First Patch Tuesday exploit published

Security: Threat Alert This newsletter is sponsored by Secure Computing Live Webinar: Securing up network access Learn how token-based, one-time password authentication systems can help enterprises reduce business risk, better comply with regulations, are easy to manage and most importantly keep networks secure. Tune in to this live webinar August, 29, at 2:00 p.m. ET. Click here for more details Network World's Security: Threat Alert Newsletter, 08/23/07 First Patch Tuesday exploit published By Jason Meserve Today's bug patches and security alerts: First exploit appears for Patch Tuesday vulnerability A security researcher has published the first exploit against one of the 14 vulnerabilities patched last week by Microsoft, security company Symantec has warned customers. In a posting to the Full Disclosures security mailing list, Alla Bezroutchko, a senior security engineer at Brussels-based Scanit NV/SA, spelled out JavaScript code that crashes Internet Explorer 6.0 on Windows 2000 and Windows XP Service Pack 2. Bezroutchko's proof of concept exploits the critical bug in XML Core Services that was patched by MS07-042. Computerworld, 08/20/07. Network World Security Buyer's Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyer's Guide now. ********** Two new updates from Gentoo: NVIDIA drivers (denial of service) Apache mod_jk (directory traversal) ********** Four new patches from Mandriva: GDM (code execution) vim (format string, code execution) libvorbis (denial of service, code execution) rsync (buffer overflow) ********** Two new fixes from Debian: KOffice (integer overflow, code execution) Linux 2.6 (multiple flaws) ********** Today's malware news: Storm worm spam nearly doubles in volume Account confirmation spam is the latest spammer trick, asking recipients to confirm their account information with a bogus organization by logging into a Web site that is infected with the Storm Trojan malware. This latest technique is catching on: Account confirmation spam has grown in volume from 18% of all spam on Tuesday to 35% Wednesday. NetworkWorld.com, 08/22/07. New Storm Front Moving In Ever since the first Trojan.Peacomm, samples literally blew in from nowhere back in January 2007. Since then, the gang responsible have been constantly evolving their Trojan with new features, new packers, and new techniques for spreading it. The thing that can be noted about the Peacomm gang is that they are very much adept at the art of social engineering. Symantec Security Response Weblog, 08/21/07. Zhelatin/Storm changes yet again A few times over the last week we've posted on how the e-mails used by the Zhelatin/Storm gang have changed, so we weren't too surprised to see them change once again. This time though, they look very different as they talk about "you" having signed up for different services such as MP3 World or Internet Dating. F-Secure Antivirus Research Weblog, 08/21/07. Yo Momma! It's the universal come back. No matter what insult is thrown your way, you can always escape just by saying "your momma" *. So I had to laugh when we received a variant of an MSN worm that entices would be victims with "lol, your mom just sent me this picture?" Even funnier was the fact that the bot operator infected himself with his own worm. Symantec Security Response Weblog, 08/20/07. ********** From the interesting reading department: China charges four in Panda worm outbreak Four men were charged yesterday in a Chinese court for creating and selling the worm that went by names such as "Fujacks" and "Panda Burning Joss Sticks," according to the Changjiang Times. Computerworld, 08/22/07. Lawsuit filed on behalf of consumers in data breach case A California law firm has filed a class-action lawsuit against Fidelity National Information Services (FIS) and one of its subsidiaries over an incident involving the potential compromise of personal data belonging to 8.5 million consumers. Computerworld, 08/20/07. Monster.com identity attack may claim more victims The 46,000 people reportedly infected by ads on job sites may be only a fraction of the victims of an ambitious, multistage attack that has stolen data belonging to several hundred thousand people who posted resumes on Monster.com, a researcher said this weekend. Computerworld, 08/20/07. Worried companies block Facebook The security backlash against Facebook has taken a new twist with a survey finding that large numbers of employees are now being blocked from accessing it. TechWorld, 08/21/07. Stock Scam Highlights Growing Spam Threat A company in Florida that operates convenience stores and wireless technology retail outlets was hit this month by a massive "pump-and-dump" scam, in which fraudsters used spam e-mail messages to drive up its stock price so they could then sell shares at a profit. Scams such as the one directed at people who own stock in Fort Lauderdale, Fla.-based Prime Time Group Inc. now account for a significant percentage of all junk e-mail, according to security software vendor Sophos. Computerworld, 08/20/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Gunplay blamed for Internet slowdown 2. Microsoft-Cisco collaborative lovefest over? 3. 1.6M records stolen from Monster.com 4. U.S. kills controversial anti-terror database 5. TiVo's disaster recovery plan 6. 10 virtualization companies to watch 7. Monster.com identity attack may continue 8. Google Earth gets starry-eyed 9. Survey: Cisco has the knack for NAC 10. Top 10 'networkiest' eBay oddities MOST E-EMAILED STORY: 1.6M records stolen from Monster.com

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Secure Computing Live Webinar: Securing up network access Learn how token-based, one-time password authentication systems can help enterprises reduce business risk, better comply with regulations, are easy to manage and most importantly keep networks secure. Tune in to this live webinar August, 29, at 2:00 p.m. ET. Click here for more details ARCHIVE Archive of the Security: Threat Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007