Major Security / Virus Warnings

Discussion in 'Virus Software Updates (Read Only)' started by NICK ADSL UK, Dec 22, 2003.

  1. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    W32.Sixem.C@mm
    Discovered on: July 02, 2006
    Last Updated on: July 03, 2006 11:06:28 AM
    http://securityresponse.symantec.com/avcenter/venc/data/w32.sixem.c@mm.html

    W32.Amirecivel.F@mm
    Discovered on: July 02, 2006
    Last Updated on: July 03, 2006 04:45:21 PM
    http://securityresponse.symantec.com/avcenter/venc/data/w32.amirecivel.f@mm.html

    SymbOS.Cdropper.Q
    Discovered on: July 02, 2006
    Last Updated on: July 03, 2006 04:24:13 PM
    http://securityresponse.symantec.com/avcenter/venc/data/symbos.cdropper.q.html
     
  2. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Infostealer.Svcstor
    Discovered on: July 05, 2006
    Last Updated on: July 05, 2006 05:12:28 PM
    http://securityresponse.symantec.com/avcenter/venc/data/infostealer.svcstor.html

    Backdoor.Rustock.B
    Discovered on: July 05, 2006
    Last Updated on: July 05, 2006 11:58:27 AM
    http://securityresponse.symantec.com/avcenter/venc/data/backdoor.rustock.b.html

    Trojan.Lodeight.C
    Discovered on: July 05, 2006
    Last Updated on: July 05, 2006 09:39:53 AM
    http://securityresponse.symantec.com/avcenter/venc/data/trojan.lodeight.c.html

    Trojan.Hongmosa
    Discovered on: July 04, 2006
    Last Updated on: July 05, 2006 04:30:47 PM
    http://securityresponse.symantec.com/avcenter/venc/data/trojan.hongmosa.html

    W32.Esbot.E
    Discovered on: July 04, 2006
    Last Updated on: July 05, 2006 01:12:19 PM
    http://securityresponse.symantec.com/avcenter/venc/data/w32.esbot.e.html

    SymbOS.Doomboot.W
    Discovered on: July 04, 2006
    Last Updated on: July 05, 2006 11:57:26 AM
    http://securityresponse.symantec.com/avcenter/venc/data/symbos.doomboot.w.html

    SymbOS.Doomboot.V
    Discovered on: July 04, 2006
    Last Updated on: July 05, 2006 10:31:43 AM
    http://securityresponse.symantec.com/avcenter/venc/data/symbos.doomboot.v.html

    W32.Audio
    Discovered on: July 04, 2006
    Last Updated on: July 05, 2006 01:28:52 PM
    http://securityresponse.symantec.com/avcenter/venc/data/w32.audio.html
     
  3. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    W32.Banwarum.G@mm
    Discovered on: July 06, 2006
    Last Updated on: July 06, 2006 06:32:59 PM
    http://securityresponse.symantec.com/avcenter/venc/data/w32.banwarum.g@mm.html

    Trojan.Nakani
    Discovered on: July 06, 2006
    Last Updated on: July 06, 2006 02:22:06 PM
    http://securityresponse.symantec.com/avcenter/venc/data/trojan.nakani.html

    SymbOS.Cabir.X
    Discovered on: July 06, 2006
    Last Updated on: July 06, 2006 12:27:52 PM
    http://securityresponse.symantec.com/avcenter/venc/data/symbos.cabir.x.html
     
  4. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

  5. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Trojan.Mdropper.K
    Discovered on: July 10, 2006
    Last Updated on: July 10, 2006 06:23:29 PM
    http://securityresponse.symantec.com/avcenter/venc/data/trojan.mdropper.k.html

    Backdoor.Sdbot.AU
    Discovered on: July 10, 2006
    Last Updated on: July 10, 2006 06:23:44 PM
    http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.au.html

    Backdoor.Pcclient.B
    Discovered on: July 10, 2006
    Last Updated on: July 10, 2006 12:12:23 PM
    http://securityresponse.symantec.com/avcenter/venc/data/backdoor.pcclient.b.html

    VBS.Birhip
    Discovered on: July 09, 2006
    Last Updated on: July 10, 2006 10:50:07 AM
    http://securityresponse.symantec.com/avcenter/venc/data/vbs.birhip.html
     
  6. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Trojan.Mdropper.K
    Discovered on: July 10, 2006
    Last Updated on: July 11, 2006 09:30:40 AM
    http://securityresponse.symantec.com/avcenter/venc/data/trojan.mdropper.k.html

    Backdoor.Sdbot.AU
    Discovered on: July 10, 2006
    Last Updated on: July 11, 2006 11:54:18 AM
    http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.au.html

    Backdoor.Pcclient.B
    Discovered on: July 10, 2006
    Last Updated on: July 11, 2006 09:09:58 AM
    http://securityresponse.symantec.com/avcenter/venc/data/backdoor.pcclient.b.html
     
  7. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    W32.Looked.P
    Discovered on: July 12, 2006
    Last Updated on: July 12, 2006 01:41:31 PM
    http://securityresponse.symantec.com/avcenter/venc/data/w32.looked.p.html

    W32.Dozic
    Discovered on: July 12, 2006
    Last Updated on: July 12, 2006 03:43:21 PM
    http://securityresponse.symantec.com/avcenter/venc/data/w32.dozic.html

    Backdoor.Haxdoor.N
    Discovered on: July 12, 2006
    Last Updated on: July 12, 2006 11:17:50 AM
    http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.n.html

    Trojan.PPDropper.B
    Discovered on: July 12, 2006
    Last Updated on: July 12, 2006 02:31:54 PM
    http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html

    W32.Looked.O
    Discovered on: July 11, 2006
    Last Updated on: July 12, 2006 11:40:13 AM
    http://securityresponse.symantec.com/avcenter/venc/data/w32.looked.o.html

    Infostealer.Corepias
    Discovered on: July 11, 2006
    Last Updated on: July 12, 2006 11:24:20 AM
    http://securityresponse.symantec.com/avcenter/venc/data/infostealer.corepias.html

    Trojan.Dachri
    Discovered on: July 11, 2006
    Last Updated on: July 12, 2006 11:25:21 AM
    http://securityresponse.symantec.com/avcenter/venc/data/trojan.dachri.html
     
  8. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Trojan.FrozzieRisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 15, 2006
    Updated: July 15, 2006 03:38:55 PM GDT
    Also Known As: DoS.Frozzie
    Type: Trojan Horse
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-071513-5923-99

    Perl.RaumoniRisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 14, 2006
    Updated: July 14, 2006 11:36:01 AM GDT
    Type: Worm
    Infection Length: 38,374 bytes or 31,235 bytes
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-071414-2632-99
     
  9. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Trojan.Gobrena.BRisk Level 1: Very Low
    Discovered: July 18, 2006
    Updated: July 18, 2006 05:42:35 PM GDT
    Type: Trojan Horse
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    Trojan.Gobrena.B is a Trojan horse that downloads and executes files.
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-071815-1251-99

    Trojan.Clagger.BRisk Level 1: Very Low
    Discovered: July 18, 2006
    Updated: July 18, 2006 03:20:53 PM GDT
    Type: Trojan Horse
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    Trojan.Clagger.B is a Trojan horse that attempts to download and execute a file from the Internet.
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-071814-0044-99
     
  10. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Trojan.Clagger.BRisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 18, 2006
    Updated: July 19, 2006 05:11:19 PM GDT
    Type: Trojan Horse
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    Trojan.Clagger.B is a Trojan horse that attempts to download and execute a file from the Internet.
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-071814-0044-99

    Trojan.Gobrena.BRisk Level 1: Very LowPrinter Friendly Page
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 18, 2006
    Updated: July 19, 2006 09:44:32 AM ZE9
    Type: Trojan Horse
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    Trojan.Gobrena.B is a Trojan horse that downloads and executes files.
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-071815-1251-99
     
  11. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Backdoor.GlupzyRisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 21, 2006
    Updated: July 21, 2006 04:05:03 PM GDT
    Type: Trojan Horse
    Infection Length: 21185 bytes
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    Backdoor.Glupzy is a Trojan horse that changes the administrator password on the compromised computer.
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-072111-1111-99

    JS.StartPage.BRisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 20, 2006
    Updated: July 21, 2006 11:43:04 AM GDT
    Type: Trojan Horse
    Infection Length: 5004 bytes
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    JS.StartPage.B is a JavaScript Trojan horse program that modifies the Internet Explorer home page and disables the registry editor.
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-072015-4209-99
     
  12. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Backdoor.Haxdoor.ORisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-072413-3859-99&tabid=1
    Discovered: July 23, 2006
    Updated: July 24, 2006 03:35:58 PM PDT
    Also Known As: Backdoor.Haxdoor.I
    Type: Trojan Horse
    Infection Length: 56,276 bytes
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    Backdoor.Haxdoor.O is a Trojan horse program that opens a back door on the compromised computer and allows a remote attacker to have unauthorized access. It also logs keystrokes, steals passwords, and drops rootkits that run in safe mode.

    This Trojan appears to have been spammed through email to multiple users in a .zip file attachment.

    Note: Virus definitions released prior to July 25, 2006 may detect this threat as Backdoor.Haxdoor.I.



    Fer.KruelRisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-072315-4310-99
    Discovered: July 23, 2006
    Updated: July 24, 2006 05:09:15 PM GDT
    Also Known As: FER_KRUEL.A [TREND MICROSYSTEMS]
    Type: Virus
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    Fer.Kruel is a ferite script-based virus that will overwrite other ferite script files. The script virus will run on any platform that supports ferite scripts.
     
  13. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    W32.Amirecivel.H@mmRisk Level 2: Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 25, 2006
    Updated: July 25, 2006 12:49:20 PM PDT
    Type: Worm
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    W32.Amirecivel.H@mm is a mass-mailing worm that also spreads through file-sharing networks. The worm requires Microsoft .Net Framework 2.0 in order to run.
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-072514-2118-99

    W32.DarjenRisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 25, 2006
    Updated: July 26, 2006 02:05:42 AM ZE9
    Type: Worm
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    W32.Darjen is a worm that copies itself to drives on the local computer.
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-072512-1925-99
     
  14. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Backdoor.TrickerRisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: July 28, 2006
    Updated: July 28, 2006 08:17:59 AM ZE9
    Type: Trojan Horse
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    Backdoor.Tricker is a back door Trojan horse that replaces MSN Instant Messenger and downloads remote files.
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-072811-3757-99
     
  15. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Symantec.com > Security Response > W32.Draggdor
    W32.DraggdorRisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: August 1, 2006
    Updated: August 1, 2006 12:19:33 PM GDT
    Type: Worm
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    W32.Draggdor is a worm that spreads by copying itself to local folders and network drives. It also opens a back door on the compromised computer.
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-080116-5635-99

    Trojan.Emcodec.FRisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: August 1, 2006
    Updated: August 1, 2006 11:46:57 AM PDT
    Type: Trojan Horse
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
    Trojan.Emcodec.F is a Trojan horse that drops and executes a copy of Trojan.Zlob. The Trojan masquerades as an installer for IntCodec 6.0.

    http://www.symantec.com/security_response/writeup.jsp?docid=2006-080111-1618-99
     
  16. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    W32.Munia!inf Risk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: August 5, 2006
    Updated: August 5, 2006 05:21:42 PM GDT
    Type: Virus
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    W32.Munia!inf is a detection that detects files that are infected by the W32.Munia virus.
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-080515-1424-99

    W32.Munia Risk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: August 5, 2006
    Updated: August 5, 2006 03:29:51 PM GDT
    Type: Virus
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    W32.Munia is a virus that infects executable files when the target file is opened. It also steals password information.
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-080510-5539-99
     
  17. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    W64.BoundsRisk Level 1: Very Low
    SUMMARY Discovered: August 9, 2006
    Updated: August 10, 2006 10:02:34 AM ZE9
    Type: Virus
    Systems Affected: Windows 64-bit (IA64)


    W64.Bounds is a virus that infects 64-bit Windows executable files.

    Symantec Security Response is currently investigating this threat and will post more information as it becomes available.
    http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-081009-3153-99

    W32.BoundsRisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: August 9, 2006
    Updated: August 10, 2006 09:58:41 AM ZE9
    Type: Virus
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    W32.Bounds is a proof of concept polymorphic entrypoint-obscuring infector of Windows executable files.

    http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-080913-5115-99
     
  18. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    QUOTE
    Advisory
    This is a THREAT Advisory for IRC-Mocbot!MS06-040.

    Justification
    IRC-Mocbot!MS06-040, which exploits the recently-patched MS06-040 Server Service vulnerability, was discovered late
    Saturday night. An extra.dat is available at the link below. VirusScan and Entercept/HIPS Buffer Overflow Protection does
    not protect against this threat. DATs are being released early as a preventative measure, although reports from the field
    are still low.

    Read About It
    Information about IRC-Mocbot!MS06-040 is located on VIL at: http://vil.nai.com/vil/content/v_140394.htm

    Detection
    IRC-Mocbot!MS06-040 was first discovered on 8/12/2006 and detection will be added to the 4828 dat files (Release Date:
    8/13/2006).

    An EXTRA.DAT file may be downloaded via the McAfee AVERT Extra.dat Request Page:
    <https://www.webimmune.net/extra/getextra.aspx>

    If you suspect you have IRC-Mocbot!MS06-040, please submit a sample to <http://www.webimmune.net>

    Risk Assessment Definition
    For further information on the Risk Assessment and Avert Labs Recommended Actions please see:
    http://www.mcafee.com/us/threat_center/outbreaks/virus_library/risk_assessment.html
     
  19. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Backdoor.Ranky.XRisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: August 14, 2006
    Updated: August 14, 2006 01:25:31 PM PDT
    Type: Trojan Horse
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


    Backdoor.Ranky.X is a back door Trojan horse that allows the compromised computer to be used as a covert proxy. The threat is downloaded by the W32.Wargbot worm. The threat opens a back door on a randomly chosen TCP port.

    http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-081415-2212-99
     
  20. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Backdoor.Haxdoor.PRisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: August 17, 2006
    Updated: August 17, 2006 04:56:38 PM GDT
    Also Known As: Backdoor.Haxdoor.IS [Trend]
    Type: Trojan Horse
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


    Backdoor.Haxdoor.P is a Trojan horse that opens a back door on the compromised computer and allows a remote attacker to have unauthorized access.
    http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-081712-1915-99
     
  21. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Trojan.BaklomaRisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: August 21, 2006
    Updated: August 21, 2006 03:12:11 PM PDT
    Type: Trojan Horse
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


    Trojan.Bakloma is a Trojan horse that steals information from the compromised computer. The Trojan may be installed when a user clicks on a link contained within a spam email that masquerades as being a security warning from Symantec.

    Note: Definitions prior to August 23, 2006 may detect this threat as Infostealer or Trojan Horse.
    http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-082112-4801-99
     
  22. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Trojan.Mdropper.ORisk Level 1: Very Low
    SUMMARY Discovered: August 25, 2006
    Updated: August 25, 2006 11:06:42 AM PDT
    Type: Trojan Horse
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


    Trojan.Mdropper.O is a Trojan horse that may exploit an unverified vulernability affecting Microsoft Word to drop an executable file.

    Symantec Security Response is currently investigating this threat and will post more information as it becomes available.
    http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-082510-2812-99
     
  23. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    W32.Bacalid!infRisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: September 1, 2006
    Updated: September 2, 2006 11:59:07 AM GDT
    Type: Virus
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-090112-1337-99


    W32.Mobler.ARisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: September 1, 2006
    Updated: September 2, 2006 02:13:01 PM GDT
    Also Known As: WORM_MOBLER.A [Trend Micro]
    Type: Worm
    Infection Length: 287,744 bytes
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-090110-0812-99
     
  24. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Trojan.Schoeberl.DRisk Level 1: Very Low
    SUMMARY TECHNICAL DETAILS REMOVAL Discovered: September 5, 2006
    Updated: September 5, 2006 02:17:59 PM GDT
    Type: Trojan Horse
    Infection Length: 16,384 bytes.
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    Trojan.Schoeberl.D is a Trojan horse that downloads and executes remote files on the compromised computer.
    http://www.symantec.com/home_homeoffice/security_response/writeup.jsp?docid=2006-090512-5620-99
     
  25. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

  26. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    VULNERABILITY ALERT:
    Microsoft Publisher remote code execution vulnerability
    RISK LEVEL: High


    On Wednesday, September 13, 2006 , the CA Security Advisory Team is issuing an alert regarding a high risk level vulnerability threat called Microsoft Publisher remote code execution vulnerability.

    For more information, including our remediation steps, please visit our detail page.

    http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34566
     
  27. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Microsoft Security Advisory (925444)
    Vulnerability in the Microsoft DirectAnimation Path ActiveX Control Could Allow Remote Code Execution
    Published: September 14, 2006


    Microsoft is investigating new public reports of vulnerability in Microsoft Internet Explorer on Windows 2000 Service Pack 4, on Windows XP Service Pack 1, and on Windows XP Service Pack 2. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. We are also aware of proof of concept code published publicly but we are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. We will continue to investigate these public reports.

    The ActiveX control is the Microsoft DirectAnimation Path ActiveX control, which is included in Daxctle.ocx.

    Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. A security update will be released through our monthly release process or an out-of-cycle security update will be provided, depending on customer needs.

    Mitigating Factors:

    • In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site.

    • An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    • The Restricted sites zone helps reduce attacks that could try to exploit this vulnerability by preventing Active Scripting from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, they could still be vulnerable to this issue through the Web-based attack scenario.

    By default, Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail messages in the Restricted sites zone. Additionally, Outlook 2000 opens HTML e-mail messages in the Restricted sites zone if the Outlook E-mail Security Update has been installed. Outlook Express 5.5 Service Pack 2 opens HTML e-mail messages in the Restricted sites zone if Microsoft Security Bulletin MS04-018 has been installed.

    • By default, Internet Explorer on Windows Server 2003 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability because ActiveX and Active Scripting are disabled by default.

    http://www.microsoft.com/technet/security/advisory/925444.mspx
     
  28. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Ubuntu Security Notice - Thunderbird vulnerabilities (USN-352-1)

    ===========================================================
    Ubuntu Security Notice USN-352-1 September 25, 2006
    mozilla-thunderbird vulnerabilities
    CVE-2006-4253, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566,
    CVE-2006-4567, CVE-2006-4570, CVE-2006-4571
    ===========================================================

    A security issue affects the following Ubuntu releases:

    Ubuntu 6.06 LTS

    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.

    The problem can be corrected by upgrading your system to the
    following package versions:

    Ubuntu 6.06 LTS:
    mozilla-thunderbird 1.5.0.7-0ubuntu0.6.06

    After a standard system upgrade you need to restart Thunderbird to
    effect the necessary changes.

    Details follow:

    Various flaws have been reported that allow an attacker to execute
    arbitrary code with user privileges by tricking the user into opening
    a malicious email containing JavaScript. Please note that JavaScript
    is disabled by default for emails, and it is not recommended to enable
    it. (CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4571)

    The NSS library did not sufficiently check the padding of PKCS #1 v1.5
    signatures if the exponent of the public key is 3 (which is widely
    used for CAs). This could be exploited to forge valid signatures
    without the need of the secret key. (CVE-2006-4340)

    http://www.net-security.org/advisory.php?id=6742
     
  29. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

  30. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Major Security Virus Warnings

    Microsoft Security Advisory (927892)
    Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
    Published: November 3, 2006


    Microsoft is investigating public reports of a vulnerability in the XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 on Windows. We are aware of limited attacks that are attempting to use the reported vulnerability.

    Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. Customers would need to visit an attacker’s Web site to be at risk. We will continue to investigate these public reports.

    Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. A security update will be released through our monthly release process or an out-of-cycle security update will be provided, depending on customer needs.

    Customers are encouraged to keep their anti-virus software up to date.

    Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources. For more information about Safe Browsing, visit the Trustworthy Computing Web site.

    We continue to encourage customers to follow our Protect Your PC guidance of enabling a firewall, applying software updates and installing antivirus software. Customers can learn more about these steps at the Protect Your PC Web site.

    Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside the U.S. should contact the national law enforcement agency in their country.

    Customers who believe they may have been affected by this issue can also contact Product Support Services. You can contact Product Support Services in the United States and Canada at no charge using the PC Safety line (1 866-PCSAFETY). Customers outside of the United States and Canada can locate the number for no-charge virus support by visiting the Microsoft Help and Support Web site.

    Mitigating Factors:

    • In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site.

    • An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    • The Restricted sites zone helps reduce attacks that could try to exploit this vulnerability by preventing Active Scripting from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, they could still be vulnerable to this issue through the Web-based attack scenario.

    By default, Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail messages in the Restricted sites zone. Additionally, Outlook 2000 opens HTML e-mail messages in the Restricted sites zone if the Outlook E-mail Security Update has been installed. Outlook Express 5.5 Service Pack 2 opens HTML e-mail messages in the Restricted sites zone if Microsoft Security Bulletin MS04-018 has been installed.

    • By default, Internet Explorer on Windows Server 2003 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability because ActiveX and Active Scripting are disabled by default.

    http://www.microsoft.com/technet/security/...ory/927892.mspx
     
  31. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin MS06-042
    Cumulative Security Update for Internet Explorer (918899)
    Published: August 8, 2006 | Updated: November 8, 2006


    Version: 3.1

    Summary
    Who should read this document: Customers who use Microsoft Windows

    Impact of Vulnerability: Remote Code Execution

    Maximum Severity Rating: Critical

    Recommendation: Customers should apply the update immediately.

    Security Update Replacement: This bulletin replaces several prior security updates. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

    Caveats: On September 12, 2006, this Security Bulletin and Internet Explorer 6 Service Pack 1, Internet Explorer 5.01 Service Pack 4, and Internet Explorer 6 for Microsoft Windows Server 2003 security updates were updated to address a vulnerability documented in the Vulnerability Details section as Long URL Buffer Overflow – CVE-2006-3873. Customers using these versions of Internet Explorer should apply the new update immediately.

    On August 24, 2006 this Security Bulletin and the Internet Explorer 6 Service Pack 1 security updates were updated to address an issue documented in Microsoft Knowledge Base Article 923762. This issue may lead to an additional buffer overrun condition only affecting Internet Explorer 6 Service Pack 1 customers that have applied the original version of that update released August 8th, 2006. The security issue is documented in the Vulnerability Details section as Long URL Buffer Overflow – CVE-2006-3869. Internet Explorer 6 Service Pack 1 Customers should apply the new update immediately.

    Microsoft Knowledge Base Article 918899 documents this and any other currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 918899.

    Tested Software and Security Update Download Locations:

    Affected Software:

    • Microsoft Windows 2000 Service Pack 4

    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

    • Microsoft Windows XP Professional x64 Edition

    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

    • Microsoft Windows Server 2003 x64 Edition


    Tested Microsoft Windows Components:

    Affected Components:

    • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 — Download the update

    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1 — Download the update

    • Internet Explorer 6 for Microsoft Windows XP Service Pack 2 — Download the update

    • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 — Download the update

    • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems — Download the update

    • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition — Download the update

    • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition — Download the update


    The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.

    Note The security updates for Microsoft Windows Server 2003, Windows Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows Server 2003 R2.

    http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx
     
  32. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Adobe Security Advisory: Potential vulnerabilities in Adobe Reader and Acrobat

    Summary

    Adobe is aware of a recently published report of potential vulnerabilities in Adobe Reader and Acrobat. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.

    Affected software versions

    Adobe Reader 7.0.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0.0 through 7.0.8 on the Windows platform when using Internet Explorer. Users of other browsers are not affected.
    Solution

    The Secure Software Engineering team is working with the Adobe Reader Engineering team on an update to Adobe Reader and Acrobat 7.0.8 that will resolve these issues, which is expected to be available in the near future. A security bulletin will be published on http://www.adobe.com/support/security as soon as that update is available.

    The upcoming version of Adobe Reader, which will not be vulnerable to this issue, is also expected to be available in the near future. Acrobat 8 is not affected by this issue. The vulnerability is in an ActiveX control used by Internet Explorer; users of other browsers are not affected. The following workaround will prevent these vulnerabilities from occurring in Adobe Reader 7.0.X on Windows using Internet Explorer:
    1. Exit Internet Explorer and Adobe Reader.
    2. Browse to <volume>:\Program Files\Adobe\Acrobat 7.0\ActiveX. Note: If you did not install Acrobat to the default location, browse to the location of your Acrobat 7.0 folder.
    3. Select AcroPDF.dll and delete it.
    NOTE: This workaround will prevent PDF documents from opening within an Internet Explorer window. After applying this workaround, clicking on PDF files within Internet Explorer will either open in a separate instance of Adobe Reader or the user will be prompted to download the file, which can then be opened in Adobe Reader. This workaround may disrupt some enterprise workflows and use of PDF forms.

    http://www.adobe.com/support/security/advi.../apsa06-02.html
     
  33. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (929433)
    Vulnerability in Microsoft Word Could Allow Remote Code Execution

    Microsoft is investigating a new report of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.

    In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.

    As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.

    Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

    http://www.microsoft.com/technet/security/advisory/929433.mspx
     
  34. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Windows Media Player ASX Playlist Remote Command Execution Vulnerability

    A vulnerability has been identified in Microsoft Windows Media Player, which could be exploited by remote attackers to compromise a vulnerable system or cause a denial of service. This flaw is due to a buffer overflow error in the Windows Media Playback/Authoring library (WMVCORE.DLL) when processing ASX Playlists containing an overly long "REF HREF" tag, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page.

    Affected Products
    Microsoft Windows Media Player 10
    Microsoft Windows Media Player 9

    Solutions
    Upgrade to Microsoft Windows Media Player 11 :
    http://www.microsoft.com/windows/windowsmedia/default.mspx

    http://www.frsirt.com/english/advisories/2006/4882
     
  35. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin Re-Releases
    Issued: December 19, 2006
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS06-078

    Bulletin Information:
    =====================

    * MS06-078

    - http://www.microsoft.com/technet/security/...n/ms06-078.mspx
    - Reason for Revision: Bulletin updated has been revised and
    re-released for the Korean only package on Microsoft Windows
    Media Runtime Format 7.1 and 9.0 Series Runtime on Windows
    2000 Service Pack 4 to address the issues identified in
    Microsoft Knowledge Base Article 923689. Additional clarity
    around file versions in the "I've installed the Windows Media
    Format Runtime security update. What version of Windows Media
    Format Runtime should I have installed?" in the "Frequently
    Asked Questions (FAQ) Related to this Security Update" section.
    - Originally posted: December 12, 2006
    - Updated: December 19, 2006
    - Bulletin Severity Rating: Critical
    - Version: 2.0
     
  36. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin MS06-078
    Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)
    Published: December 12, 2006 | Updated: December 27, 2006


    Version: 2.1

    Summary
    Who Should Read this Document: Customers who use Microsoft Windows Media Formats

    Impact of Vulnerability: Remote Code Execution

    Maximum Severity Rating: Critical

    Recommendation: Customers should apply the update immediately

    Security Update Replacement: None

    Caveats: None

    Tested Software and Security Update Download Locations:



    http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx
     
  37. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin MS06-012
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)
    Published: March 14, 2006 | Updated: December 27, 2006


    Version: 1.5

    Summary
    Who should read this document: Customers who use Microsoft Office

    Impact of Vulnerability: Remote Code Execution

    Maximum Severity Rating: Critical

    Recommendation: Customers should apply the update immediately.

    Security Update Replacement: This bulletin replaces several prior security updates. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

    Caveats: None

    Tested Software and Security Update Download Locations:

    http://www.microsoft.com/technet/security/bulletin/ms06-012.mspx
     
  38. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Apple Quicktime RTSP URL Handling Buffer Overflow Vulnerability

    Description:
    LMH has discovered a vulnerability in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.

    The vulnerability is caused due to a boundary error when handling RTSP URLs. This can be exploited to cause a stack-based buffer overflow via a specially crafted QTL file with an overly long (more than 256 bytes) "src" parameter (e.g. "rtsp://[any character]:[>256 bytes]").

    Successful exploitation allows execution of arbitrary code and requires that the user is e.g. tricked into opening a malicious QTL file or visiting a malicious web site.

    The vulnerability is confirmed in version 7.1.3.100 (Windows version) and reportedly affects both Microsoft Windows and Mac OS X versions.

    Solution:
    Do not open untrusted QTL files or visit untrusted web sites.

    Provided and/or discovered by:
    LMH

    http://secunia.com/advisories/23540/
     
  39. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    APSB07-01 - Update available for vulnerabilities in
    > versions 7.0.8 and earlier of Adobe Reader and Acrobat
    >
    > Originally posted: January 9, 2007
    >
    > Summary:

    > This Security Bulletin addresses several vulnerabilities,
    > including issues that have already been disclosed. An
    > update is available for a cross-site scripting (XSS)
    > vulnerability in versions 7.0.8 and earlier of Adobe Reader
    > and Acrobat that could allow remote attackers to inject
    > arbitrary JavaScript into a browser session. This
    > vulnerability, previously reported in APSA07-01 on January
    > 4, 2007, has been assigned a moderate severity rating. In
    > addition, critical vulnerabilities have been identified in
    > versions 7.0.8 and earlier of Adobe Reader and Acrobat that
    > could allow an attacker who successfully exploits these
    > vulnerabilities to take control of the affected system.
    >
    > Severity Rating:
    > Adobe categorizes this issue as critical:

    http://direct.adobe.com/r?xJcJqcTEJJHcEccPvTnn

    > Adobe recommends that users apply this update to their
    > installations. Learn more:
    http://direct.adobe.com/r?xJcJqcTEJJHWEccPvTTJ
     
  40. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin Re-Releases
    Issued: January 18, 2007
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS07-002

    Bulletin Information:
    =====================

    * MS07-002

    - http://www.microsoft.com/technet/security/...n/ms07-002.mspx
    - Reason for Revision: Bulletin has been revised and re-released
    for Microsoft Excel 2000 to address the issues identified in
    Microsoft Knowledge Base Article 931183.
    - Originally posted: January 9, 2007
    - Updated: January 18, 2007
    - Bulletin Severity Rating: Critical
    - Version: 2.0

    ********************************************************************
     
  41. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Malware designed to steal users' Windows Live Messenger password has been released onto the net. The password stealer was released for download via BitTorrent earlier this week by a hacker using the handle "Our Godfather".

    The malware comes in the form of an IMB download confirmed by anti-virus firm Sophos as containing a password-stealing Trojan horse. Victims would need to be tricked into downloading and executing the malware, which might be renamed in a bid to disguise its identity, in order for the exploit to work.

    http://www.theregister.co.uk/2007/01/23/msn_password_stealer/
     
  42. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (932553)
    Vulnerability in Microsoft Office Could Allow Remote Code Execution
    Published: February 2, 2007


    Microsoft is investigating new public reports of very limited Microsoft Excel “zero-day” attacks using a vulnerability in Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, and Microsoft Office 2004 for Mac

    In order for this attack to be carried out, a user must first open a malicious Office file attached to an e-mail or otherwise provided to them by an attacker.

    While we are currently only aware that Excel is the current attack vector, other Office applications are potentially vulnerable.

    As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability.

    Microsoft intends to actively share information with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks.

    Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.

    International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

    Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

    http://www.microsoft.com/technet/security/advisory/932553.mspx
     
  43. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

  44. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Mozilla Firefox Multiple Vulnerabilities

    Highly critical
    Impact: Security Bypass
    Cross Site Scripting
    Spoofing
    Exposure of sensitive information
    System access
    Where: From remote
    Solution Status: Vendor Patch


    Software: Mozilla Firefox 1.x
    Mozilla Firefox 2.0.x

    Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, gain knowledge of sensitive information, and potentially compromise a user's system.

    1) An error in the handling of the "locations.hostname" DOM property can be exploited to bypass certain security restrictions.

    For more information:
    SA24175

    2) An integer underflow error in the Network Security Services (NSS) code when processing SSLv2 server messages can be exploited to cause a heap-based buffer overflow via a certificate with a public key too small to encrypt the "Master Secret".

    Successful exploitation may allow execution of arbitrary code.

    NOTE: Support for SSLv2 is disabled in Firefox 2.x. This version is only vulnerable if user has modified hidden internal NSS settings to re-enable SSLv2 support.

    3) It is possible to conduct cross-site scripting attacks against sites containing a frame with a "data:" URI as source.

    Successful exploitation requires that a user is tricked into visiting a malicious website and opening a blocked popup.

    4) It is possible to open windows containing local files thereby stealing the contents when the full path of a locally saved file containing malicious script code is known. This can be exploited in combination with a flaw in the seeding of the pseudo-random number generator causing downloaded files to be saved to temporary files with a somewhat predictable name.

    Successful exploitation requires that a user is tricked into visiting a malicious website and opening a blocked popup.

    5) Browser UI elements like the host name and security indicators can be spoofed using a specially crafted custom cursor and manipulating the CSS3 hotspot property.

    6) It may be possible to gain knowledge of sensitive information from a website due to an error resulting in two web pages colliding in the disk cache thereby potentially appending part of one document to the other.

    Successful exploitation requires that a user is tricked into visiting a malicious website while visiting the target website.

    7) Various errors in the Mozilla parser when handling invalid trailing characters in HTML tag attribute names and during processing of UTF-7 content when child frames inherit the character set of its parent window can be exploited to conduct cross-site scripting attacks.

    8) A vulnerability in the Password Manager may be exploited to conduct phishing attacks.

    For more information:
    SA23046

    9) Multiple memory corruption errors exist in the layout engine, JavaScript engine, and in SVG. Some of these may be exploited to execute arbitrary code on a user's system.

    Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
    http://secunia.com/software_inspector/

    Solution:
    Update to version 2.0.0.2 or 1.5.0.10.
     
  45. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft just released a Windows Vista Patch.Update for Windows Vista for x64-based Systems (KB929451)

    A client computer that is running Windows Vista registers an old IP address when the GUID of a network adapter changes

    When the GUID of a network adapter changes on a client computer that is running Windows Vista, the computer registers an old IP address that was associated with the old GUID.

    The client computer also registers new IP addresses that are associated with the new GUID. However, because the client computer registers old IP addresses, another client computer may try to use the old IP address. If the old address is not valid, a connection failure may occur.

    Update for Windows Vista for x64-based Systems (KB929451)
    http://www.microsoft.com/downloads/...96-f715-48a5-9d92-974e97c74165&DisplayLang=en

    Update for Windows Vista (KB929451)
    http://www.microsoft.com/downloads/...31-41fd-40bd-8923-e542eb7a1b8a&DisplayLang=en
     
  46. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Apple QuickTime Multiple Vulnerabilities

    Secunia Advisory: SA24359
    Release Date: 2007-03-06

    Critical:
    Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch

    Software: Apple QuickTime 7.x

    CVE reference: CVE-2007-0711 (Secunia mirror)
    CVE-2007-0712 (Secunia mirror)
    CVE-2007-0713 (Secunia mirror)
    CVE-2007-0714 (Secunia mirror)
    CVE-2007-0715 (Secunia mirror)
    CVE-2007-0716 (Secunia mirror)
    CVE-2007-0717 (Secunia mirror)
    CVE-2007-0718 (Secunia mirror)

    Description:
    Some vulnerabilities have been reported in Apple QuickTime, which potentially can be exploited by malicious people to compromise a user's system.

    1) An integer overflow error exists in the handling of 3GP video files.

    NOTE: This does not affect QuickTime on Mac OS X.

    2) A boundary error in the handling of MIDI files can be exploited to cause a heap-based buffer overflow.

    3) A boundary error in the handling of QuickTime movie files can be exploited to cause a heap-based buffer overflow.

    4) An integer overflow exists in the processing of UDTA atom size values in movie files, which can be exploited to corrupt heap memory.

    5) A boundary error in the handling of PICT files can be exploited to cause a heap-based buffer overflow.

    6) A boundary error in the handling of QTIF files can be exploited to cause a stack-based buffer overflow.

    7) An integer overflow exists in the handling of QTIF files.

    8) An input validation error exists in the processing of QTIF files. This can be exploited to cause a heap corruption via a specially crafted QTIF file with the "Color Table ID" field set to "0".

    Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

    Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
    http://secunia.com/software_inspector/

    Solution:
    Update to version 7.1.5.

    Mac OS X:
    http://www.apple.com/quicktime/download/mac.html

    Windows:
    http://www.apple.com/quicktime/download/win.html
     
  47. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Gentoo Linux Security Advisory - SeaMonkey: Multiple vulnerabilities (GLSA 200703-08)


    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 200703-08
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    http://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: Normal
    Title: SeaMonkey: Multiple vulnerabilities
    Date: March 09, 2007
    Bugs: #165555
    ID: 200703-08

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been reported in SeaMonkey, some of which
    may allow user-assisted arbitrary remote code execution.

    Background
    ==========

    The SeaMonkey project is a community effort to deliver
    production-quality releases of code derived from the application
    formerly known as the 'Mozilla Application Suite'.

    Affected packages
    =================

    -------------------------------------------------------------------
    Package / Vulnerable / Unaffected
    -------------------------------------------------------------------
    1 www-client/seamonkey < 1.1.1 >= 1.1.1
    2 www-client/seamonkey-bin < 1.1.1 >= 1.1.1
    -------------------------------------------------------------------
    2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

    Description
    ===========

    Tom Ferris reported a heap-based buffer overflow involving wide SVG
    stroke widths that affects SeaMonkey. Various researchers reported some
    errors in the JavaScript engine potentially leading to memory
    corruption. SeaMonkey also contains minor vulnerabilities involving
    cache collision and unsafe pop-up restrictions, filtering or CSS
    rendering under certain conditions. All those vulnerabilities are the
    same as in GLSA 200703-04 affecting Mozilla Firefox.

    Impact
    ======

    An attacker could entice a user to view a specially crafted web page or
    to read a specially crafted email that will trigger one of the
    vulnerabilities, possibly leading to the execution of arbitrary code.
    It is also possible for an attacker to spoof the address bar, steal
    information through cache collision, bypass the local file protection
    mechanism with pop-ups, or perform cross-site scripting attacks,
    leading to the exposure of sensitive information, such as user
    credentials.

    Workaround
    ==========

    There is no known workaround at this time for all of these issues, but
    most of them can be avoided by disabling JavaScript. Note that the
    execution of JavaScript is disabled by default in the SeaMonkey email
    client, and enabling it is strongly discouraged.

    Resolution
    ==========

    Users upgrading to the following release of SeaMonkey should note that
    the corresponding Mozilla Firefox upgrade has been found to lose the
    saved passwords file in some cases. The saved passwords are encrypted
    and stored in the 'signons.txt' file of ~/.mozilla/ and we advise our
    users to save that file before performing the upgrade.

    All SeaMonkey users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.1"

    All SeaMonkey binary users should upgrade to the latest version:

    http://www.net-security.org/advisory.php?id=7287
     
  48. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    F-Secure have seen a new attack using an insecure feature of QuickTime called HREF Tracks. The sample Quicktime file will download & execute a spying JavaScript from a site.


    QUOTE
    The said script collects MySpace information from the user which includes username, friendID, MySpace display name, and other logins of the user and sends this information back to the tracking server - profileawareness.com

    http://www.f-secure.com/weblog/archives/archive-032007.html#00001144
     
  49. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Mozilla Releases Security Advisory to Address a Vulnerability in Client Products
    added March 21, 2007


    Mozilla has released Security Advisory 2007-11 to address a vulnerability in Firefox and SeaMonkey.

    US-CERT strongly encourages users to upgrade to Firefox 2.0.0.3 as soon as possible.

    http://www.us-cert.gov/current/current_activity.html#gozi


    Gozi Trojan Targets Microsoft Internet Explorer Vulnerabilities
    added March 22, 2007


    SecureWorks recently issued a report detailing their findings of a Russian Trojan program called Gozi that is responsible for stealing user account and password information from more than 5,200 hosts and 10,000 user accounts. The Trojan is reportedly spread via IE browser exploits and has primarily targeted infected home computers. To read the full report, visit SecureWorks.

    While new and sophisticated exploits can be difficult to defend against, US-CERT encourages users to take the following preventative measures to help mitigate browser-based security risks:
    Install anti-virus software, and keep its virus signature files up-to-date.
    Review the Securing Your Web Browser document.

    http://www.us-cert.gov/current/current_activity.html#gozi
     
  50. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Windows Vista Windows Mail Local File Execution Vulnerability

    Bugtraq ID: 23103
    Class: Design Error
    CVE:
    Remote: Yes
    Local: No
    Published: Mar 23 2007 12:00AM
    Updated: Mar 23 2007 09:13PM
    Credit: Kingcope is credited with the discovery of this issue.
    Vulnerable: Microsoft Windows Vista Ultimate
    Microsoft Windows Vista Home Premium
    Microsoft Windows Vista Home Basic
    Microsoft Windows Vista Enterprise
    Microsoft Windows Vista Business
    http://www.securityfocus.com/bid/23103/info
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds