NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
06/20/05
Today's focus: Norton Internet Security and HTTPS problem
Dear security.world@gmail.com,
In this issue:
* Patches from Gentoo, OpenPKG
* Trojan e-mails suggest trend toward targeted attacks
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by DuPont
Reduce Fire Safety Risk in Your Network!
Concerns are rising about the growing number of combustible
cables present in buildings required to service the
ever-increasing demands of IT networks. More workstations are
taxing the infrastructure. These concerns are the thrust behind
new "limited combustible" cables that reduce fire safety risk.
Click here for news, a free demo CD and more. Visit DuPont's
Cabling center today!
http://www.fattail.com/redir/redirect.asp?CID=107021
_______________________________________________________________
NW'S RESEARCH CENTER ON SPAM
Go to NW's Research Center on spam and find our in-depth review
of 16 anti-spam products, our spam calculator to determine how
much spam is costing your enterprise each year, the latest spam
news, advice on how to fight spam and more. For the latest on
spam click here:
http://www.fattail.com/redir/redirect.asp?CID=106889
_______________________________________________________________
Today's focus: Norton Internet Security and HTTPS problem
By Jason Meserve
Last week (
<http://www.networkworld.com/newsletters/bug/2005/0613bug2.html>
) we mentioned that a reader was having a potential problem with
Symantec's Norton Internet Security suite and the way it
interacted with HTTPS sites. Some sites were rendered
inaccessible, including Amazon.com, unless Norton was completely
shut down. We asked you for suggestions and the responses flowed
in:
* Reader G. Peterson says he's encountered the similar problems
with some of his client's PCs, to the point he couldn't even
reach the Symantec Web site to download the fix as recommended
by the company's tech support staff. Peterson writes, "Symantec
corporate support could not resolve the problem. Hey guys, you
need both the canoe and a paddle when you go up a creek."
* Reader P. McConnell dumped the Symantec suite all together,
going with a "best of breed" approach, including Kerio firewall
and Avast anti-virus.
* Chris wrote in saying a neighbor was running into a similar
sounding problem in the past week or so. The good news: The most
recent Symantec update seemed to have fixed the problem.
Hopefully Chris is right and Symantec has fixed the problem.
Today's bug patches and security alerts:
Gentoo patches libextractor
Libextractor, a code library used for extracting meta data from
files, is vulnerable to a number of buffer overflows. An
attacker could exploit this to run malicious code on the
affected machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200506-06.xml>
Gentoo issues fix for LutelWall
LutelWall, a firewall configuration tool, is vulnerable to
symlink attacks. A malicious user could exploit this to
overwrite files on the affected machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200506-10.xml>
Gentoo releases patch for Ettercap
Ettercap, a suite of tools that could be used for network
monitoring, contains a format string vulnerability. It could be
exploited to run malicious application on the affected machine.
For more, go to:
<http://security.gentoo.org/glsa/glsa-200506-07.xml>
**********
OpenPKG patches bzip2
A race condition in bzip2, a file compressor and decompressor,
could be exploited by an attacker to change permissions of a
file being decompressed. For more, go to:
<http://www.openpkg.org/security/OpenPKG-SA-2005.008-bzip2.html>
OpenPKG releases update for cvs
A denial-of-service vulnerability has been found and fixed in
cvs, a version control system. For more, go to:
<http://www.networkworld.com/nlvirusbug2681>
OpenPKG patches gzip
Two vulnerabilities in gzip, an open source
compression/decompression utility, could be exploited by an
attacker to overwrite arbitrary files on the affected machine.
For more, go to:
<http://www.openpkg.org/security/OpenPKG-SA-2005.009-gzip.html>
**********
Today's roundup of virus alerts:
Trojan e-mails suggest trend toward targeted attacks
A report on Trojan e-mail attacks against critical
infrastructure systems in the U.K. highlights an emerging trend
away from mass-mailing worms and viruses to far more targeted
ones, analysts said. The U.K.'s National Infrastructure Security
Co-Ordination Center Thursday released a report disclosing that
more than 300 government departments and businesses were
targeted by a continuing series of e-mail attacks designed to
covertly gather sensitive and economically valuable.
Computerworld, 06/17/05.
<http://www.networkworld.com/news/2005/061705-trojan.html?nl>
W32/Rbot-AGA - An Rbot network worm variant that spreads by
exploiting a number of known Windows vulnerabilities. It
installs itself as "taskemngr.exe" and can be used for a number
of malicious purposes, including providing backdoor access via
IRC. (Sophos)
W32/Rbot-AFP - This Rbot variant installs itself as
"wintnask32.exe" after spreading through a network share. It too
can provide backdoor access via IRC. (Sophos)
W32/Sdbot-ZH - This bot too spreads through network shares,
exploitiung a number of known Windows flaws. It drops
"SP00ISS.exe" on the infected machine and can be used to run
arbitrary files on the infected machine. (Sophos)
W32/Sdbot-ZM - Another Sdbot variant. This version uses
"nawdll32.exe" as its infection point. It too can be used to
steal passwords and other local system information. (Sophos)
Troj/Istbar-BE - A Trojan download that attempts to grab code
from a pre-configured Web site. It enters "BandRest" in the
system registry. (Sophos)
Troj/Banker-DV - A password stealing Trojan that targets
Brazilian banking Web sites. It drops "winlogin.exe" in the
infected machine's Windows System folder. (Sophos)
W32/Codbot-L - An IRC backdoor worm that spreads by exploiting
the Windows RPC-DCOM vulnerability. This variant drops
"rpcclient.exe" on the infected machine. It can be used to steal
passwords and download additional code. (Sophos)
Troj/Spyre-E - A Trojan that drops "hookdump.exe" on the
infected machine and displays a message claiming the user's
system is infected. It attempts to direct the user to a remote
Web site. (Sophos)
W32/Mytob-BL - A new Mytob variant that spreads through e-mail
and network shares. It drops "h3.exe" on the infected machine
and modifies the Windows HOSTS file to limit access to security
related Web sites. (Sophos)
Troj/Chum-C - A Trojan that provides backdoor access through
IRC. It drops "iexpIore.exe" on the infected machine. (Sophos)
Troj/Subzero-B - Another Trojan that tries to connect to a
remote server via HTTP. It installs itself as "svhosts.exe" in
the Windows System folder. (Sophos)
Dial/DialCar-I - A dialer application that tries to connect to
remote sites. It installs as "MAPPE.EXE" in the Windows folder.
(Sophos)
_______________________________________________________________
To contact: Jason Meserve
Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by DuPont
Reduce Fire Safety Risk in Your Network!
Concerns are rising about the growing number of combustible
cables present in buildings required to service the
ever-increasing demands of IT networks. More workstations are
taxing the infrastructure. These concerns are the thrust behind
new "limited combustible" cables that reduce fire safety risk.
Click here for news, a free demo CD and more. Visit DuPont's
Cabling center today!
http://www.fattail.com/redir/redirect.asp?CID=107020
_______________________________________________________________
ARCHIVE LINKS
Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html
Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
CALL FOR ENTRIES: 2005 ENTERPRISE ALL-STAR AWARDS
Network World is looking for entries for its inaugural
Enterprise All-Star Awards program. The Enterprise All-Star
Awards will honor user organizations that demonstrate
exceptional use of network technology to further business
objectives. Network World will honor dozens of user
organizations from a wide variety of industries, based on a
technology category. Deadline: July 8. Enter today:
<http://www.networkworld.com/survey/easform.html?net>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment