Security gurus watch reappearance of 'Yapbrowser'

* Patches from Symantec, FreeBSD, Ubuntu, others * Beware proof-of-concept virus affecting StarOffice * E-mail security is an ongoing battle, and other interesting reading

Today's bug patches and security alerts:

Security gurus watch reappearance of 'Yapbrowser'

A Web browser originating in Russia is available for download again after it was taken down last month when security analysts found it directed users to child pornography. IDG News Service, 05/31/06.


Symantec squashes anti-virus bug

Symantec has patched a widely reported flaw in the English versions of its corporate anti-virus software. IDG News Service, 05/30/06.

Symantec advisory


New patches from FreeBSD:

ypserv (access control bypass)

smbfs (unauthorized access)


New updates from Ubuntu:

Nagios (code execution)

PostgreSQL (multiple flaws)


New fixed from Debian:

mysql-dfsg (multiple flaws)

dovecot (directory traversal)

libextractor (buffer overflow)

Linux kernel 2.4.17 (multiple flaws)

motor (buffer overflow)

typespeed (buffer overflow, code execution)


New patches from Mandriva:

PHP (multiple flaws)

dia (format string)


New updates from Gentoo:

libTIFF (multiple flaws)

CherryPy (directory traversal)


Today's roundup of virus alerts:

Proof-of-concept virus detected for StarOffice

The first virus affecting StarOffice was detected Tuesday, but so far it isn't being used to infect computers. Since the virus has not been launched with malicious intent yet, a teenager hacker may have written it, said Roel Schouwenberg, senior research engineer for Kaspersky Lab. The virus uses macros to attack the office suite from Sun. IDG News Service, 05/30/06.

W32/Banwar-A -- An e-mail worm that opens an IRC backdoor on the infected host. It spreads through messages with foreign text and a ZIP attachment. It drops "mszsrn32.dll" in the Windows System file. (Sophos)

Troj/BeastPWS-C -- A keylogging Trojan that spreads through an e-mail claiming to have a Windows patch attached. The worm drops "winlogon_patchv1.12" in the Windows System folder. (Sophos)

W32/Zasran-D -- Another mass-mailing worm that installs itself as "mszsrn32.dll" in the Window System folder. It too spreads through a message consisting of foreign text and an attached ZIP file. (Sophos)

W32/Feebs-AA -- An e-mail worm that spreads through a message claiming to be "Protected Mail". It has a ZIP attachment. No word on any permanent damage caused. (Sophos)

Troj/Small-BPI -- A backdoor Trojan that can communicate with remote sites via HTTP. It drops a randomly-named EXE in the Windows System folder. (Sophos)

Troj/Clagger-R -- A downloader Trojan that is installed as "suhoy316.exe" in Windows folder. It can also reduce system security levels. (Sophos)

Troj/PWS-EM -- A password-stealing Trojan that sends harvested data to remote sites via HTTP. (Sophos)

W32/Sdbot-HB -- An IRC backdoor worm that spreads through network shares, dropping "MPTCLOAXS.EXE" in the Windows System directory. It also tries to stop security-related processes that may be running on the infected host. (Sophos)

W32/Floppy-F -- A worm that seems to spread via floppy disks. It drops a number of files on the infected host, including "calc.exe" in the Windows System folder. (Sophos)

DigiKeyGen -- A spyware application that claims to give users free access to premium adult content sites. It installs a bunch of spyware on the system and offers a fix for $4.95. (Panda Software)

Troj/Zlob-QJ -- This virus spreads by claiming to be a "Media-Codec" installer. It drops "codec.exe" in the Windows System folder and can be used to steal information from the infected host. (Sophos)

Troj/Bancos-AJS -- A Trojan that targets user credentials for Brazilian banking sites. It drops "windows32.exe" in the Windows folder. (Sophos)

Troj/QQHelp-P --A downloader Trojan that adds advertising software to the infected host. It drops two files in the <Common Files>\updat\ directory: "update.dat" and "update.exe". (Sophos)

Troj/Dloadr-AIP -- Another downloader Trojan that tries to install additional malicious code on the infected host. It is initially installed as "ipf.exe" in the Windows System directory. (Sophos)

W32/Tilebot-FC -- This Tilebot spreads through network shares by exploiting known Windows flaws. It installs "cpanelx.exe" in the Windows folder and "hpdriver.sys" to the System folder. It allows backdoor access through IRC. (Sophos)

Troj/Mailbot-AH -- Yet another downloader application that tries to install additional code on the infected host. This one initially drops "pe386.sys" in the System/drivers folder. (Sophos)


From the interesting reading department:

E-mail security is an ongoing battle

The IT industry will never eradicate security threats to e-mail systems and organizations should take a holistic approach to securing their communication systems to the level where they believe risk is at a manageable state, according to panelists at this week’s Inbox e-mail conference in San Jose., 06/01/06.

Mouse jitters give away fraudsters

Online fraudsters might want to try some method acting classes before they attempt to log in to an online banking session using a stolen user name and password. New technology from Fair Isaac claims to be able to spot fishy Web sessions by, among other things, comparing mouse movements and typing mannerisms with those of the account holder. InfoWorld, 05/31/06.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.

IT Salary Survey 2021: The results are in