July's Patch Tuesday on tap

Virus and Bug Patch Alert This newsletter is sponsored by Arsenal Digital Solutions Solving the Distributed Data Protection Problem Hackers, disgruntled and careless employees, equipment failure, broken pipes, fires, and natural disasters all pose threats to your data. Savvy IT and business managers have recognized that in order to deal with these challenges, they need to deploy a company-wide data protection infrastructure. Click here to read this whitepaper today! Network World's Virus and Bug Patch Alert Newsletter, 07/09/07 July's Patch Tuesday on tap By Jason Meserve Today's bug patches and security alerts: Microsoft to release six security updates next week Microsoft will release six groups of security patches next week, including three critical updates for Windows and Excel users. The critical updates will fix bugs in many different versions of Microsoft's products including the latest versions of Excel, Windows XP, Vista and Windows Server 2003, Microsoft said Thursday in a note on its Web site. IDG News Service, 07/05/07. Network World Security Buyer's Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyer's Guide now. Microsoft advance advisory ********** Two new updates from Ubuntu: MadWifi (multiple flaws) Gimp (buffer overflow, code execution) ********** Three new patches from Debian: gfax (non-secure temp files, privilege escalation) PHP5 (multiple flaws) PHP4 (multiple flaws) ********** Five new fixes from Mandriva: Apache for Corporate 3.0 (multiple flaws) Apache for Multi Network Firewall 2.0 (multiple flaws) Apache for Corporate 4.0 (multiple flaws) MySQL (multiple flaws) kdebase/Flash plug-in (information leak) ********** Today's malware news: Talking Trojan says 'bye bye' to victims' data A newly identified malicious program not only messes up its victims' computers, it taunts them too. The program, called the BotVoice.A Trojan was first spotted by security vendor Panda Software last week. It is a Trojan horse program, which the victim must download first. But once installed, it gets nasty. IDG News Service, 07/05/07. Mpack installs ultra-invisible Trojan The notorious Mpack hacker tool kit is installing malware that carries out all its chores -- including spewing spam -- from within the Windows kernel, making it extremely difficult for some security software to detect, Symantec said today. Computerworld, 07/05/07. ********** From the interesting reading department: Credit card thieves donate to charity Symantec says it has noticed an increase in the use of stolen credit cards to make charitable contributions as a way to check out whether card numbers are legitimate before the thieves attempt to sell them or make large purchases with them. Network World, 07/06/07. Symantec Security Response blog: Scammers make friends with charities Attack of the killer bots If malware were insects, botnets would be termites -- they burrow in behind the walls of your security perimeter, lie dormant for a period of time, then attack. Network World, 07/06/07. How big is the botnet problem? Watchdog organization Shadowserver Foundation calls it "gigantic." Network World, 07/06/07. Six ways to fight back against botnets Botnets are a growing threat, but there are six steps that security professionals can take to fight back. Network World, 07/06/07. E-mail worms rarer in 2007, says vendor E-mail worms, not long ago the scourge of the Internet, have declined sharply in 2007, a security company has revealed. TechWorld, 07/05/07. Gov't report: Data breaches don't often result in ID theft Most large data breaches don't appear to lead to identity theft, and proposals that would require companies to notify customers of most breaches may lead to increased costs without significant benefits, says a report from a U.S. government agency released Thursday. IDG News Service, 07/05/07. Security company launches eBay for bugs Psst. Want to buy a zero-day? A Swiss startup called WabiSabiLabi has some for sale, but to qualified buyers only. IDG News Service, 07/05/07. Mozilla security guru backs industry confab While stopping short of volunteering to host the event, Mozilla chief security official Window Snyder said that it could prove helpful for the open-source community to meet at its own conference to debate secure coding, vulnerability reporting, and product patching issues. Computerworld, 07/05/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. The mainframe lives! 2. Microsoft to release six security updates 3. Six burning VoIP questions 4. Talking Trojan says 'bye-bye' to victims' data 5. Beijing scores No. 1 spot for malware 6. 15 great, free security programs 7. The $2.3M home lab of Quadruple CCIE 8. Is securing your network worth the money? 9. iPhone launches and AT&T EDGE goes down 10. Security company launches eBay for bugs MOST READ REVIEW: Using Microsoft's OCS as a unified messaging platform

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Arsenal Digital Solutions Solving the Distributed Data Protection Problem Hackers, disgruntled and careless employees, equipment failure, broken pipes, fires, and natural disasters all pose threats to your data. Savvy IT and business managers have recognized that in order to deal with these challenges, they need to deploy a company-wide data protection infrastructure. Click here to read this whitepaper today! ARCHIVE Archive of the Virus and Bug Patch Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007