RSA: Microsoft on 'rootkits': Be afraid. Be very afraid.

Microsoft security researchers are warning about a new generation of powerful system monitoring programs, or "rootkits," that are almost impossible to detect using current security products and that could pose a serious risk to corporations and individuals. IDG News Service, 02/17/05.
http://www.nwfusion.com/news/2005/0217rsa-mic.html?nl

Today's bug patches and security alerts:

Researchers find security flaw in SHA-1 algorithm

Security experts are warning that a security flaw has been found in a popular and powerful data encryption algorithm, dubbed SHA-1, by a team of scientists from Shandong University in China. The three scientists are circulating a paper within the cryptographic research community that describes successful tests of a technique that could greatly reduce the speed with which SHA-1 could be compromised. IDG  News Service, 02/16/05.
http://www.nwfusion.com/news/2005/0216reseafind.html?nl
**********

Debian, Gentoo patch multiple vulnerabilities in AWStats

User input into the Web site statistical analysis software AWStats is not properly checked. This could be exploited in a denial-of-service attack or to potentially execute code on the affected machine. Patches are available:

Debian:
http://www.debian.org/security/2005/dsa-682

Gentoo:
http://www.gentoo.org/security/en/glsa/glsa-200501-36.xml
**********

Gentoo, Mandrake Linux patch emacs, xemacs

A vulnerability in the popular Emacs text editor could be exploited to run arbitrary code on the affected machine. The vulnerable machine would have to be connected to a POP server in order for this flaw to be exploited. Patches are available:

Gentoo:
http://security.gentoo.org/glsa/glsa-200502-20.xml

Mandrake Linux:
http://www.nwfusion.com/go2/0214bug2a.html
**********

Mandrake Linux releases fix for mailman

User input into the mailman mailing list server is not properly checked, which could result in information being disclosed. For more, go to:
http://www.nwfusion.com/go2/0214bug2b.html
**********

Debian, Gentoo patch postgresql

Several buffer overflow flaws, which could be exploited to run arbitrary code, have been patched in the postgresql database application. For more, go to:

Debian:
http://www.debian.org/security/2005/dsa-683

Gentoo:
http://security.gentoo.org/glsa/glsa-200502-19.xml
**********

Debian, Gentoo released fix for htdig

HTdig, an indexing/search engine, is vulnerable to cross-scripting attack. A hacker may be able to inject code into a specially-crafted request to the engine. For more, go to:

Debian:
http://www.debian.org/security/2005/dsa-680

Gentoo:
http://security.gentoo.org/glsa/glsa-200502-16.xml
**********

Conectiva patches evolution

Evolution, a groupware application, contains a heap overflow that could be exploited to gain elevated privileges and execute any code. For more, go to:
http://www.nwfusion.com/go2/0214bug2c.html

Conectiva issues fix for XFree86

Multiple overflows have been found in libXpm, one of the code libraries used by XFree86. An attack could exploit this to run their code of choice on the affected machine. For more, go to:
http://www.nwfusion.com/go2/0214bug2d.html
**********

Today's roundup of virus alerts:

New MyDoom worm uses search engines to spread

Internet users are being threatened by yet another variant of the MyDoom mass mailing worm, which is spreading in part by using e-mail addresses found through popular search engines, security experts warned. IDG News Service, 02/17/05.
http://www.nwfusion.com/news/2005/0217newmydoo.html?nl

W32/Sdbot-UZ - A backdoor Trojan that drops "windde32.exe" on the infected machines and allows access through IRC. It can be used to execute files on the affected machine. (Sophos)

Troj/LowZone-O - A virus that changes the settings in Internet Explorer and reduces the level of security on the infected machine. (Sophos)

W32/Bropia-J - A virus that spreads through Windows Messenger using an infected PIF file. (Sophos, Panda Software)

W32/Dopbot-A - Spreads via network shares by exploiting the Windows LSASS vulnerability. It drops "rund1132.exe" in the Windows System directory and can be used for a number of malicious purposes. (Sophos)

W32/Codbot-B - Another worm that downloads and runs code on the infected machine. It spreads through network shares and drops "LSPOOL.EXE" on the target machine. (Sophos)

W32/Codbot-C - Similar to Codbot-B above, but this variant drops the file "MAPI32.EXE". (Sophos)

W32/Forbot-EC - An IRC-enabled backdoor worm that drops "emp32.exe" in the infected machine's Windows System folder. The worm could make the machine a proxy and be used to download code. (Sophos)

Jason Meserve is multimedia editor at Network World.