More MyDoom

* Patches from FreeBSD, SuSE, others * Beware variety of Trojan's * The evolution of application layer firewalls, and other interesting reading

The latest news on MyDoom:

The worm attacks! SCO downed by MyDoom

Computers infected with the MyDoom virus Sunday launched a massive attack against the Web site of Unix software maker The SCO Group, cutting off access to the company's Web site. IDG News Service, 02/01/04.

http://www.nwfusion.com/news/2004/0201theworm.html?nl

Debate heats up over e-mail quarantine

The widespread outbreak last week of the MyDoom mass-mailer worm, which tricked end users into opening infected files, renewed debate over whether companies should ban or at least quarantine e-mail attachments to safeguard their networks. Network World, 02/02/04.

http://www.nwfusion.com/news/2004/0202worm.html?nl

Microsoft offers $250,000 reward over MyDoom.B attacks

Microsoft Thursday said it will pay a $250,000 reward for information leading to the arrest and conviction of the person or persons responsible for releasing the MyDoom-B worm. IDG News Service, 01/30/04.

http://www.nwfusion.com/news/2004/0130microoffer.html?nl

One other thing before we get to today's alerts and such, be sure to check out Fusion's new redesign and let us know what you think!

See it here:

http://www.nwfusion.com/

Comment here:

http://www.nwfusion.com/cgi-bin/forum/gforum.cgi?post=1135

Today's bug patches and security alerts:

@Stake warns of TruBlueEnvironment vulnerability in Mac OS

According to the @Stake advisory, "TruBlueEnvironment is part of the MacOS Classic Emulator. It is setuid root and installed by default.  There is a buffer overflow vulnerability that allows a user with interactive access to escalate privileges to root." For more, go to:

http://www.atstake.com/research/advisories/2004/a012704-1.txt

Apple fix:

http://docs.info.apple.com/article.html?artnum=61798

**********

Cisco warns of potential flaw in Windows 2000-based products

A vulnerability in Microsoft Windows 2000 Server could affect a number of Cisco products that run on the platform. An attacker could exploit the buffer overflow vulnerability to cause a denial of service or to potentially execute arbitrary commands on the affected machine. For more, go to:

http://www.nwfusion.com/go2/0202bug1a.html

Related Microsoft advisory:

http://www.microsoft.com/technet/security/bulletin/MS03-049.asp

**********

FreeBSD issues mksnap_ffs fix

A flaw in mksnap_ffs, a utility for taking a "snapshot" of a FreeBSD mounted file system, contains a bug that will reset various flag sets/attributes to their default values. For more, go to:

http://www.nwfusion.com/go2/0202bug1b.html

**********

SuSE releases fix for gaim

Twelve vulnerabilities have been found in Gaim, a cross platform, multi-protocol instant messaging application. While some of the flaws are minor a few could be exploited to gain root privileges on the affected machine. For more, go to:

http://www.suse.com/de/security/2004_04_gaim.html

**********

SGI issues update #9

SGI has released a new service pack for its SGI ProPack v2.3 for the SGI Altix family of systems. This latest release includes updates for elm, cvs, tcpdump and Ethereal. For more, go to:

http://www.nwfusion.com/go2/0202bug1c.html

**********

Debian patches trr19

A flaw in the trr19 type trainer application for GNU emacs could allow an attacker to gain privileges of the local group "games". For more, go to:

http://www.debian.org/security/2004/dsa-430

**********

Today's roundup of virus alerts:

Gaobot.DK - A Trojan horse that attempts to exploit various RPC and WebDav vulnerabilities in Windows. The virus spreads between network shares and connects to an IRC server to await commands from a malicious user. It also disables security-related applications running on the infected machine. (Panda Software)

Dumaru.Z - Another worm/Trojan horse that attempts to steal E-gold account information and opens ports on the infected machine for an attacker to enter. (Panda Software)

Govnodav.A - A keylogging Trojan horse that spreads via e-mail and sends what it captures back to the virus' author. (Panda Software)

**********

From the interesting reading department:

Microsoft: Change to IE will block some URLs

Responding to a wave of online scams, Microsoft said that it is fixing a flaw in its popular Internet Explorer that makes it easy to mask the real address of a Web page displayed on the browser. IDG News Service, 01/29/04.

http://www.nwfusion.com/news/2004/0129microchange.html?nl

Review: Preventsys' Network Audit and Policy Assurance 1.5

How can you confirm your systems are configured appropriately and maintain that configuration over time? In our tests, Preventsys Network Audit and Policy Assurance 1.5 proved to be a flexible, easy-to-use product that earned accolades as a World Class Award designee. Network World, 02/02/04.

http://www.nwfusion.com/reviews/2004/0202preventsys.html?nl

Technology Update: Appliance streamlines security

Application security gateways have emerged to protect HTML and XML applications, and perform additional security and networking functions currently handled by single-purpose products. Network World, 02/02/04.

http://www.nwfusion.com/news/tech/2004/0202techupdate.html?nl

Some certifications are hot, some not

Network administrators are finding that investing in learning specialized job skills - and validating those skills by passing certification tests - can lead to career advancement even when the economic outlook for hiring is bleak. Network World, 02/02/04.

http://www.nwfusion.com/news/2004/0202skills.html?nl

Feds to the rescue?

A division of the Department of Homeland Security last week announced new threat-alert services to inform IT professionals and the public of computer viruses and other such problems as they arise. Network World, 02/02/04.

http://www.nwfusion.com/news/2004/0202wormside.html?nl

The evolution of application layer firewalls

The latest Internet defense technology - deep packet inspection firewalls - is being touted as the best line of defense against worms that can sneak past earlier technology to wreak havoc in corporate networks. Network World, 02/02/04.

http://www.nwfusion.com/news/2004/0202specialfocus.html?nl

NetScreen, WatchGuard resize appliances

NetScreen Technologies and WatchGuard Technologies this week will join the crowd of vendors pushing harder to get midsize businesses to buy their multifunction security appliances. Network World, 02/02/04.

http://www.nwfusion.com/news/2004/0202remote.html?nl

University of Georgia computer systems hacked

The FBI and the Georgia Bureau of Investigation are investigating a break-in to the University of Georgia computer systems. University officials said in a statement that hackers may have accessed personal information, including Social Security and credit card numbers of 31,000 of its students and applicants. Computerworld, 01/30/04.

http://www.nwfusion.com/news/2004/0130uga.html?nl

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2004 IDG Communications, Inc.