• United States

Flurry of patches from Fedora

Feb 27, 20064 mins

* Patches from Fedora, Mandriva, Trustix, others * Beware latest viruses targeting banking information * IBM software protects against internal attacks, and other interesting reading

Today’s bug patches and security alerts:

The newest updates/patches from Fedora:

Firefox (multiple flaws)

Mozilla (multiple flaws)

Perl (integer overflow)

Sudo (race condition)

mplayer (integer overflow)


Trustix releases two new “multi” updates

Two new updates from Trustix roll a number of patches into single downloads. The first update fixes vulnerabilities in gnupg, gnutls, libtasn1 and postgresql. The second fixes flaws in sudo and tar. They can downloaded from:

Trustix Multi #1

Trustix Multi #2


SuSE patches heimdal

Two flaws in SuSE’s implementation of heimdal have been patched in this latest update. The first could be exploited in a denial-of-service attack against the affected host. A second flaw in the rsh daemon allows authenticated users to take control of other users’ files.


Ubuntu patches tar

According to an alert from Ubuntu, “Tar [does] not properly verify the validity of certain header fields in a GNU tar archive. By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user.”


Today’s roundup of virus alerts:

Trj/Briz.A — A custom virus written for hackers to steal personal data, particularly banking information, from an infected machine. The virus also tries to disable anti-virus applications. (Panda Software)

Troj/Banker-AKW — Another virus targeting banking information. This one is installed as “iewq32.exe” in the Windows System directory. (Sophos)

Troj/Torpig-AI — A Trojan that logs keystrokes, steals e-mail login information and connects with remote machines via HTTP. It drops a number of files in “Microsoft SharedWeb Folders”, including “ibm00001.exe”. (Sophos)

W32/Alcra-E — A virus that spreads through peer-to-peer networks disguised as a Windows Media file. Upon infecting a host, it will display the error message “Message text: Codec Error : 60034 Please Check Codec Exists”. It installs a number of files on the infected host, including “MsMoviesMsMovies.exe” in the Program Files folder. (Sophos)

Troj/Banload-RT — This Trojan is installed as “xsmith.scr” in the Windows System folder and displays the error message “Erro de Leitura do Arquivo.Endereco Invalido fff:0d5f”. No word on what malicious purposes it can be used for. (Sophos)

Troj/FeebDl-G and H — An HTML file that can be used to download additional malicious code from remote sites. It installs “userinit.exe” in the Recycled folder. (Sophos)

W32/Tilebot-DL — A Trojan that spreads through network shares by exploiting weak passwords and known Windows vulnerabilities. It places “SAMSvc.exe” in the Windows System folder and communicates with remote sites via HTTP. (Sophos)

Troj/Clagger-H — A new e-mail worm that spreads through a message claiming to be from PayPal and titled “Your Account Temporally Limited”. It tries to download “suhoy.exe” to the Windows System folder. (Sophos)

Troj/Spywad-AE — A downloader application that connects with remote servers via HTTP. It drops “winstall.exe” in the root directory. (Sophos)

W32/Maslan-J — Another virus that tries to overwrite a number of file types on the infected host. It’s installed as a randomly named file in the Windows System folder. (Sophos)

Troj/Bancos-PV — A password stealing Trojan that is installed as “sampaerio.exe” in the Windows System directory. No word on how it spreads between machines. (Sophos)

Troj/LdPinch-FC — Another password stealing Trojan. This one gathers data through keystroke logging and the collection of other system information. An attacker can access the captured data through a backdoor. It is installed as “ield.dll” in the Windows System folder. (Sophos)


From the interesting reading department:

Researchers: Security ‘holiday is over’ for Apple Mac users

The flurry of security issues involving Apple’s Mac OS X over the past few days once again hammers home the fact that no technology platform is invulnerable to attacks, whatever the perception might otherwise be, security analysts said. Computerworld, 02/24/06.

IBM software protects against internal attacks

IBM Friday announced a new security product that helps protect companies from internal attacks on their IT systems. The Identity Risk and Identification software analyzes the activity of users on a network, looking for irregularities that might be a tip-off of unauthorized or improper access. IDG News Service, 02/24/06.