CipherTrust launches new anti-spam portal

NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
09/01/05
Today's focus: CipherTrust launches new anti-spam portal

Dear security.world@gmail.com,

In this issue:

* Patches from Adobe, Symantec, Mandriva, others
* Malware may hide behind long names in Windows registry
* Zotob arrests point to cybercrime nexus
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Avocent
Network World Executive Guide: Reviewing Trends and Insights for
SMB Executives

Life is different for IT professionals at small and mid-sized
businesses, which don't have the luxury of hiring legions of
network experts. Read how network executives are keeping a firm
footing on an ever-shifting product landscape. Learn about
trends and insights surrounding VoIP and VPNs; plus get
commentaries from leading experts on storage strategies for
smaller businesses.
http://www.fattail.com/redir/redirect.asp?CID=111806
_______________________________________________________________
FREE NETWORK WORLD PRINT SUBSCRIPTIONS - SIGN UP NOW!

Security is one of the most pressing issues in all of IT, and
you need to stay on top of it. Network World delivers the
hottest security news. Network IT Executives depend upon Network
World for the information they need to keep their networks
secure! SUBSCRIBE TODAY AT:
http://www.fattail.com/redir/redirect.asp?CID=111750
_______________________________________________________________

Today's focus: CipherTrust launches new anti-spam portal

By Jason Meserve

CipherTrust launches new anti-spam portal

E-mail administrators looking for information on the sources of
spam and about their own company's perception in the e-mail
world now have a new free resource. CipherTrust, which makes
anti-spam, anti-virus and compliance e-mail gateways, will this
week launch its TrustedSource portal (
<http://www.trustedsource.org/> ), which aggregates data
collected from 4,000 sensors in 40 countries. Data includes
historical information on senders, patterns of e-mail sent from
specific sources down to the IP address level, and a map of spam
activity of a global level. The data behind TrustedSource is
also used by CipherTrust's appliances in the message accept or
reject decision-making process.

Today's bug patches and security alerts:

Malware may hide behind long names in Windows registry

Security experts have found a vulnerability in the Windows
operating system that could allow malware to lurk undetected in
long string names of the Windows Registry. IDG News Service,
08/30/05.
<http://www.networkworld.com/nlvirusbug6310>

Secunia advisory:
<http://secunia.com/advisories/16560/>
**********

Flaws revealed in Adobe Version Cue

Two new security vulnerabilities were revealed this week in
Adobe's Version Cue software, the second and third security
flaws discovered in the company's software in less than two
weeks, according to security consulting firm iDefense. IDG News
Service, 08/30/05.
<http://www.networkworld.com/news/2005/083005-adobe-flaw.html>

Adobe patch:
<http://www.adobe.com/support/security/main.html#vcuemac>

iDefense advisories:
<http://www.networkworld.com/go2/0829bug2d.html>
**********

Symantec patches flaw in AntiVirus 9 Corporate Edition

A design flaw in Symantec's AntiVirus 9 Corporate Edition could
be exploited by a local user to gain elevated privileges on the
affected machine. Symantec has released a fix for this issue.
For more, go to:
<http://www.networkworld.com/go2/0829bug2b.html>

iDefense advisory:
<http://www.networkworld.com/go2/0829bug2a.html>
**********

Mandriva, SuSE patch pcre

The Perl library libpcre (pcre) is vulnerable to an integer
overflow that could be exploited to run malicious applications
on the affected machine. For more, go to:

Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:151>

SuSE:
<http://www.networkworld.com/nlvirusbug6311>
**********

Gentoo, Mandriva fix lm_sensors

A flaw in the way one of the lm-sensors utilities creates
temporary files could be exploited in a symlink attack to run
malicious code on the affected machine, possibly under root
privileges. For more, go to:

Gentoo:
<http://security.gentoo.org/glsa/glsa-200508-19.xml>

Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:149>
**********

Mandriva patches bluez-utils

Bluez-utils, a tool for implementing the Bluetooth wireless
standard on Linux, is not properly validating input, which could
be exploited to run malicious commands on the affected machine.
For more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:150>

Mandriva releases fixes for python, gnumeric, php

Mandriva's implementations of python, gnumeric and php are
affected by the pcre integer overflow vulnerability noted above.
Fixes are available:

python:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:154>

gnumeric:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:153>

php:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:152>

Mandriva issues fix for vim

According to an alert from Mandriva, "A vulnerability was
discovered in the way that vim processed modelines. If a user
with modelines enabled opened a textfile with a specially
crafted modeline, arbitrary commands could be executed." For
more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:148>

Mandriva patches slocate

A bug in the way slocate handles very long path names could
result in incomplete database entries. For more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:147>

Mandriva releases patch for openvpn

A number of vulnerabilities have been found in openvpn for
Mandriva. All flaws could be exploited in denial-of-service
attacks against the affected server. For more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:145>
**********

Debian patches Kismet

A number of flaws have been found in Kismet, a wireless network
analyzer. The flaws could be exploited to run arbitrary code.
For more, go to:
<http://www.debian.org/security/2005/dsa-788>
**********

Today's roundup of virus alert:

Virus shipped on Creative MP3 players

F-Secure is reporting that MP3 player maker Creative
accidentally sent out 4,000 5G-byte Zen Neeon devices loaded
with the Wullik.B worm to consumers in Japan. Fortunately, the
user has to click on the malicious file to get infected.
<http://www.f-secure.com/weblog/#00000642>

Troj/Nethief-P -- A data logger that can be used to steal
information entered into Web forms and download/execute
additional code. It installs itself as "EXPLORER.exe" in the
Windows system ShellExt folder. (Sophos)

W32/Chode-G -- A worm that spreads through a link sent via AOL
Instant Messenger or MSN Messenger. When clicked, "csrss.exe"
will be installed in the Windows system folder. It can be access
via IRC and used for a number of malicious purposes. It also
disables access to security Web sites by modifying the Windows
HOSTS file. (Sophos)

Troj/Feutel-U -- A backdoor Trojan that drops "ftplanServer.exe"
in the Windows root directory. No word on how it exactly spreads
or what type of damage can be caused. (Sophos)

Troj/Dloader-TB -- A tool that monitors Internet usage on the
infected machine and may have the capability to download and
install additional code. It drops "wlan1934.sys" in the Windows
system "drivers" folder. (Sophos)

Troj/Dloader-SR -- Another Dloader variant that can be used to
download/execute malicious code from remote sites. (Sophos)

W32/Rbot-AMA -- This Rbot variant spreads through network
shares, exploiting a number of known Windows vulnerabilities. It
drops "updates.pif" in the Windows System folder and can allow
backdoor access via IRC. (Sophos)

Troj/Banker-FH -- A Trojan that attempts to steal login
information for certain banking Web sites. It installs itself as
"<System>\config\service.exe". (Sophos)

Troj/Fumilo-A -- No word on how this worm spreads, but its goal
is to block access to certain banking sites. (Sophos)

Troj/QQPass-U -- A password-stealing Trojan that drops
"runlli32.exe" in the Windows System directory. No word on how
it spreads between Windows machines. (Sophos)

Troj/Bancban-EW -- Another Trojan that targets data entered into
Internet banking sites. It also has the ability to download and
install additional code. It drops "imgst.scr" in the Windows
system directory. (Sophos)

W32/Forbot-FL -- A new Forbot variant that spreads through
network shares, exploiting the Windows LSASS vulnerability. It
drops "iexplore.exe" in the Windows system folder. (Sophos)

W32/Bobax-R -- This worm spreads via network shares (exploiting
the PnP vulnerability) and e-mail (with the subject line
"Cool"). It modifies the Windows HOSTS file to hamper access to
security related Web sites. (Sophos)
**********

From the interesting reading department:

Zotob arrests point to cybercrime nexus

The expanding investigation into last month's Zotob worm
outbreak is uncovering evidence of the growing nexus between
worm writers and gangs looking to profit from cybercrime,
according to security experts. Computerworld, 08/31/05.
<http://www.networkworld.com/nlvirusbug6312>

'Loverspy' program creator indicted, on the run

The creator of Loverspy, software used to surreptitiously
observe individuals' online activities, has been indicted for
allegedly violating federal computer privacy laws, local and
federal authorities announced Friday. IDG News Service,
08/29/05.
<http://www.networkworld.com/news/2005/082905-loverspy.html>

The top 5: Today's most-read stories

1. Google dives deeper into networking
<http://www.networkworld.com/nlvirusbug6313>

2. 2005 salary survey
<http://www.networkworld.com/nlvirusbug4048>

3. VoIP rollouts generate heat, power concerns
<http://www.networkworld.com/nlvirusbug6314>

4. Cisco aims to simplify switch mgmt.
<http://www.networkworld.com/nlvirusbug6315>

5. VoIP season about to heat up
<http://www.networkworld.com/nlvirusbug6316>

Today's most-forwarded story:

VoIP rollouts generate heat, power concerns
<http://www.networkworld.com/nlvirusbug6317>

_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>

Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Avocent
Network World Executive Guide: Reviewing Trends and Insights for
SMB Executives

Life is different for IT professionals at small and mid-sized
businesses, which don't have the luxury of hiring legions of
network experts. Read how network executives are keeping a firm
footing on an ever-shifting product landscape. Learn about
trends and insights surrounding VoIP and VPNs; plus get
commentaries from leading experts on storage strategies for
smaller businesses.
http://www.fattail.com/redir/redirect.asp?CID=111805
_______________________________________________________________
ARCHIVE LINKS

Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html

Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
VoIP

For the latest in VoIP, check out NW's Research Center on this
very topic. Here you will find a collection of the latest news,
reviews, product testing results and more all related to keeping
VoIP networks performing at their best. Click here for more:
<http://www.networkworld.com/topics/voip.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005