New worm targets Harry Potter fans

Virus and Bug Patch Alert This newsletter is sponsored by SilverPeak 4 Steps to Improve Application Acceleration Join Mark Fabbi, Gartner Vice President and Distinguished Analyst, as he discusses the four critical actions you must take to meet your application acceleration goals. Plus, how to choose the best WAN optimization solution and build a scalable architecture. Network World's Virus and Bug Patch Alert Newsletter, 07/02/07 New worm targets Harry Potter fans By Jason Meserve Today's bug patches and security alerts: HP warns of Xsever DoS HP is warning HP-UX users running Xserver about a denial-of-service vulnerability that can be exploited by a local user. A patch is available to fix the flaw. Network World Security Buyer's Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyer's Guide now. ********** More Kerbos 5 updates available As we reported last week, multiple flaws were found in MIT's Kerberos 5 authentication system. More vendors have come out with patches over the weekend: Trustix Debian ********** RealPlayer, Helix Player vulnerable to attack Users are being advised to upgrade to newer versions of the RealPlayer and Helix Player multimedia products because of a critical security flaw. The flaw could allow an attacker to gain control over a user's PC using a buffer-overflow vulnerability, a memory problem that can allow unauthorized code to run on a machine, according to iDefense Inc. IDG News Service, 06/28/07. iDefense advisory ********** Three new updates from rPath: Fetchmail (password disclosure) Emacs (denial of service) httpd mod_ssl (denial of service) ********** Three new patches from Debian: Wireshark (multiple flaws) hiki (input sanitization, file deletion) Evolution (multiple flaws) ********** Today's malware news: Harry Potter worm says he is dead Always ready to hitch their creations to current pop-culture events, malware writers have developed a new worm just in time for the release of the latest "Harry Potter" movie and novel. The worm, called W32/Hairy-A, automatically infects a PC when users attach USB drives, according to researchers at security vendor Sophos. Network World, 06/29/07. Sophos advisory You’ve Got Postcard Malware If you don’t have an email address, or if you have a great spam filtering engine, you may not be among us throngs who have been flooded with spam linking to a “postcard from a family member”. Arbor Networks' Security to the Core Blog, 06/29/07. MySpace again under phishing attack Phishers have been using compromised MySpace.com accounts to attack unsuspecting Web surfers, security experts said Thursday. The attack is thought to have infected several thousand PCs according to reports from ISPs, said Johannes Ullrich, chief research officer for the SANS Institute. Ullrich has documented the issue on the SANS Internet Storm Center blog. Internet Storm Center advisory DNS Botnet Phun A recent proof of concept back door Trojan (Backdoor.Fonamebot) that we have examined here in Symantec has perhaps pointed the way forward for the transmission of data between zombies and the bot herder. What we have seen is a new kind of back door that sends and receives its data through the DNS protocol. Symantec Security Response blog, 06/29/07. Spam from the Kernel: Full-Kernel Malware Installed by MPack In the past few weeks, we have observed many Web sites that have been compromised to distribute browser exploits with the MPack kit. We’ve tracked many different MPack sources created with the intent of distributing different types of malicious codes. So far we’ve seen the following malware samples installed while surfing sites compromised by Mpack: Trojan.Anserin, Trojan.Linkoptimizer.B, Backdoor.IRC.Bot, Infostealer.Ldpinch, and Trojan.Srizbi. Symantec Security Response blog, 06/29/07. ********** From the interesting reading department: IOS vulnerability in detail Technocrat is alerting Cisco users to a paper available at milw0rm.com that goes into detail about the IOS vulnerability that made Michael Lynn a controversial figure at Black Hat in 2005. Cisco Subnet, 06/29/07. With iPhone launch, a hacker's to-do list When Apple introduced the latest version of its Safari browser two weeks ago, it took the hacking community just hours to start reporting bugs in the beta code. On Friday, the iPhone is likely to get even closer scrutiny from many of the same security researchers. Here's a list of the top items on the typical iPhone hacker's to-do list. IDG News Service, 06/29/07. Hackers don't time exploits for maximum impact, researcher says The idea that cybercriminals stockpile exploits, then time their release to do the most damage gives them too much credit, a security researcher said today. Computerworld, 06/29/07. Microsoft U.K. domain succumbs to SQL injection attack A hacker successfully attacked a Web page within Microsoft's U.K. domain on Wednesday, resulting in the display of a photograph of a child waving the flag of Saudi Arabia. IDG News Service, 06/29/07. Opinion: Stalker terrorizes family via cell phone? The Kuykendall family in Fircrest, Wash., claims that a hacker has been stalking them for four months through their camera phones, using the microphones in the phones to listen to them and the cameras to watch. They say that even when they turn off the phones, the hacker can turn them back on. Computerworld, 06/29/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Withdrawn Black Hat paper hints at security flaws 2. 3Com to spin out TippingPoint 3. Gartner to IT: Avoid Apple's iPhone 4. Lawyers show how to avoid hiring an American 5. The $2.3M home lab of Quadruple CCIE 6. The most-hyped tech products of all time 7. CIOs leery of iPhone 8. Giving an interview gets a guy fired 9. Parallel system 100X faster than PCs 10. Microsoft security group on 'worst jobs' list MOST-DOWNLOADED PODCAST: Network World 360: Operation Bot Roast, search engine roulette and more

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by SilverPeak 4 Steps to Improve Application Acceleration Join Mark Fabbi, Gartner Vice President and Distinguished Analyst, as he discusses the four critical actions you must take to meet your application acceleration goals. Plus, how to choose the best WAN optimization solution and build a scalable architecture. ARCHIVE Archive of the Virus and Bug Patch Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007