|
|
Microsoft | Viruses, worms | Symantec | Eudora for Windows | F-Secure | iTunes | Greasemonkey
By mid-year 2005 Microsoft will require customers to verify that their copy of Windows is legitimate before allowing them to download software patches. Verification will be mandatory in all countries for add-on features and operating system updates--including security patches! http://news.com.com/This+week+in+Windows/ 2100-1016_3-5554824.html
After taking a break in March to conduct further tests on its fixes, Microsoft announced more critical patches during its April 12 webcast. The new releases include patches for Microsoft Windows, Office, MSN Messenger, and Exchange. In addition, Microsoft released an updated version of its malicious software removal tool and two high priority non-security updates for Windows. Note that the malicious software removal tool will not be distributed via Software Update Services (SUS). For details, including links to Microsoft security tools and update services, see http://www.microsoft.com/technet/security/bulletin/advance.mspx
Kelvir.B Worm: The rapid spread of the Kelvir.B worm is posing a serious security threat to users of MSN, Microsoft's Internet messaging service. When message recipients click on a URL on a message reading "lol! see it! u'll like it!" the worm spreads to everyone else on their contact list. For details, see http://www.vnunet.com/news/1161784
Fatso.A Worm (aka Crog and Sumom): Like Kelvir.B, this worm spreads via MSN Messenger by including a booby-trapped URL in a message from "Sky Devil" that, when clicked, activates the virus. It also spreads as a file on eMule P2P (peer-to-peer) systems. This worm is spreading very rapidly in the wild, especially in the U.S. and South Korea. For details, see http://www.vnunet.com/news/1161781
To search for patches for Microsoft products, go to the Microsoft Download page at http://www.microsoft.com/downloads/search.aspx?opsysid=1&search=Keyword&value='security_patch'&displaylang=en
Security researchers suspect the authors of the Bagle, Zafi, and Netsky viruses are now collaborating on code that harvests email addresses from infected machines. Kaspersky Lab investigators warned that this signals a trend toward "the increasing criminalization of the Internet." See http://www.vnunet.com/news/1161786
F-Secure researchers are reporting that Instant Messaging (IM) worms are the new virus of choice for Internet criminals because they spread much more rapidly via IM than email. The security firm also noted that more than 50 percent of last year's largest viruses were "mobile malware" designed to defraud mobile phone users.* For details, see "IM viruses increase by 50 per cent a month" at http://www.vnunet.com/news/1162017
*Also see "Spam Hitting Mobile Phones Hard" at http://www.newsfactor.com/story.xhtml?story_id=30806
Protect yourself: To learn some basic steps for protecting yourself against IM worms, see Trevor Sehrer's article, "Threat of Instant Messenger Worms Grows" on page 13 of this issue.
In recent months, spam purporting to be from the FBI has been circulating in the wild. Subject headers typically are along the lines of "you visit illegal websites" and the message recipients are warned that their Internet use has been under surveillance. However, note that subject lines and message text are created randomly and can vary.
If you receive such email, be aware that it is in fact the vector for the W32.Sober-K-mm worm. The FBI encourages users receiving such emails to register a complaint at http://www.ic3.gov/ For details, see "FBI Alerts Public to Recent E-Mail Scheme" at http://www.fbi.gov/pressrel/pressrel05/022205.htm
Also see the ComputerWorld article, "New Sober worm moving fast…" at http://www.computerworld.com/securitytopics/security/virus/story/0,10801,99936,00.html
Protect yourself: Please ensure that your antivirus definitions are up to date. Also, if you never want to receive any sort of .zip file by email, you have the option of silently blocking those files from your Darkwing or Gladstone account by visiting http://password.uoregon.edu/husks/
Symantec has issued patches for two security flaws that could produce denial-of-service attacks on computers running its Norton AntiVirus software. The flaws, which are limited to versions of the software released for 2004 and 2005, were detected in the AutoProtect and SmartScan features of Norton AntiVirus. Symantec sent out automated fixes to its Automatic LiveUpdate service subscribers, and the patches are also available for download from Symantec's security response website at http://securityresponse.symantec.com/avcenter/download.html
For more details, see
Flaws in Symantec Enterprise Firewall and Enterprise Security Gateway appliance products leave the door open to DNS cache poisoning, whereby unsuspecting web surfers can be rerouted to websites hosting malware. Even if you applied Symantec's July 2004 fix to correct a similar problem, you should revisit the issue. For the full story, see http://www.theregister.co.uk/2005/03/08/dns_malware_attack/
A security update is available from Symantec at http://securityresponse.symantec.com/avcenter/download.html
Products ranging from consumer desktops to large corporate mail servers could be affected by a flaw in Symantec software that was reported in February. Product-specific hot fixes and updates are available through the Symantec Enterprise Support site at http://www.symantec.com/techsupp/
If you're a Windows user whose email program of choice is Eudora, be sure you've updated your version of Eudora to 6.2.1. Earlier versions are subject to attack by malicious code when a user opens or previews a specially crafted email. (Note that this vulnerability does not affect Mac users.) You may download the latest version of Eudora from http://www.eudora.com/products/
If you run F-Secure antivirus products, be sure you download the patch that fixes a critical flaw reported in February. The bug, which is related to the handling of ARJ archive files, could allow hackers to execute malicious code and cause a buffer overflow. The patch is available from F-Secure's website at http://www.f-secure.com/security/fsc-2005-1.shtml
For details, see the SearchSecurity.com article, "Critical flaw affects F-Secure products" at http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1056615,00.html
If you haven't kept up with your Apple updates, be aware that versions of iTunes prior to 4.7.1 are vulnerable to hacking. The problem stems from a boundary error in the iTunes playlists that could allow the execution of malicious code on your computer. The vulnerability has been rated "highly critical" by the Danish security watchdog firm Secunia. The solution is to update iTunes to version 4.7.1 See http://www.apple.com/support/downloads/itunes471.html