|
|
The latest variants of the MyTob worm attempt to trick email recipients into clicking on an embedded link to a malicious website. The emails appear to be legitimate warnings from an IT department or ISP about a problem that's been found with the recipient's email account.
Only Windows PCs are vulnerable to MyTob infection. For more details, see http://www.theregister.co.uk/2005/06/08/mytob_phishing_worm/
On June 8, Apple released 11 patches for vulnerabilities in OS X Panther 10.3 and OS X Tiger 10.4. The most serious of these could allow buffer overflow attacks and give hackers root access, enabling the execution of malicious code.
For more details, see http://www.macnewsworld.com/story/43717.html
A software bug first noted in March has begun biting systems running unpatched versions of Veritas Backup Exec Software.
The affected software triggers backups of data files on Windows servers in case of computer crashes or other emergencies. It is a critical component of many corporate and government computer systems. If left unpatched, systems running Veritas Backup Exec are vulnerable to hacker attacks that run malicious code.
The patches are available from Veritas' patch summary site at http://seer.support.veritas.com/docs/277429.htm
For more details, see
The initial release of Netscape 8.0 was marred within the first 24 hours by the discovery of a number of critical vulnerabilities. The company responded by releasing version 8.0.2, which fixes the problems.
For more details, see "Netscape fixes holes in 'security' browser" at http://www.zdnet.com.au/news/security/0,2000061744,39192767,00.htm
In early July, researchers at SEC Consult discovered a serious new flaw in Microsoft's Internet Explorer that can cause the browser to unexpectedly quit and execute malicious code.
Affected versions include IE 6.0 on Windows 2000 with Service Pack 1, 3 and 4, and on Windows XP with Service Pack 1 and 2. Microsoft recommends disabling the file Javaprxy.dll and refers users to its Workarounds section. For more details, see
In the first six months of 2005, nearly 8,000 new pieces of malware--a 60% increase over last year--were detected by the security company Sophos. The biggest growth was in Trojan horse viruses, cleverly disguised malware that spread via email attachments. For more details, see http://news.zdnet.com/2100-1009_22-5774841.html
A new Trojan known as Doomboot.A can disable Symbian Series 60 smartphones by launching a virus that drains phone batteries in less than an hour. Rebooting the phone can cause data loss. Security company F-Secure has published information on its website that aids users in disinfecting phones attacked by the Doomboot.A virus, known as CommWarrior.B. For more details on the virus, as well as how to disinfect an infected phone, see F-Secures' Doombat.A virus description page at http://www.f-secure.com/v-descs/doomboot_a.shtml
On June 24, Secunia security researchers reported highly critical flaws in RealOne Player, RealPlayer, Helix Player and Rhapsody that can be maliciously exploited to overwrite local files or to compromise a user's system.
Details and patches are available on the Secunia Advisory SA15806 web page at http://secunia.com/advisories/15806/