may enable a variety of attacks upon active web sessions.

Solution:
The vendor has released service packs and updates to address these issues. Please see the references for more information.

Sun Java System Web Server 7.0
Sun Sun Java System Web Server 7.0 Update 1
http://www.sun.com/download/products.xml?id=467713d6

Sun Java System Web Server 6.1 SP7
Sun Sun Java System Web Server 6.1 SP8
http://www.sun.com/download/products.xml?id=4694392a

NICK ADSL UK

08-07-07, 09:37

Microsoft Windows Explorer JPG File Denial of Service Vulnerability

----------------------------------------------------------------------
Microsoft Windows Explorer JPG File Denial of Service Vulnerability

Microsoft Windows Explorer is prone to a denial-of-service vulnerability.

An attacker could exploit this issue to cause Explorer to crash, effectively denying service. Arbitrary code execution may be possible, but this has not been confirmed.

This issue affects Windows Explorer on Microsoft Windows XP; other operating systems and versions may also be affected.

http://www.securityfocus.com/bid/25207/info
----------------------------------------------------------------------

NICK ADSL UK

08-09-07, 13:17

BOClean 4.25 Critical Upgrade
Operating Systems

* Windows For Workgroups 3.11 (Win32s required)
* Windows 95, 95A, 95B, 95C (Winsock 2 required)
* Windows 98, 98SE
* Windows ME
* Windows NT4 (SP2+ required)
* Windows 2000
* Windows Server 2003
* Windows XP (any, including 64)
* Windows Longhorn Server
* Windows Vista (any, including 64)

IMPORTANT:

1. If you already have a copy of any earlier BOClean on your machine, UNINSTALL it first! If you have BOClean running on the tray bar, right click it, select "shut down BOClean". Should you forget to do this the remover will complain and tell you to do so. There is no harm done if the old BOClean were to be left running, however you'll have two BOCleans running and that will waste resources. The two will not interfere with one another, but you only require one.

BOClean 4.25 Critical Upgrade

A buffer overflow vulnerability has been discovered by our QA team in Comodo in ALL existing versions of BOClean which can possibly be exploited. Therefore we have brought out this version. Please upgrade your copies to this one if you have not already done so.

http://www.majorgeeks.com/Comodo_BOClean_Anti-Malware_d5616.html

NICK ADSL UK

08-16-07, 10:11

Zero-day vulnerability in Yahoo Messenger"

----------------------------------------------------------------------
Zero-day vulnerability in Yahoo Messenger

A security vulnerability in Yahoo Messenger allows attackers to inject malicious code into a user's computer. The zero-day vulnerability, reported in McAfee's security blog, can be exploited by attackers using specially crafted invitations to webcam sessions.

According to McAfee, the vulnerability stems from a heap based buffer overflow and affects Version 8.1.0.413 of the Yahoo Messenger. The company gives no further details. The antivirus vendor has informed Yahoo about the vulnerability. Until an updated version of the Messenger is released, McAfee recommends rejecting webcam invitations from unknown senders. They also advise that, until the update is available, administrators should block outgoing traffic to TCP port 5100 in the firewall through which the Messenger conducts webcam sessions.

http://www.heise-security.co.uk/news/94443

NICK ADSL UK

08-28-07, 13:28

MSN Messenger Video Conversation Buffer Overflow Vulnerability"

----------------------------------------------------------------------
MSN Messenger Video Conversation Buffer Overflow Vulnerability

Secunia Advisory: SA26570
Release Date: 2007-08-28

Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: Microsoft MSN Messenger 6.x
Microsoft MSN Messenger 7.x

Description:
wushi has reported a vulnerability in MSN Messenger, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the handling of video conversations and can be exploited to cause a heap-based buffer overflow via specially crafted data sent to a user.

Successful exploitation may allow execution of arbitrary code, but requires that the victim accepts the incoming Web Cam invitation.

The vulnerability is reported in version 7.x. Other versions may also be affected.

Solution:
No fix is available for 7.x versions and prior. Users are encouraged to upgrade to Windows Live Messenger 8.1 or later, which is not affected by the vulnerability.

Do not accept untrusted Web Cam sessions.

http://secunia.com/advisories/26570/
----------------------------------------------------------------------

NICK ADSL UK

09-03-07, 12:23

Yahoo! battered by second ActiveX vulnerability

----------------------------------------------------------------------
Yahoo! battered by second ActiveX vulnerability

Upgrade averts code catastrophe
By John Leyden → More by this author
Published Monday 3rd September 2007 09:16 GMT

Yahoo! users are urged to upgrade their instant messaging software following the discovery of a brace of security vulnerabilities - the second set of serious security flaws involving Yahoo! Messenger in as many weeks.

The latest security bugs both stem from stack-based buffer overflow flaws in the YVerInfo.dll ActiveX control. Successful exploitation, which is far from straightforward, creates a means for hackers to inject hostile code onto systems running vulnerable versions of Yahoo! Messenger.

In order to exploit the bugs, hackers would need to establish a malicious web page in the yahoo.com domain, which might be done by methods such as a cross-site scripting vulnerability or by manipulating DNS resolution, security notification firm Secunia reports.

The vulnerabilities affect versions of Yahoo! Messenger 8.x prior to version 8.1.0.419, released late last week. Users are urged to upgrade.

More background can be found in security advisories from Yahoo! (here) and iDefense (here), the firm that discovered the bug.

Last month security researchers identified an even more serious bug - again involving a dodgy ActiveX control - that meant users were exposed to attack providing they accepted a webcam invite from a hacker. ®

http://www.theregister.com/2007/09/03/yahoo_activex_vuln/
----------------------------------------------------------------------

NICK ADSL UK

09-06-07, 16:13

Apple iTunes Music File Buffer Overflow Vulnerability

----------------------------------------------------------------------
Apple iTunes Music File Buffer Overflow Vulnerability

Secunia Advisory: SA26725
Release Date: 2007-09-06

Critical: Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

Software: iTunes 4.x
iTunes 5.x
iTunes 6.x
iTunes 7.x

CVE reference: CVE-2007-3752 (Secunia mirror)

Description:
A vulnerability has been reported in Apple iTunes, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified boundary error when processing album cover art. This can be exploited to cause a buffer overflow via a specially crafted music file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 7.4.

Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/

Solution:
Update to version 7.4.

iTunes 7.4 for Mac:
http://www.apple.com/support/downloads/itunes74formac.html

iTunes 7.4 for Windows:
http://www.apple.com/support/downloads/itunes74forwindows.html

Provided and/or discovered by:
The vendor credits David Thiel, iSEC Partners

Original Advisory:
http://docs.info.apple.com/article.html?artnum=306404

http://secunia.com/advisories/26725/
----------------------------------------------------------------------

NICK ADSL UK

09-18-07, 03:56

OpenOffice TIFF File Parser Buffer Overflow Vulnerability

----------------------------------------------------------------------
OpenOffice TIFF File Parser Buffer Overflow Vulnerability

OpenOffice is prone to a remote heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Remote attackers may exploit this issue by enticing victims into opening maliciously crafted TIFF files.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

http://www.securityfocus.com/bid/25690/info

NICK ADSL UK

10-05-07, 09:15

After being notified by heise Security, Skype silently fixed a security problem in the handling of special URLs by releasing an updated version 3.5.0.239. Other programs such as Adobe's Acrobat Reader, the Netscape browser, and the Miranda Instant Messenger still launch arbitrary programs when special URLs containing the % character are clicked on. In doing so, they may allow spyware to be installed on the user's system. The developers of Mozilla have at least temporarily remedied a similar problem in Firefox.

The Mozilla team categorized the vulnerability as critical, released a dedicated security advisory, and provided users with a patched version via the update function. In contrast, Skype just published a minor update and mentioned "bugfix: Links with invalid % encodings were executed" in the Release Notes, which normal users will never see. Skype users are therefore advised to install the latest version by themselfs. The procedure is quite simple: simply click on "Help/Check for updates".

READ MORE HERE:

http://www.heise-security.co.uk/news/96982

NICK ADSL UK

10-07-07, 17:48

QuickTime Pro v.7.2.0.245 Released
10/03/2007

Security Update for QuickTime 7.2
This update is recommended for all users and improves the security of QuickTime 7.2.
Download: QuickTime 7.2.0.245

http://www.apple.com/support/downloads/securityupdateforquicktime72forwindows.html

NICK ADSL UK

10-10-07, 16:48

Patch available for PageMaker buffer overflow vulnerability
Release date: October 9, 2007

Vulnerability identifier: APSB07-15

CVE number: CVE-2007-5169

Platform: Windows

Affected software versions: PageMaker 7.0.1 and PageMaker 7.0.2

SummaryA critical vulnerability has been identified in Adobe PageMaker 7.0.1 and PageMaker 7.0.2 that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. It is recommended that users update their installations using the instructions provided below.

SolutionAdobe recommends PageMaker 7.0.1 and PageMaker 7.0.2 users update their installations using the instructions below:

Download the zip file.
Exit PageMaker.
Browse to the PageMaker installation directory (default is \Program Files\Adobe\PageMaker 7.0\).
Expand the zip file and overwrite the existing MAIPM6.dll file in the PageMaker installation directory.
Restart PageMaker.
http://www.adobe.com/support/security/bulletins/apsb07-15.html

NICK ADSL UK

10-11-07, 10:03

Kaspersky Online Scanner ActiveX Control Format String Vulnerabity

----------------------------------------------------------------------
Kaspersky Online Scanner ActiveX Control Format String Vulnerability

Secunia Advisory: SA27187
Release Date: 2007-10-11

Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software: Kaspersky Online Scanner 5.x

CVE reference: CVE-2007-3675 (Secunia Mirror)

Description:
A vulnerability has been reported in Kaspersky Online Scanner, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a format string error in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) when processing arguments passed to certain unspecified methods. This can be exploited to execute arbitrary code when a user e.g. visits a malicious website.

The vulnerability affects versions 5.0.93.1 and prior.

Solution:
Update to version 5.0.98.0.
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Provided and/or discovered by:
Discovered by Stephen Fewer of Harmony Security and reported via iDefense Labs.

Original Advisory:
Kaspersky:
http://www.kaspersky.com/news?id=207575572

http://secunia.com/advisories/27187/
----------------------------------------------------------------------

NICK ADSL UK

10-19-07, 09:57

Mozilla Firefox Multiple Vulnerabilities

Secunia Advisory: SA27311
Release Date: 2007-10-19

Critical: Highly critical
Impact: Spoofing
Manipulation of data
Exposure of sensitive information
DoS
System access
Where: From remote
Solution Status: Vendor Patch

Software: Mozilla Firefox 2.0.x

CVE reference:
CVE-2007-1095 (Secunia mirror)
CVE-2007-2292 (Secunia mirror)
CVE-2007-4841 (Secunia mirror)
CVE-2007-5334 (Secunia mirror)
CVE-2007-5338 (Secunia mirror)
CVE-2007-5339 (Secunia mirror)
CVE-2007-5340 (Secunia mirror)

Description:
Some vulnerabilities and a weakness have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, conduct phishing attacks, manipulate certain data, and potentially compromise a user's system.

1) Various errors in the browser engine can be exploited to cause a memory corruption.

2) Various errors in the Javascript engine can be exploited to cause a memory corruption.

Successful exploitation of these vulnerabilities may allow execution of arbitrary code.

3) An error in the handling of onUnload events can be exploited to read and manipulate the document's location of new pages.

4) Input passed to the user ID when making an HTTP request using Digest Authentication is not properly sanitised before being used in a request. This can be exploited to insert arbitrary HTTP headers into a user's request when a proxy is used.

5) An error when displaying web pages written in the XUL markup language can be exploited to hide the window's title bar and facilitate phishing attacks.

6) An error exists in the handling of "smb:" and "sftp:" URI schemes on Linux systems with gnome-vfs support. This can be exploited to read any file owned by the target user via a specially crafted page on the same server.

Successful exploitation requires that the attacker has write access to a mutually accessible location on the target server and the user is tricked into loading the malicious page.

7) An unspecified error in the handling of "XPCNativeWrappers" can lead to execution of arbitrary Javascript code with the user's privileges via subsequent access by the browser chrome (e.g. when a user right-clicks to open a context menu).

This is related to vulnerability #6 in:
SA26095

Solution:
Update to version 2.0.0.8.

NOTE: Additional fixes have been added to prevent the exploitation of a URI handling vulnerability in Microsoft Windows.

For more information:
SA26201

Provided and/or discovered by:
The vendor credits:
1) L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay, Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers
2) Igor Bukanov, Eli Friedman, and Jesse Ruderman
3) Michal Zalewski
4) Stefano Di Paola
5) Eli Friedman
6) Georgi Guninski
7) moz_bug_r_a4

Original Advisory:
Mozilla:
http://www.mozilla.org/security/announce/2007/mfsa2007-29.html
http://www.mozilla.org/security/announce/2007/mfsa2007-30.html
http://www.mozilla.org/security/announce/2007/mfsa2007-31.html
http://www.mozilla.org/security/announce/2007/mfsa2007-33.html
http://www.mozilla.org/security/announce/2007/mfsa2007-34.html
http://www.mozilla.org/security/announce/2007/mfsa2007-35.html
http://www.mozilla.org/security/announce/2007/mfsa2007-36.html

Other References:
SA26095:
http://secunia.com/advisories/26095/

http://secunia.com/advisories/27311/

NICK ADSL UK

10-22-07, 14:24

Real Player - Security Release for critical ActiveX vulnerability http://secunia.com/advisories/27248/

Solution - Apply patch for Real Player 10.5 and 11 beta VIA THE INTERNAL UPDATER

NICK ADSL UK

10-22-07, 14:41

Security bulletin for vulnerability in Adobe Reader
Security bulletin
Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat

Affected software versions: Adobe Reader 8.1 and earlier, Adobe Reader 7.0.9 and earlier
Adobe Acrobat Professional, 3D and Standard 8.1 and earlier versions, Adobe Acrobat Professional, Standard, 3D and Elements 7.0.9 and earlier

SummaryCritical vulnerabilities have been identified in Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. This issue only affects customers on Windows XP with Internet Explorer 7 installed. A malicious file must be loaded in Adobe Reader or Acrobat by the end user for an attacker to exploit these vulnerabilities. It is recommended that affected users update to Adobe Reader 8.1.1 or Acrobat 8.1.1. This is an update to resolve the issue previously reported in Security Advisory APSA07-04.

SolutionAdobe strongly recommends upgrading to Adobe Reader 8.1.1 or Acrobat 8.1.1. The Adobe Reader 8.1.1 update files can be manually downloaded and installed from
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

The Acrobat 8.1.1 update files can be downloaded and installed from
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

Microsoft may also be providing an update to resolve this issue at a later date. Please refer to Microsoft Security Advisory 943521 for more information.
http://www.microsoft.com/technet/security/advisory/943521.mspx

http://www.adobe.com/support/security/bulletins/apsb07-18.html

NICK ADSL UK

11-05-07, 16:11

QuickTime 7.3 addresses critical security issues

QuickTime 7.3 for Windows

About QuickTime 7.3 for Windows
QuickTime 7.3 addresses critical security issues and delivers:
- Updated support for creating iPhone-compatible web content
- Updated JavaScript support in the QuickTime Web Plug-in
- Numerous bug fixes
- Support for iTunes

This release is recommended for all QuickTime 7 users.

For detailed information on the security content of this update, please visit this website: www.info.apple.com/kbnum/n61798.

NICK ADSL UK

11-19-07, 11:32

Numerous media players affected by vulnerability in audio codec

That there are multiple critical vulnerabilities in the Free Lossless Audio Codec (FLAC) library has been known since September. However, until now no mention has been made concerning which products use the library and are potentially vulnerable. US-CERT has rectified this omission in an advisory that incudes a list of affected products. The list includes Cog, dBpoweramp, Foobar2000, jetAudio, PhatBox and Yahoo products (probably the Yahoo! Music Jukebox). In Winamp, the vulnerability has been fixed since version 5.5, in libFLAC since version 1.2.1.

Advertisement

Security services provider eEye has released an overview of all 14 known vulnerabilities in libFLAC parsers in a new security advisory. Almost all of these are due to buffer overflows. Many can be exploited to inject and execute code using crafted meta data in FLAC files. As well as the products named, the open source libavcodec audio codec library also uses libFLAC. The bug has not yet been fixed in this library, so that a whole raft of other products is potentially affected by this problem. These include MPlayer, VLC Media Player, GStreamer, ffdshow, xmms and xine.

Until updates are made available, users should only play FLAC files from trusted sources. To date, however, FLAC files are rarely seen in the wild. US rapper Saul Williams is one of the few artists who does offer a losslessly compressed version of his latest album "The Inevitable Rise and Liberation of NiggyTardust!" in FLAC format as a download
http://www.heise-security.co.uk/news/99108

NICK ADSL UK

11-20-07, 10:05

Vulnerability Summary for the Week of November 12, 2007

http://www.us-cert.gov/cas/bulletins/SB07-323.html

NICK ADSL UK

12-03-07, 16:42

Microsoft Security Advisory (945713)
Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure
Published: December 3, 2007

Microsoft is investigating new public reports of a vulnerability in the way Windows resolves hostnames that do not include a fully-qualified domain name (FQDN). The technology that the vulnerability affects is Web Proxy Auto-Discovery (WPAD). Microsoft has not received any information to indicate that this vulnerability has been publicly used to attack customers, and Microsoft is not aware of any customer impact at this time. Microsoft is aggressively investigating the public reports. Customers whose domain name begins in a third-level or deeper domain, such as “contoso.co.us”, or for whom the following mitigating factors do not apply, are at risk from this vulnerability.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Mitigating Factors:

• Customers who do not have a primary DNS suffix configured on their system are not affected by this vulnerability. In most cases, home users that are not members of a domain have no primary DNS suffix configured. Connection-specific DNS suffixes may be provided by some Internet Service Providers (ISPs), and these configurations are not affected by this vulnerability.

• Customers whose DNS domain name is registered as a second-level domain (SLD) below a top-level domain (TLD) are not affected by this vulnerability. Customers whose DNS suffixes reflect this registration would not be affected by this vulnerability. An example of a customer who is not affected is contoso.com or fabrikam.gov, where “contoso” and “fabrikam” are customer registered SLDs under their respective “.com” and “.gov” TLDs.

• Customers who have specified a proxy server via DHCP server settings or DNS are not affected by this vulnerability.

• Customers who have a trusted WPAD server in their organization are not affected by this vulnerability. (See the Workaround section for specific steps in creating a WPAD.DAT file on a WPAD server.)

• Customers who have manually specified a proxy server in Internet Explorer are not at risk from this vulnerability when using Internet Explorer.

• Customers who have disabled 'Automatically Detect Settings' in Internet Explorer are not at risk from this vulnerability when using Internet Explorer.

http://www.microsoft.com/technet/security/advisory/945713.mspx

NICK ADSL UK

12-10-07, 14:07

Vulnerability Summary for the Week of December 3, 2007

http://www.us-cert.gov/cas/bulletins/SB07-344.html

NICK ADSL UK

12-13-07, 12:32

“Keep Everything Clear of the Doors”

You’ve seen it, read it, heard it so many times you’ve blocked it out … routine, mundane. . . but instinctively you take the necessary precautions. And the idiots who think they can beat the doors for gosh sakes . . . some make it, most don’t… when will they learn. Even though, I suspect the next time you hear this spoken over the intercom in the Underground, or read the warning label on the inside of the carriage you’ll take just that extra second to really make sure everything is clear of the doors. “Why?”, you ask. “Because you’ve just read this!” No different than the many times you’ve looked at your watch, and then someone else asks you what time it is; you can’t remember, so you look again.

Unremarkably, the same applies when it comes to being more safe online. This past year you bought a brand new state of the art, 2g of RAM, 600g hard drive that will hold more stuff than you or I could ever fill up in a lifetime. It’s loaded with free anti-spam, anti-virus software and everything is going very well, so well in fact that you don’t update your software (Windows Vista has ‘updates’ turned on by default, so unless you mess with it, you’re okay ), run a periodic anti-malware scan, and the wireless is working fine so need to check that. You’ve read about the Government’s GetSafeOnline.org campaign (www.GetSafeOnline.org) that e-Bay, Microsoft, HSBC, Home office, SOCA, and others participate in, you’ve seen the constant news articles about loss or theft of data from the largest of companies and government agencies (and if you’re a victim of HMRC ‘datagate’, you have every right to be angry) but hey, you’ve not been affected . . . why do anything. Victims of online crime… not me, happens only to those people who go to the ‘wrong sites’ . . .who tried to make it thru the doors for gosh sakes, they should have known better.

Not so fast Mr ItAin’tGonnaHappenToMe. That ‘other person’ is going to be you if you don’t take a few moments to make sure your operating system and software are up to date, that your firewall is turned on (both are already done for you if you are operating Windows Vista) your anti-spam and anti-virus software are installed and updated (don’t forget to renew your subscription to the anti-malware software if it is about to expire). Organized criminals are ‘green’, ‘socially conscious agnostics’, they want what is best for you – NOT!! Just like machines, THEY DON’T CARE who you are, where you grew up, what kind of accent you have, whether you’re beautiful (or like me, a face made for radio); they operate without regard to your sex or religious affiliations – I call them “THE EQUALIZERS”. They want what is yours – from your bank account, your identity, or even a bit of your bandwidth – oh yes, they can quite happily use your computer while you do and you may not ever know.

As we approach the Holidays, don’t let the Grinch of Christmas Past ruin your holidays online. Possibly, ‘just because you read this’, you will take a moment and run the Microsoft Malicious Software Removal Tool , will visit www.GetSafeOnline.org , or possibly even give the most important cyber gift of all – a trip to the wild side, www.WindowsMarketplace.com (click on Security Downloads) for free anti-malware. It will take you a few minutes; but a few minutes now might just save you months of hassle down the road. Do you really want to be calling your credit card companies, bank, credit agency, DVLA, DWP, on New Years Eve. Or worse, worry whether someone will be showing up at your doorstep because you couldn’t be bothered to spend a measly 10 minutes with your kids to talk to them about social networking sites (oh yea, they just told their friends on their Facebook site when you were going to be away). . . and you didn’t tell them how to prevent outsiders from accessing their pages. Nor did you tell them in no uncertain terms that even when they close their site everything they put on the Internet IS THERE FOREVER. Oh yes, some make it thru the doors, most don’t . . .when will THEY learn.

I wish you a very happy holiday season – and a safe online journey.

Edward P Gibson
Chief Security Advisor
Microsoft Ltd-UK

NICK ADSL UK

12-16-07, 17:22

Cybercrooks lurk in shadows of big-name websites

A small team of security researchers has documented how many high-profile websites are unwittingly helping phishing fraudsters.

Phishing scams often use "open redirector" exploits on major sites to make their attack URL look more legitimate. The trick also makes it more likely that fraudulent emails that form the basis of phishing attacks will slip past spam filters. Typically, security flaws on exploited high-profile sites allow a phisher to provide a link which appears to be a legitimate URL, but actually redirects to a fraudulent site.

Previous Register stories have covered examples of the ruse practiced on websites including Barclays Bank (story here), eBay (here), and others.

To date, most of the information about the topic has been anecdotal. SiteTruth aims to shed light on the scope of the problem by collecting hard numbers as part a project that ultimately aims to provide a search engine that will allow clued-up surfers to check on the legitimacy of sites. SiteTruth's search service isn't limited to sites that have paid a fee. Nor is it selling "seals of approval".

Its findings are partly based on existing business records, as well as links with other anti-phishing organisations (such as PhishTank, a clearing house for reports about phishing sites), and its own research. It also takes submissions from webmasters, as explained here.

Even so, the site admits its findings aren't infallible and ought to serve only as a guideline. The safe search feature is currently in Alpha testing.

SiteTruth's research, based on the collection of information about exploited websites and updated every three hours, also reports on insecure practices that serve the interest of cybercrooks. SiteTruth breaks down the vulnerabilities it finds into five categories, as follows:

Open redirectors
Sites that allow user hosted content in ways exploitable for phishing (i.e. "photobucket.com", which will accept uploads of Flash files)
ISPs that provide DSL or cable connections for phishing sites
Unscrupulous commercial hosting services
Compromised sites exploited by phishers (Universities with high bandwidth connections and lax security are a favourite in this category)
Some of the items on the list cover broadly similar ground to that documented by Spamhaus and others. However, the open redirector run-down compiled by SiteTruth is a distinct list that makes for interesting reading.

SiteTruth has cross referenced the 10,000 sites listed in PhishTank with the 1.7 million sites in the Open Directory Project database to discover a list of 171 problem domains. Domains listed typically have a security vulnerability which is being exploited by phishing fraudsters.

URL redirection isn't the only category for listing in this blacklist (hosting or otherwise unwittingly helping phishing scams also counts). But the sites allowing URL redirection include many high-profile organisations that ought to know better, including Google Maps. It's easy to bounce off Google Maps to reach the register, for example.

AOL, Microsoft Live, the BBC, Yahoo!, and UK bank Alliance and Leicester have also been greylisted by SiteTruth over the last three weeks.

"Phishing sites come and go rapidly; this list may be out of date within hours," SiteTruth's John Nagle told El Reg. "Some sites are still in PhishTank because they had an active phish in the recent past and PhishTank hasn't purged the entries yet. But some major sites have been on the list for weeks to months.

"So some major websites are being used to lend credibility to phishing attacks. But the number of major sites involved isn't large. It's no longer an acceptable excuse to claim that 'everybody has that problem'. Only some have it, and they need to fix it." ®

http://www.theregister.co.uk/2007/12/12/phishing_redirection/

NICK ADSL UK

12-18-07, 17:05

Vulnerability Summary for the Week of December 10, 2007

http://www.us-cert.gov/cas/bulletins/SB07-351.html

NICK ADSL UK

12-27-07, 08:31

From fellow MVP harry waldron

A new version of the Storm Worm is circulating and it invites folks to visit websites that contain malicious agents that can infect your PC. Always avoid suspicious and unexpected email, and please do not follow any of these links. The Storm Worm is one of the most advanced malware attacks circulating and may be difficult to detect or clean from your system.

New Storm Worm - New Years Theme
http://isc.sans.org/diary.html?storyid=3784
http://www.avertlabs.com/research/blog/index.php/2007/12/25/and-a-happy-nuwar/
http://www.f-secure.com/weblog/archives/00001350.html
http://blog.trendmicro.com/holidays-proving-stormy/
http://holisticinfosec.blogspot.com/2007/12/new-years-storm-deja-vu.html

QUOTE: This version is a New Years-themed e-card directing victims to a malicious website with malware behind it. The message comes in with a number of subjects and body-text. The one line message bodies are also being used as the subject lines.

Below are examples of email subject lines seen so far:

A fresh new year
As the new year...
As you embrace another new year
Blasting new year
Happy 2008!
Happy New Year!
It's the new Year
Joyous new year
New Hope and New Beginnings
New Year Ecard
New Year Postcard
Opportunities for the new year
Wishes for the new year
Happy New Year to You!
Happy New Year to <email address>
Lots of greetings on the new year
New Year wishes for You

There is also a Christmas e-card version that started circulating on Christmas Eve:

New Storm Worm - Christmas Theme
http://www.f-secure.com/weblog/archives/00001349.html
http://blog.trendmicro.com/here-comes-storm-again/
http://www.avertlabs.com/research/blog/index.php/2007/12/24/merry-christmas-nuwar-style/
http://www.symantec.com/enterprise/security_response/weblog/2007/12/is_thatreally_you_santa.html

QUOTE: It turns out that the Storm gang was going to do a Christmas Malware run after all, they just decided to start it surprisingly late - on Christmas eve itself! This site contains a new version of the Storm Worm. The IP address of the site changes every second. Don't be naughty and go wondering to that domain. Please do not click on the "Download For Free Now" button as it will get you infected. Merry Christmas, y'all!

NICK ADSL UK

01-02-08, 17:21

Vulnerability Summary for the Week of December 24, 2007

http://www.us-cert.gov/cas/bulletins/SB07-365.html

NICK ADSL UK

01-08-08, 07:54

Vulnerability Summary for the Week of December 31, 2007

http://www.us-cert.gov/cas/bulletins/SB08-007.html

NICK ADSL UK

01-09-08, 12:31

Hostile takeover of Shareaza

The distributors of the iMesh P2P client are using a particularly aggressive method to distribute their software. Users of the Shareaza filesharing client have recently been installing a fake client after responding to a message inviting them to download and install an updated version. The problem can be traced back to the Shareaza developers losing control of the original shareaza.com domain from which the software attempts to update.

The new owner of the domain claims to be providing an updated version of the Shareaza client for download. However, the download does not contain the open-source Shareaza client at all but instead, according to research carried out by Shareaza users, an iMesh or BearShare client with a modified user interface and additional adware in the guise of a toolbar. Because it also offers music tracks and albums for sale, iMesh considers itself a legal P2P network. Nevertheless, there is a silver lining for Shareaza users. The update mechanism could have allowed criminal individuals to install trojans or spyware along with the updates.

It would seem that the French music industry association La Societe Des Producteurs De Phonogrammes En France (SPPF) forced the previous owner, Jonathan Nilson, to sell the domain. The SPPF had brought an action against Nilson in a Parisian court.

The Shareaza developers have reacted to the situation by releasing a new version of the software that no longer tries to update from the old domain. The official website has now moved to the SourceForge server farm. Shareaza users should download and install the latest version 2.3.1.0 and uninstall the fake client if necessary.

http://www.heise-security.co.uk/news/101548

NICK ADSL UK

01-14-08, 17:54

Cyber Security Bulletins for the Week of January 7, 2008
Published: January 14, 2008

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

Review the http://www.us-cert.gov/cas/bulletins/SB08-014.html

NICK ADSL UK

01-29-08, 08:24

'Tis the Season for Tax Return Scams

It's that time of the year again, tax season. With every tax season is the latest in tax return phishes.

See sample received by ISC at http://isc.sans.org/diary.html?storyid=3898

NICK ADSL UK

01-31-08, 04:39

Storm Worm Directing Users to Medical Spam Web Sites
added January 30, 2008 at 03:20 pm | updated January 30, 2008 at 06:02 pm

US-CERT is aware of a variant of the Storm Worm that sends unsolicited email messages to users and attempts to evade spam filtering. When a user receives this email message, it will contain a link in the format of:

http://<IP Address>/<random directory name>

When visited, the user will be directed to a website containing medical spam information.

US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:

Install anti-virus software, and keep its virus signature files up-to-date.
Block executable and unknown file types at the email gateway.
Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Cisco Releases Security Advisories to Address a Vulnerability in the Cisco Wireless Control System
added January 30, 2008 at 02:23 pm

Cisco has released Security Advisory cisco-sa-20080130-wcs to address a vulnerability in the Wireless Control System. The vulnerability exists in the Apache Tomcat URI handler and may allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.

More information and workarounds regarding this vulnerability can be found in the Cisco Security Advisory cisco-sa-20080130-wcs.

http://www.uscert.gov/current/current_activity.html#new_storm_worm_tactic

NICK ADSL UK

02-04-08, 12:56

Description:
Some vulnerabilities have been discovered in Yahoo! Music Jukebox, which can be exploited by malicious people to compromise a user's system.

1) A boundary error in the YMP DataGrid ActiveX control (datagrid.dll) when handling arguments passed to the "AddImage()" and "AddButton()" methods can be exploited to cause a stack-based buffer overflow via an overly long argument.

2) A boundary error in the Yahoo! Mediagrid ActiveX control (mediagridax.dll) when handling arguments passed to the "AddBitmap()" method can be exploited to cause a stack-based buffer overflow via an overly long argument.

Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.

NOTE: Working exploit code is publicly available.

The vulnerabilities are confirmed in Yahoo! Music Jukebox version 2.2.2.056. Other versions may also be affected.

Solution:
Set the kill-bit for the affected ActiveX controls.
http://secunia.com/advisories/28757/

NICK ADSL UK

02-13-08, 04:04

12 February 2008, 15:02Valentine's Day greetings from storm worm
Was it just a test run, or do the storm worm botnet's operators have difficulty reading a calendar? Storm-infected computers were sending out Valentine's Day messages a whole month ago - despite the fact that it's actually this Thursday. A number of anti-virus software vendors are now warning of a new wave of storm worm emails promising Valentine's Day greetings, but in fact merely infecting users with new versions of the worm.

Advertisement

The emails, with subject lines such as Love Rose, Rockin' Valentine or Just You, include links to websites showing one of eight different sloppy Valentine's Day images pointing to a file called valentine.exe. The detection rate for anti-virus software is abysmal - only Kaspersky, Sophos and F-Secure, which contains the Kaspersky engine, detect the current malware version. Since the botnet operators frequently replace the executable, detection rates are, however, highly variable.

Signature updates from anti-virus software vendors are barely able to keep up, so that some variants remain undetected and can be executed. Solutions with integrated behavioural blockers or additional behaviour based detection programs, such as Norton's AntiBot or Trend Micro's RUBotted, are likely to offer better protection in such cases.

The usual security tips should help protect against storm worm infection. Don't open unrequested email attachments, never execute files from dubious websites and always keep your anti-virus software up to date.
http://www.heise-online.co.uk/security/Valentine-s-Day-greetings-from-storm-worm--/news/110099

NICK ADSL UK

02-28-08, 18:31

Critical VMware Security Alert for Windows-Hosted VMware Workstation, VMware Player, and VMware ACE

Products
VMware ACE
VMware Player
VMware Workstation
Details

Summary
On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host's complete file system and create or modify executable files in sensitive locations.

Workaround
Until VMware releases a patch to fix this issue, users of affected Windows-hosted VMware products should disable shared folders.

To disable shared folders in the Global settings:
1.From the VMware product's menu, choose Edit > Preferences.
2.In the Workspace tab, under Virtual Machines, deselect the checkbox for Enable all shared folders by default.

To disable shared folders for the individual virtual machine settings:
1.From the VMware product's menu, choose VM > Settings.
2.In the Options tab, select Shared Folders and Disable.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034

NICK ADSL UK

03-04-08, 08:23

A week after Mcafee Avert Labs found WinCE/InfoJack, we’ve run across more malware in China. This time the malware, running on Symbian Series 60 phones, attempts to extort money from users. SymbOS/Kiazha.A displays a message telling the user to send RMB 50 (approx. $7) to the malware author in order to regain use of the phone.

http://www.avertlabs.com/research/blog/index.php/2008/03/04/crimeware-goes-mobile/

NICK ADSL UK

03-11-08, 08:05

ActiveX Control "Console" Property Memory Corruption

Critical: Highly critical

Impact: System access
Where: From remote
Solution Status: Unpatched

Software: RealPlayer 11.x
http://secunia.com/advisories/29315/

NICK ADSL UK

03-16-08, 10:34

Help avoid online tax fraud
Published: January 15, 2007 | Updated: March 6, 2008

If you file your taxes over the Internet, it's important to remember some common-sense rules about protecting your privacy and helping to prevent identity theft.

The information in your return contains everything that an unscrupulous third party needs to steal your identity, file tax returns on your behalf, steal your refund, and more.

One of the most important things you can do to help protect yourself is to use Internet Explorer 7. For more information, see Keep your identity safer this tax season.
http://www.microsoft.com/windows/products/winfamily/ie/tax/default.mspx

NICK ADSL UK

03-25-08, 17:26

Adobe is planning to release a security update for Flash Player 9 in April 2008 to strengthen the security of Adobe Flash Player for our customers and end users, and to provide further mitigations for previously disclosed vulnerabilities. The Flash Player security update provides further mitigations for issues listed in the December 2007 Security Bulletin ABSP07-20 for DNS rebinding and cross-domain policy file vulnerabilities, and Security Advisory APSA07-06 for cross-site scripting vulnerabilities in SWFs. Due to the possibility that these security enhancements and changes may impact existing content, Adobe is providing relevant information in advance to allow customers to better prepare for the pending release.

Customers are advised to review the upcoming Flash Player updates to determine if their content will be impacted, and to begin implementing necessary changes immediately to help ensure a seamless transition. This document provides an overview of the upcoming Flash Player changes, links to TechNotes, and relevant documentation to help you better prepare.

If any of the following situations apply, you should read this article in detail:

http://www.adobe.com/devnet/flashplayer/articles/flash_player9_security_update.html

NICK ADSL UK

03-26-08, 03:55

********************************************************************
Title: Microsoft Security Bulletin Revisions
Issued: March 25, 2008
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS07-040 - Critical

Bulletin Information:
=====================

* MS07-040 - Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx

- Reason for Revision: Bulletin Updated: Added .NET Framework 1.0
(KB928367) and .NET Framework 1.1 (KB929729) as affected
components for Windows Vista Service Pack 1 and Windows
Server 2008.
- Originally posted: July 10, 2007
- Updated: March 25, 2008
- Bulletin Severity Rating: Critical
- Version: 2.0

NICK ADSL UK

03-31-08, 17:17

XnView 1.x"

----------------------------------------------------------------------
http://secunia.com/advisories/29620/
Release Date: 2008-03-31

Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software: XnView 1.x

CVE reference: CVE-2008-0069 (Secunia mirror)

Solution:
Update to version 1.93.4.
http://pagesperso-orange.fr/pierre.g/xnview/endownload.html

NICK ADSL UK

04-08-08, 17:20

Email Attack Targeting Microsoft's April Security Bulletins

Email Attack Targeting Microsoft's April Security Bulletin Release Cycle

US-CERT has seen reports of an email attack targeting Microsoft's April Security Bulletin release cycle. This attack arrives via email messages with the subject line "Critical Patch Released: Microsoft Security Bulletin MS08-64738." These email messages contain a link to a fraudulent Microsoft Update web site that hosts malicious code or contains an attachment that is embedded with malicious code. Users who follow the link or open the attachment may become infected with a Trojan.

US-CERT encourages users to do the following to help mitigate the risks:

Install anti-virus software and keep its virus signature files up to date.
Do not follow unsolicited web links received in email messages.
Verify web sites recommended in email by manually typing their URLs. Do not link directly to web sites recommended in an email.

Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Follow the guidance provided in the Recognize and avoid fraudulent e-mail to Microsoft customers document from Microsoft
http://www.us-cert.gov/current/index.html#email_attack_targeting_microsoft_s

NICK ADSL UK

04-22-08, 13:24

Security advisory Potential vulnerability in Photoshop Album Starter Edition 3.2
Release date: April 21, 2008

Vulnerability identifier: APSA08-04

CVE number: CVE-2008-1765

Platform: Windows

Affected Software: Photoshop Album Starter Edition 3.2

SummaryAdobe is aware of a recently published security issue in Adobe Photoshop Album Starter Edition 3.2 that could potentially cause code execution. An attacker would need to convince a user to open a malicious BMP file to successfully exploit the issue. This issue does not affect Photoshop or Photoshop Elements users who have already applied the updates described in Security Bulletin APSB07-13.

DetailsAn attacker would need to convince a user to open a malicious BMP file in Photoshop Album Starter Edition to successfully exploit the issue. Adobe recommends that customers exercise caution when receiving unsolicited or suspicious BMP files. This issue does not affect Photoshop or Photoshop Elements users who have already applied the updates described in Security Bulletin APSB07-13.

http://www.adobe.com/support/security/advisories/apsa08-04.html

NICK ADSL UK

04-25-08, 06:41

Apple QuickTime Vulnerability Report
added April 23, 2008 at 06:33 pm

US-CERT is aware of a public report of a new vulnerability in Apple QuickTime. The report indicates that if a user opens a specially crafted QuickTime file, an attacker may be able to execute arbitrary code. This vulnerability may have several attack vectors, such as visiting a malicious or compromised website. US-CERT is currently investigating this report and will provide additional details as needed.

US-CERT encourages users to use caution when opening QuickTime files, and apply the best security practices described in the Securing Your Web Browser document, to help mitigate the risks.

http://www.us-cert.gov/current/index.html#apple_quicktime_vulnerability
----------------------------------------------------------------------

NICK ADSL UK

04-29-08, 04:31

The sophisticated mass infection that's injecting attack code into hundreds of thousands of reputable web pages is growing and even infiltrated the website of the Department of Homeland Security.

While so-called SQL injections are nothing new, this latest attack, which we we reported earlier, is notable for its ability to infect huge numbers of pages using only a single string of text. At time of writing, Google searches here, here and here showed almost 520,000 pages containing the infection string, though the exact number changes almost constantly. As the screenshot below shows, even the DHS, which is responsible for protecting US infrastructure against cyber attacks, wasn't immune. Other hacked sites include those belonging to the United Nations and the UK Civil Service.
continued at source
http://www.theregister.co.uk/2008/04/25/mass_web_attack_grows/

NICK ADSL UK

05-17-08, 05:33

PayPal XSS Vulnerability Undermines EV SSL Security

A security researcher in Finland has discovered a cross-site scripting vulnerability on paypal.com that would allow hackers to carry out highly plausible attacks, adding their own content to the site and stealing credentials from users.
The vulnerability is made worse by the fact that the affected page uses an Extended Validation SSL certificate, which causes the browser's address bar to turn green, assuring visitors that the site – and its content – belongs to PayPal. Two years ago, a similar vulnerability was discovered on a different page of the PayPal site, which also used an SSL certificate

continued at source

http://news.netcraft.com/archives/2008/05/16/paypal_xss_vulnerability_undermines_ev_ssl_security.html

NICK ADSL UK

06-21-08, 17:50

Microsoft Security Advisory (953818)
Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform
Published: May 30, 2008 | Updated: June 20, 2008

Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default; it must be installed independently or through the Apple Software Update application. Customers running Safari on Windows should review this advisory.

At the present time, Microsoft is unaware of any attacks attempting to exploit this blended threat. Upon completion of this investigation, Microsoft will take the appropriate measures to protect our customers. This may include providing a solution through a service pack, the monthly update process, or an out-of-cycle security update, depending on customers needs.

Apple Support has released a security advisory that addresses the vulnerability in Apple’s Safari 3.1.2 for Windows. Please see Apple security advisory About the security content of Safari 3.1.2 for Windows for more information.

Mitigating Factors:

• Customers who have changed the default location where Safari downloads content to the local drive are not affected by this blended threat.

http://www.microsoft.com/technet/security/advisory/953818.mspx

NICK ADSL UK

06-24-08, 15:11

Adobe released a security update today for Acrobat and Reader 8.1.2. It fixes a vulnerability which allows remote attacker to execute malicious code. This is likely to appear in a malware spreading website near you soon given the track record of the botnet operators. Suggest update this one as soon as possible,
http://www.adobe.com/support/security/bulletins/apsb08-15.html

NICK ADSL UK

06-24-08, 15:33

Microsoft Security Advisory (954462)
Rise in SQL Injection Attacks Exploiting Unverified User Data Input
Published: June 24, 2008

Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. When a SQL injection attack succeeds, an attacker can compromise data stored in these databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded unknowingly to malicious sites that may install malware on the client machine.

Mitigating Factors:

This vulnerability is not exploitable in Web applications that follow generally accepted best practices for secure Web application development by verifying user data input
http://www.microsoft.com/technet/security/advisory/954462.mspx

NICK ADSL UK

07-06-08, 03:50

Mozilla Foundation Security Advisory 2008-21
Title: Crashes with evidence of memory corruption (rv:1.8.1.15)
Impact: Critical
Announced: July 1, 2008
Reporter: Mozilla developers and community
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.0
Firefox 2.0.0.15
SeaMonkey 1.1.10

Description
Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.

Workaround
Disable JavaScript until a version containing these fixes can be installed.

NICK ADSL UK

07-16-08, 11:24

Attention Virus Warning

Service Update

We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.

This email attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.

UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.

Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the unauthorized actions of third parties.

Thank you for your attention.

http://www.ups.com/content/us/en/about/news/service_updates/virus_us.html

NICK ADSL UK

12-24-08, 09:43

Websense® Security Labs(TM) ThreatSeeker(TM) Network has discovered that the Web site of John Sands Greeting Card Company is infected with a mass JavaScript injection that delivers a malicious payload. Multiple pages on the site has been found to contain the said malicious code.

John Sands is the largest greeting card company in Australasia, helping both Australians and New Zealanders to celebrate with a huge variety of cards and gift wrap items under their brand names such as John Sands, The Ink Group, Momentum Greetings and Creative Stationery. Acquired by American Greetings in 1996, the company was founded in 1837 by John Sands, the son of an English engraver. The company is Australia's second oldest registered company.
http://securitylabs.websense.com/content/Alerts/3268.aspx

NICK ADSL UK

03-31-09, 08:21

In the run up to April 1st, McAfee is offering a special build of its stand-alone cleaning tool christened Stinger which will be updated on a daily basis to include any undetected Conficker variants from the wild.

Please ensure that your copy of Microsoft Windows is patched and security software is fully up to date to ensure that April 1st 2009, is a day like any other day!

W32/Conficker.worm attacks port 445, Microsoft Directory Service, exploitin g MS08 - 067 . MS08 - 067 is an exploit similar to MS06 - 040 , which we first saw a couple of years ago .

W32/Conficker .worm attack symptoms:
- Blocks access to security - related sites
- User lockouts
- Trafic on port 445 on non - Directory Service (DS) servers
- No access to admin shares
- Autorun.inf files in recycled directory
http://majorgeeks.com/McAfee_AVERT_Stinger_Conficker__d6157.html

NICK ADSL UK

04-10-09, 05:26

Thursday, April 09, 2009 1:25 PM by mmpc
Cashing in on Conficker's Bad Name
Over the last couple of days we've seen some spam claiming to be from Microsoft, providing a free scan to remove Conficker. Here's an example:

http://blogs.technet.com/mmpc/archive/2009/04/09/cashing-in-on-confickers-bad-name.aspx

NICK ADSL UK

04-10-09, 05:33

Conficker.E

We’ve seen some activity in the Conficker space in the past two days and this has caused some questions from customers. Specifically, there have been reports of two possible new variants of Conficker. Our colleagues over at the Microsoft Malware Protection Center (MMPC) have done a thorough analysis of both of these and have determined that there’s really only one new variant, which they’re calling Conficker.E. Most importantly, the signatures that protect against Conficker.A are also effective at protecting against Conficker.E. The other possible new variant is only a slightly modified version of Conficker.D and our Conficker.D signatures protect against it. Also, our virus encylopedia entry for Conficker.D has been updated to include information about this slightly modified version.

There’s more detailed information on Conficker.E on the MMPC blog and in the encyclopedia entry. But at a high level, this has similar propagation methods to Conficker.B (attempting to exploit MS08-067, attacking weak passwords on administrative shares and spreading via removable media like USB drives). However, it also has instructions so that it will also delete itself on May 3, 2009.

The important thing is that our guidance for protecting yourself remains the same. If your systems and security software are fully updated, you don’t need to be concerned about Conficker.

As always, we’re continuing our work with the Conficker Working Group and will update you as we have new, important information.

Thanks.

Christopher

http://blogs.technet.com/msrc/archive/2009/04/09/conficker-e.aspx

NICK ADSL UK

04-28-09, 09:07

Swine Flu Phishing Attacks and Email Scams
http://www.us-cert.gov/current/index.html#swine_flu_phishing_attacks_and

NICK ADSL UK

06-10-09, 05:57

APSB09-07 - Security Updates available for Adobe Reader and Acrobat

Originally posted: June 9, 2009

Summary:
Critical vulnerabilities have been identified in Adobe Reader
9.1.1 and Acrobat 9.1.1 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Reader 9 and Acrobat 9 and earlier versions update to Adobe Reader 9.1.2 and Acrobat 9.1.2.
Adobe recommends users of Acrobat 8 update to Acrobat 8.1.6, and users of Acrobat 7 update to Acrobat 7.1.3. For Adobe Reader users who can't update to Adobe Reader 9.1.2, Adobe has provided the Adobe Reader 8.1.6 and Adobe Reader 7.1.3 updates. Updates apply to Windows and Macintosh. Security updates for Adobe Reader on the UNIX platform will be available on June 16, 2009; the Bulletin will be updated to reflect their availability on that date.

This update incorporates the initial output of code hardening efforts discussed in a May 20 Adobe ASSET (Adobe Secure Software Engineering Team) blog post, as well as externally reported issues.

http://www.adobe.com/support/security/bulletins/apsb09-07.html

NICK ADSL UK

10-08-09, 18:25

Adobe is aware of reports of a critical vulnerability in Adobe Reader and Acrobat 9.1.3 and earlier (CVE-2009-3459) on Windows, Macintosh and UNIX. There are reports that this issue is being exploited in the wild in limited targeted attacks; the exploit targets Adobe Reader and Acrobat 9.1.3 on Windows.

Adobe plans to resolve this issue as part of the upcoming Adobe Reader and Acrobat quarterly security update, scheduled for release on October 13. Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista will be protected from this exploit. Disabling JavaScript also mitigates against this specific exploit, although a variant that does not rely on JavaScript could be possible. In the meantime, Adobe is also in contact with Antivirus and Security vendors regarding the issue and recommends users keep their anti-virus definitions up to date.
(Note: This Security Advisory will be replaced with the final Security Bulletin upon release on October 13, 2009.)

http://www.adobe.com/support/security/bulletins/apsb09-15.html

NICK ADSL UK

10-14-09, 17:49

Security Updates Available for Adobe Reader and Acrobat

Security Updates Available for Adobe Reader and Acrobat
Release date: October 13, 2009

Vulnerability identifier: APSB09-15

CVE number: CVE-2007-0048, CVE-2007-0045, CVE-2009-2564, CVE-2009-2979, CVE-2009-2980, CVE-2009-2981, CVE-2009-2982, CVE-2009-2983, CVE-2009-2984, CVE-2009-2985, CVE-2009-2986, CVE-2009-2987, CVE-2009-2988, CVE-2009-2989, CVE-2009-2990, CVE-2009-2991, CVE-2009-2992, CVE-2009-2993, CVE-2009-2994, CVE-2009-2995, CVE-2009-2996, CVE-2009-2997, CVE-2009-2998, CVE-2009-3431, CVE-2009-3458, CVE-2009-3459, CVE-2009-3460, CVE-2009-3461, CVE-2009-3462

Platform: All
http://www.adobe.com/support/security/bulletins/apsb09-15.html

NICK ADSL UK

11-16-09, 13:42

Apple has released Safari 4.0.4 to address multiple vulnerabilities

Apple has released Safari 4.0.4 to address multiple vulnerabilities in a number of components. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct cross-site request forgery, or obtain sensitive information. These vulnerabilities affect Safari running on both the Mac OS X and Windows platforms.

US-CERT encourages users and administrators to review Apple article HT3949 and upgrade to Safari 4.0.4 to help mitigate the risks.

http://support.apple.com/kb/HT3949

NICK ADSL UK

11-16-09, 13:44

Apple Releases Mac OS X v10.6.2 and Security Update 2009-006

Apple has released Mac OS X v10.6.2 and Security Update 2009-006 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct a man-in-the-middle attack, operate with escalated privileges, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple article HT3937 and apply any necessary updates to help mitigate the risks.

http://support.apple.com/kb/HT3937

NICK ADSL UK

12-13-09, 17:01

Adobe Releases Security Updates for Flash Player and AIR
added December 9, 2009 at 09:03 am

Adobe has released a security bulletin to address multiple vulnerabilities in Adobe Flash Player 10.0.32.18 and earlier and Adobe AIR1.5.2 and earlier. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

http://www.adobe.com/support/security/bulletins/apsb09-19.html

NICK ADSL UK

12-29-09, 18:26

The Microsoft Security Response Center (MSRC) : Results of Investigation into Holiday IIS Claim:

We’ve completed our investigation into the claims that came up over the holiday of a possible vulnerability in IIS and found that there is no vulnerability in IIS.
What we have seen is that there is an inconsistency in IIS 6 only in how it handles semicolons in URLs. It’s this inconsistency that the claims have focused on, saying this enables an attacker to bypass content filtering software to upload and execute code on an IIS server.
The key in this is the last point: for the scenario to work, the IIS server must already be configured to allow both “write” and “execute” privileges on the same directory. This is not the default configuration for IIS and is contrary to all of our published best practices. Quite simply, an IIS server configured in this manner is inherently vulnerable to attack.
However, customers who are using IIS 6.0 in the default configuration or following our recommended best practices don’t need to worry about this issue. If, however, you are running IIS in a configuration that allows both “write” and “execute” privileges on the same directory like this scenario requires, you should review our best practices and make changes to better secure your system from the threats that configuration can enable. Once again, here’s a list of best practices resources:
• IIS 6.0 Security Best Practices
• Securing Sites with Web Site Permissions
• IIS 6.0 Operations Guide
• Improving Web Application Security: Threats and Countermeasures
The IIS folks are evaluating a change to bring the behavior of IIS 6.0 in line with the other versions. In the meantime, they’ve put more information up about this on their weblog.
I hope this helps answer any questions.
Happy Holidays and Happy New Year.
Christopher
The Microsoft Security Response Center (MSRC) : Results of Investigation into Holiday IIS Claim:

http://blogs.technet.com/msrc/archive/2009/12/29/results-of-investigation-into-holiday-iis-claim.aspx