* Patches from HP, Ubuntu, Fedora, others * Beware e-mail worm spreading via message with the title "My Best Photo" * EBay helps shut down Russian Web site selling stolen eBay account info, and other interesting reading Today’s bug patches and security alerts:Microsoft warns of nasty IE bugMicrosoft is warning users of its Internet Explorer browser to use caution on the Web, after the disclosure of an unpatched bug that could allow attackers to seize control of a PC running the browser software.Lennart Wistrand blog entry ISS advisory********** iDefense warns of privilege escalation in ISS toolsAccording to an iDefense advisory, ISS security tools such as BlackICE and RealSecure Desktop are vulnerable to privilege escalation.**********iDefense warns of flaws in RealPlayer and Helix PlayeriDefense says a heap overflow in RealNetworks’ RealPlayer and Helix Player could be exploited by an attacker to run malicious code on the affected machine. RealNetworks has released updates to fix this problem.********** HP patches swagentd for HP-UXAccording to an alert from HP, “A potential security vulnerability has been identified in HP-UX running swagentd. The vulnerability could be exploited remotely by an unauthenticated user to cause swagentd to abort resulting in a Denial of Service.”**********Fedora releases sendmail update A race condition in sendmail could be exploited by an attacker to run malicious code on an affected machine. Fedora has a patch for its operating system variants.**********Ubuntu patches libcairo flawA flaw in the way the cairo library renders glyphs could be exploited by an attacker to crash the program. This flaw also impacts the Evolution mail client.**********New updates from Debiankoffice (multiple flaws)Linux kernel 2.4.27 (multiple flaws)Linux kernel 2.6.8 (multiple flaws)Evolution (format string flaw, code execution)Sendmail (race condition, code execution)firebird2 (buffer overflow)**********New patches from GentooNetHack (privilege escalation, code execution)PHP (multiple flaws)Sendmail (race condition, code execution)**********New fixes from MandrivaSendmail (race condition, code execution)Linux kernel 2.6 (multiple flaws)freeradius (denial of service)**********Today’s roundup of virus alerts:Hackers use Trojan to target bank customersHackers have been quietly infecting hundreds of thousands of computers worldwide with a particularly sophisticated Trojan horse program designed to steal bank account information and other sensitive data from compromised systems, according to security researchers. Computerworld, 03/22/06.W32/Rontokbr-A — An e-mail worm that spreads through a message with the title “My Best Photo” and an attachment called “Photo.zip”. It drops a number of files on the infected host, including “msvbvm60.dll” in the Windows System Folder. It can be used to harvest e-mail addresses. (Sophos)Troj/Clagger-M — A Trojan that spreads through an e-mail message that looks like it is from amazon.co.uk. It drops “uhoy112.exe” in the Windows System directory. (Sophos)W32/Sdbot-BBA — A new Sdbot variant that exploits known Windows flaws as it spreads through network shares. It drops “winhost32.exe” in the Windows folder and allows backdoor access through IRC. (Sophos)Troj/Haxdoor-BH — This Trojan can communicate with remote servers via HTTP. It is installed as “ke7dnl.sys” in the Windows System folder and registers itself as “AVXSearch service”. (Sophos)Troj/Orse-R (also known as Troj/DwnLdr-AKR) — Another Trojan that uses HTTP to communicate with remote servers. This nuisance is installed as “taskdir.exe”, “taskdir.dll” and “zlbw.dll” in the Windows System folder. (Sophos)W32/Cellery-B — A virus that spreads through network shares, dropping “format32.exe” in the Windows System folder. What’s interesting, it plays a midi file (minuet.mid) and opens a Tetris-like game on the infected host. (Sophos)Banker.CJA — Another banking Trojan that target specific Internet banking sites, collecting username and password information. This Trojan is dropped on a host by another malicious worm: Nabload.CC. (Panda Software)Troj/Loosky-BY — This Trojan drops “batserv2.exe” in the Windows directory and “sysc.exe” in the Windows System folder. No word on any permanent damage caused by Looksy-BY. (Sophos)W32/Tilebot-DW — A backdoor worm that provides access to the infected host through IRC. It is installed as “win32ssr.exe” in the Windows folder. (Sophos)W32/Feebs-N — This virus looks to spread through peer-to-peer networks. It drops a number of files on the infected host, including “msow.exe” in the Windows System folder. (Sophos)W32/Rbot-CTJ — A new Rbot variant that spreads through network shares by exploiting weak passwords and known Windows flaws. It is installed as “windinit.exe” in the Windows System folder and allows backdoor access through IRC. (Sophos)W32/Rbot-CSC — Our second Rbot variant of the day drops “vmmon32.exe” in the root directory of the infected host. It too allows backdoor access through IRC. (Sophos)W32/Agobot-TA — This Agobot variant opens a backdoor channel to the infected host after dropping “windowsfw.exe” in the Windows System directory. (Sophos)Troj/PcClien-IJ — A virus that injects its code into running processes to help avoid detection. It also places “nzspfrwy.dll” in the Program Files directory. It can be used to log keystrokes. (Sophos)**********From the interesting reading department:EBay helps shut down Russian Web site selling stolen eBay account infoEBay helped to shut down a Russian Web site this week that was offering to sell stolen customer account information for as little as $5 for each login and password. IDG News Service, 03/24/06.Microsoft security chief to step downMicrosoft security chief Mike Nash to take a sabbatical and will be replaced by Microsoft storage business manager Ben Fathi. IDG News Service, 03/24/06.Attack hits Sun public grid service on day oneDenial-of-service attack forces Sun to take down a service hosted on its new public utility grid. IDG News Service, 03/23/06.Offshoring cited in Florida data leakFlorida state workers warned that their personal data could be vulnerable as state’s HR system was improperly handed over to a company in India. IDG News Service, 03/24/06.Advances in fingerprinting could bolster network securityStudy by National Institute of Standards and Technology unites 14 fingerprint technology vendors. NetworkWorld.com, 03/23/06. Related content how-to Doing tricks on the Linux command line Linux tricks can make even the more complicated Linux commands easier, more fun and more rewarding. By Sandra Henry-Stocker Dec 08, 2023 5 mins Linux news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Network Security Network Security Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe