Monster Trojan: 1.6M records stolen from Monster.com

Security: Threat Alert This newsletter is sponsored by Secure Computing Live Webinar: Securing up network access Learn how token-based, one-time password authentication systems can help enterprises reduce business risk, better comply with regulations, are easy to manage and most importantly keep networks secure. Tune in to this live webinar August, 29, at 2:00 p.m. ET. Click here for more details Network World's Security: Threat Alert Newsletter, 08/20/07 Monster Trojan: 1.6M records stolen from Monster.com By Jason Meserve Today's malware news: A Monster Trojan Yesterday, we analyzed a sample of a new Trojan, called Infostealer.Monstres, which was attempting to access the online recruitment Web site, Monster.com. It was also uploading data to a remote server. When we accessed this remote server, we found over 1.6 million entries with personal information belonging to several hundred thousand people. Symantec Security Response Weblog, 08/17/07. Network World Security Buyer's Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyer's Guide now. Also: Identity attack spreads; 1.6M records stolen from Monster.com Another kind reminder We have in the past repeatedly warned that free things on the internet do not always come cost free. And today, we have to make a kind reminder as we came across a new example. Symantec Security Response Weblog, 08/18/07. ********** Today's bug patches and security alerts: Thirteen new patches from Gentoo: BIND (cache poisoning) Wireshark (multiple flaws) Lighttpd (multiple flaws) MySQL (denial of service) Mozilla Firefox, Thunderbird et al (multiple flaws) SquirrelMail (multiple flaws, code execution) Xfce Terminal (code execution) Net::DNS (multiple flaws) GD (multiple flaws) ClamAV (denial of service) libarchive (denial of service, code execution) Xvid (array indexing flaw, code execution) Macromedia Flash Player (code execution) ********** Thirteen new updates from Mandriva: CUPS (integer overflow, code execution) tetex (multiple flaws) koffice (integer overflow, code execution) kdegraphics (integer overflow, code execution) poppler (integer overflow, code execution) pdftohtml (integer overflow, code execution) gPDF (integer overflow, code execution) xpdf (integer overflow, code execution) kdelibs (multiple flaws) imlib2 (multiple flaws) tcpdump (buffer overflow, code execution) xine-ui (format string, code execution) GD (multiple flaws) ********** Two new fixes from Ubuntu: Apache (multiple flaws) libvorbis (code execution) ********** From the interesting reading department: The summer of spam: record growth, record irritation There is 17% more spam heading for in-boxes today than there was yesterday, and spam watchers say it could get even worse before the summer is over. Network World, 08/16/07. Microsoft patches Patchguard, miss Purple Pill Microsoft has updated its 64-bit kernel protection for Windows Vista, which most of us know as PatchGuard, but which Microsoft calls Kernel Patch Protection. This is Microsoft's third PatchGuard update, in what has become a cat and mouse game between the software giant and security researchers. IDG News Service, 08/16/07. Study finds Internet rife with attack codes Even seemingly safe Web addresses are rife with attack code aiming at vulnerable clients, according to a new study from the Honeynet Project. The study also found that methods such as blacklists can be surprisingly successful in stopping client-side attacks. TechWorld, 08/16/07. Researcher: Google Gadgets can be misused by phishers The domain used to host small Google Gadget applications written by Web developers could be misused by phishers, a Web security researcher said Friday. IDG News Service, 08/17/07. Vista stricken by embarrassing gadget hole Security vendor Finjan has claimed the credit for spotting an embarrassing flaw in Windows Vista, which Microsoft only patched this week in its monthly updates. The exploit involves one of the most apparently innocent elements of Vista, namely the sidebar 'gadgets' whereby users load one from a selection of small utilities on to the desktop. TechWorld, 08/15/07. Colleges struggle with mandates to prohibit portable storage The needs of students and faculty have prevented universities from implementing mandates that prohibit the use of unapproved portable storage media, but those devices pose a real threat to institutional security. Computerworld, 08/17/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. The CD turns 25 and I'm getting old 2. Verizon turns another hose on fire flap 3. Google/Viacom lawsuit takes hilarious turn 4. 10 claims that scare security pros 5. Aruba puts the squeeze on Cisco 6. Skype outage disables millions of users 7. Vista stricken by embarrassing gadget hole 8. E-cards: I delete them all unopened. You? 9. Will Torvalds sue VMWare? 10. Microsoft's super bundle of security patches MOST-READ REVIEW: WAN acceleration offers huge payoff

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Secure Computing Live Webinar: Securing up network access Learn how token-based, one-time password authentication systems can help enterprises reduce business risk, better comply with regulations, are easy to manage and most importantly keep networks secure. Tune in to this live webinar August, 29, at 2:00 p.m. ET. Click here for more details ARCHIVE Archive of the Security: Threat Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007