Security
Notifications
December 29,
2005 -- Critical Flaw Detected in Windows Metafile
A vulnerability has been discovered in Microsoft
Windows that allows hackers to remotely access PCs
and install malware through an imaging-handling technology
in the operating system.
Microsoft acknowledged
the release of exploit code that could allow an attacker
to execute arbitrary code when someone visits a Web
site that contains a specially crafted Windows Metafile
(WMF) image. Security authority Secunia labeled the
vulnerability "extremely critical." more
December 29,
2005 -- Microsoft Security Advisory (912840)
Microsoft is investigating new public reports
of a vulnerability in Windows. Microsoft is also aware
of the public release of detailed exploit code that
could be used to exploit this vulnerability. Based
on our investigation, this exploit code could allow
an attacker to execute arbitrary code on the user's
system by hosting a specially crafted Windows Metafile
(WMF) image on a malicious Web site. Microsoft is
aware that this vulnerability is being actively exploited.
more
November 30, 2005 -- Phishers trying to reel
in taxpayers
The e-mails, known as a "phishing"
scam in technology speak, exploit a loophole allegedly
built into the real IRS Web site, according to the
firm, but instead of getting money back from the government,
those biting on the scam could be giving away the
contents of their bank accounts. more
November 23, 2005 -- FBI warns of e-mail
scam
The users are told they have visited illegal Web sites
and are instructed to open an attachment to answer
questions. The FBI did not send these e-mails and
does not send any other unsolicited e-mails to the
public, an agency statement said. more
October 31, 2005 -- Security
Watch: Bird Flu Infects Microsoft Word
Opening strange documents may not get you
Bird Flu, but it can give your computer a nasty disease.
Get the diagnosis in the Top Threat section. Where
does all that spam come from? Some network providers
are more responsible than others. We name names and
give numbers in the Top Spam Networks section. more
September 26, 2005 -- Hackers shift focus
to financial gain
The prime objective for hackers and online
thieves has shifted from largely hitting major corporate
networks to gaining control of home desktops, both
to steal data and collect processing power. more
September 26, 2005 -- The Internet: What
lies ahead?
It's easy to laugh now. A recent Wired magazine
article on the Internet's "10 years that changed
the world" credits the statement to an ABC TV
executive in 1989. But even 10 years ago, it's likely
that many people shared that view. more
September
12, 2005 -- Katrina
Internet Charity Scams Try to Dupe Donors
Some Web Site Names Used in Frauds Were Registered
Even Before Hurricane Struck -- The
American Red Cross has asked the FBI to investigate
at least 15 fake Web sites that are designed to look
like legitimate Red Cross appeals for donations to Hurricane
Katrina relief efforts. more
August 24, 2005
-- Protecting your PC - 5 Tips
How seriously are you taking your own PC security?
If even the government and corporations can't keep themselves
from being hacked, how can we PC-users protect ourselves?
more
August
16, 2005 -- What You Should Know About Zotob
Zotob.A is a worm targeting Windows 2000–based
systems which takes advantage of a security issue that
was addressed by Microsoft Security Bulletin MS05-039.
This worm installs malicious software, and then looks
for other computers to infect.
Important
If you have installed the update released with Security
Bulletin MS05-039, you are already protected from Zotob.A.
If you are using any supported version of Windows other
than Windows 2000, you are not at risk from Zotob.A.
more
May
10, 2005 -- SP2 fixed two entire new
classes of Windows security flaw
Service Pack 2 (SP2) for Windows XP changed or eliminated
more than 400 significant features in the operating
system, also eliminating two previously undiscovered
classes of security flaws, Microsoft has revealed.
more
March
29, 2005 -- Spam Ain't Dead Yet
In the past few weeks, I have heard reports that spam
is finally dying. But to paraphrase Mark Twain, reports
of its death have been greatly exaggerated. The reality—at
least according to companies tracking and stopping/catching
spam for other major corporations and an unscientific
survey of my own readers—is that spam remains
a major problem for both companies and individuals.
more
January
26, 2005 -- Blocking and Beating Gator
SPYW_GATOR.C is usually bundled as an advertisement
component with other software, mainly through consent
by free applications. The installer file is named CMESYS.EXE.
It
downloads and installs other components of the Gator
application. It also displays popup advertisements as
well as analyzes system usage. It can also monitor all
the Web sites that a user visits and sends information
to Gain Company systems. Gator/GAIN can download and
execute arbitrary code from its controlling server,
which is used as an update feature of their program.
more
January
13, 2005 -- Panic Over Spyware
I'm chatting with the CEO of a spyware company and he
tells me that he knows for a fact that Dell support
lines have been getting 70,000 calls a week regarding
machine performance and anomalies. Dell has been referring
the callers to Web sites discussing spyware. It's spyware
causing the problems. I'm thinking to myself that if
Dell is getting 70,000 calls, then Microsoft must be
getting 700,000 calls, since the smart money would always
assume that it's a software problem. Whatever the call
volume, this situation with spyware is now officially
out of control. more
Viruses
December 27, 2005
W32.Feebs.B@mm is a mass-mailing worm that also spreads
through file-sharing networks and lowers security settings
on the compromised computer. The worm may also send
confidential information to a remote attacker via FTP.
more
December 20, 2005
W32.Dasher.B is a worm that exploits the Microsoft Windows
Distributed Transaction Coordinator Remote Exploit (as
described in Microsoft Security Bulletin MS05-051) on
TCP port 1025. more
December 15, 2005
SymbOS.Skulls.P is a Trojan horse that runs
on the Symbian OS, which is used as the operating system
for Nokia Series 60 cellular telephones, and disables
several applications on the compromised device.
It also drops SymbOS.Skulls.O to the compromised device.
The Trojan reportedly arrives as Nokia_Space_Cadet_Pinball.sis.
When the user clicks on the .sis file, the phone installer
will display a message to warn users that the application
may be coming from an untrusted source and may cause
potential problems. more
December 5, 2005
SymbOS.Pbstealer.B is a Trojan horse that runs
on the Symbian OS, which is used as the operating system
for Nokia Series 60 cellular telephones. The Trojan
sends the user's contact information database, Notepad,
and Calendar To Do list to other Bluetooth-enabled devices.
more
November
28, 2005
W32.Beagle.CQ@mm is a mass-mailing worm that uses its
own SMTP engine to send out copies of another threat,
Trojan.Lodear.D. The worm also opens a back door on
the compromised computer using TCP port 80 and lowers
security settings. more
November
21, 2005
W32.Sober.X@mm is a mass-mailing worm that uses its
own SMTP engine to spread. It sends itself as an email
attachment to addresses gathered from the compromised
computer. The email may be in either English or German.
more
November
14, 2005
Backdoor.Ryknos is a Trojan horse that attempts to utilize
the SecurityRisk.First4DRM security risk to hide itself
on the compromised computer. more
November
7, 2005
Linux.Plupii
is a worm with back door capabilities that spreads by
exploiting several Web server-related vulnerabilities.
more
October 31,
2005
W32.Rontokbro.K@mm is a mass-mailing worm that causes
system instability. The email arrives with a blank subject
line and an attachment of Kangen.exe. more
October 24, 2005
Bloodhound.Exploit.50 is a heuristic detection for the
Vulnerability in Plug and Play Could Allow Remote Code
Execution and Elevation of Privilege (as described in
Microsoft Security Bulletin MS05-039). more
October 17, 2005
W32.Spybot.YQW is a network-aware worm that opens a
back door on the compromised computer. more
October
10, 2005
W32.Toxbot.AL is a worm that opens an IRC back door
on the compromised computer and spreads by exploiting
vulnerabilities. more
October
4, 2005
W32.Rontokbro.B@mm is a mass-mailing worm that causes
system instability. more
September
26, 2005
W32.Erkez.F@mm is a mass-mailing worm that sends itself
to email addresses gathered from the compromised computer.
It attempts to disable antivirus and security processes.
more
September
19, 2005
W32.Lanieca.H@mm is a mass-mailing worm that uses its
own SMTP engine to send itself to addresses it gathers
from the compromised computer. The worm also logs keystrokes
and steals various passwords. more
September
12, 2005
Trojan.Tooso.M is a Trojan horse that lowers security
settings by ending processes, stopping services, removing
registry entries and deleting files. more
September
5, 2005
Backdoor.Graybird.P is a Trojan horse program that hides
its presence on the compromised computer and downloads
remote files. more
August
29, 2005
W32.Reatle.I@mm is a mass-mailing worm that downloads
remote files and lowers security settings. The worm
spreads by exploiting vulnerabilities, and may attempt
to download and execute a copy of W32.Spybot.Worm. more
August
22, 2005
W32.Zotob.E is a worm that opens a back door and exploits
the Microsoft Windows Plug and Play Buffer Overflow
Vulnerability (described in Microsoft Security Bulletin
MS05-039) on TCP port 445. more
August
15, 2005
W32.Zotob.B is a worm that spreads by exploiting the
Microsoft Windows Plug and Play Service Vulnerability,
as described in Microsoft Security Bulletin MS05-039.
W32.Zotob.B
can run on, but not infect, computers running Windows
95/98/Me/NT4. Although computers running these operating
systems cannot be infected, they can still be used to
infect vulnerable computers that thay can connect to.
Note:
Virus definitions version 70814p (extended version 8/14/2005
rev. 16) or higher are required to detect this risk.
more
August
8, 2005
W32.Chod.D is a worm with back door capabilities that
spreads via MSN Messenger. The worm also lowers security
settings and blocks access to several Web sites. more
August
1, 2005
W32.Bratle.A is a worm that attempts to propagate by
exploiting the Microsoft Windows LSASS Buffer Overrun
Vulnerability (as described in Microsoft Security Bulletin
MS04-011). It also opens a FTP server on the compromised
computer. more
July
25, 2005
Trojan.Desktophijack.C is a Trojan horse that modifies
the desktop settings on the compromised computer. more
July
18, 2005
W32.Looked.E is a worm that spreads through network
shares and attempts to infect .exe files. It also lowers
security settings and downloads and executes a remote
file. more
July
11, 2005
W32.Rants.A@mm is a mass-mailing worm that spreads using
Microsoft Outlook and America Online user interface.
It also lowers security settings by ending security-related
processes and by disabling several Windows security
features. more
July
5, 2005
W32.Bobax.AA is a mass-mailing worm that sends itself
to addresses gathered from the compromised computer
as well as from search results on Google and Accoona.
It also operates as a covert proxy. more
June
27, 2005
Trojan.Tooso.J is a Trojan horse that interferes with
the operation of security software by terminating processes,
stopping services, removing registry entries, and deleting
files. more
June
20, 2005
W32.Beagle.BT@mm is a mass-mailing worm that uses its
own SMTP engine to send out copies of a Trojan.Tooso
variant. The worm also opens a back door on the compromised
computer on TCP port 80. more
June
13, 2005
W32.Mytob.EE@mm is a mass-mailing worm that opens a
back door and lowers security settings on the compromised
computer. more
June
6, 2005
W32.Spybot.PKC is a network-aware worm that has distributed
denial of service and back door capabilities. The worm
spreads through network shares protected by weak passwords
and by exploiting vulnerabilities. more
May
31, 2005
W32.Kassbot.B is a network-aware worm that propagates
by exploiting the Microsoft Windows DCOM RPC Interface
Buffer Overrun Vulnerability (described in Microsoft
Security Bulletin MS03-026). more
May
23, 2005
W32.Picrate.C@mm is a mass-mailing worm that sends copies
of itself to instant messenger contacts and drops a
variant of the W32.Randex. more
May
16, 2005
Trojan.Jasbom is a Trojan horse that attempts to exploit
the Microsoft Internet Explorer ITS Protocol Zone Bypass
Vulnerability (as described in the Microsoft Security
Bulletin MS04-013). The Trojan logs keystrokes and sends
them to a Web site on the j4sb.com domain. more
May
9, 2005
W32.Ezio.A@mm is a mass-mailing worm that can spread
through file-sharing networks and prevents access to
security-related Web sites. more
May
2, 2005
W32.Banish.A@mm is a mass-mailing worm that also spreads
through the network by exploiting the Microsoft Windows
LSASS Buffer Overrun Vulnerability (as described in
Microsoft Security Bulletin MS04-011). more
April
26, 2005
W32.Antiman.A@mm is a mass-mailing worm that uses its
own SMTP engine to send a copy of itself to all email
addresses that it finds on the compromised computer.
more
April
18, 2005
W32.Picrate.B@mm is a worm that sends copies of itself
to instant messenger contacts and drops a variant of
W32.Spybot.Worm. more
April
11, 2005
W32.Mytob.AL@mm is a mass-mailing worm that uses its
own SMTP engine to send an email to addresses that it
gathers from the compromised computer.
The worm spreads by exploiting the DCOM RPC vulnerability
(described in Microsoft Security Bulletin MS03-026)
and the Microsoft Windows Local Security Authority Service
Remote Buffer Overflow (described in Microsoft Security
Bulletin MS04-011). more
April
4, 2005
W32.Chod.B@mm is a mass-mailing worm that also propagates
using MSN Messenger. The worm has back door capabilities
and can be controlled through IRC channels. It also
overwrites the Hosts file to block access to several
Web sites. more
March
24, 2005
X97M.Dropo is a Microsoft Excel macro virus that drops
two Trojan horse applications and infects all worksheets.
more
March
15, 2005
W32.Kelvir.G is a worm that spreads through MSN Messenger
and drops a variant of W32.Spybot.Worm. more
March
8, 2005
W32.Serflog.B is a worm that spreads through
file-sharing networks and MSN Messenger. The worm also
lowers security settings. The worm arrives via an MSN
Messenger window with a blank message. more
February
27, 2005
W32.Holcas.A@mm is a mass-mailing worm that uses MAPI
commands to send itself to all addresses found in the
Microsoft Outlook Address book. It also attempts to
send itself via IRC. more
February
22, 2005
WASHINGTON (CNN) -- Don't open those e-mail attachments
that appear to be from the FBI. They might contain a
computer virus.
The FBI late Tuesday warned computer users that scam
artists pretending to be FBI agents are at work spreading
the computer virus. more
February
18, 2005
W32.Kipis.L@mm is a mass-mailing worm that lowers security
settings, opens a back door on the compromised computer
and exploits the Microsoft Internet Explorer ITS Protocol
Zone Bypass Vulnerability (BID 9658). more
February
13, 2005
W32.Aimdes.A@mm is a simple worm that propagates via
AOL Instant Messenger and email. more
February
4, 2005
W32.Dopbot is a worm that has distributed denial of
service and back door capabilities. The worm spreads
by exploiting the Microsoft Windows DCOM RPC Interface
Buffer Overrun Vulnerability (described in Microsoft
Security Bulletin MS03-026). more
January
31, 2005
VBS.Gormlez@mm is a mass-mailing worm that sends a copy
of itself to all email addresses in the Windows Address
Book and attempts to spread through file-sharing networks.
The worm deletes files with a .dll, .vbs, .exe, or .wsh
extension. more
January
23, 2005
W32.Nodmin@mm is a mass-mailing worm that alters computer
settings and spreads via file sharing networks. The
worm also attempts to lower security settings by terminating
and disabling various anti-virus and security related
programs. more
January
18, 2005
VBS.Rowam.A is a Trojan horse that attempts to delete
files and perform various nuisance actions, including
sending email to all addresses in the Microsoft Outlook
address book. The email is not a method of propagation.
more
January
11, 2005
Backdoor.Sdbot.AJ is a network-aware worm with back
door capabilities that spreads via network shares and
allows a remote attacker to gain unauthorized access
to the compromised computer. more
