• United States

Three updates from HP

Apr 03, 20064 mins

* Patches from HP, Mandriva, others * Beware new generation of IE malware circulating * Trend Micro data revealed due to virus, and other interesting reading

Today’s bug patches and security alerts:

HP releases new sendmail update for HP-UX

HP has revised its original advisory and added more versions of sendmail for HP-UX that are vulnerable to the remotely exploitable race condition.

HP patches Passwd flaw

A denial-of-service vulnerability has been found in the passwd utility for HP-UX. The flaw can only be exploited by a local user.

HP patches usermod for HP-UX

According to an alert from HP, “A vulnerability has been identified with certain versions of the HP-UX usermod(1M) command. A certain combination of options can result in recursively changing the ownership of all directories and files under a user’s new home directory. This may result in unauthorized access to these directories and files.”


Samba fixes password issue

A flaw in Samba 3.0.21 through 3.0.21c leaves certain system passwords exposed in debug log files. An attacker could exploit this to gain access to the affected machine. To fix the problem, users should upgrade to Version 3.0.22.


Mandriva patches mailman

Versions of mailman 2.5.1 and earlier are vulnerable to a denial-of-service attack. This update fixes the issue.


Today’s roundup of virus alerts:

New generation of IE malware now circulating

Hackers have posted a new version of malicious software that will make it easier for them to exploit an unpatched vulnerability in Microsoft’s Internet Explorer (IE) browser. Based on a critical bug disclosed on March 22, the software was posted by hackers Friday to the Web site. IDG News Service, 03/31/06.

First Trojan Spy for Symbian Phones

Today we heard of a rather interesting new Symbian malware application named Flexispy.A. It’s a Symbian Trojan spy that records information about the victim’s phone calls and SMS messages, then sends them to a remote server. F-Secure, 03/30/06.

Troj/BagleDl-BP — A bagle variant that pretends to be a hacking tool, opening a dialog box titled “Select file to crack”. It drops “ldr64.dll” in the Windows System folder. (Sophos)

Troj/IRCBot-GW — This IRC backdoor Trojan is installed as “vmmon32.exe” in the Windows System folder. No word on how it spreads between hosts. (Sophos)

Troj/IRCBot-GX — A second similar IRCbot variant. This one is installed as “live.exe” in the Windows System directory. (Sophos)

W32/Rbot-BWT — A new Rbot variant that spreads through network shares by exploiting weak passwords and known Windows flaws. It drops “initsvc.exe” in the Windows System directory. (Sophos)

W32/Rbot-CTJ — A second new Rbot variant that spreads using similar tactics as Rbot-BWT above. This one installs itself as “windinit.exe” in the Windows Sytem folder. (Sophos)

W32/Feebs-P — A worm that spreads through peer-to-peer file sharing networks. It installs “msdf.exe” in the Windows System folder. (Sophos)

W32/Feebs-N — A second Feebs variant that uses peer-to-peer files sharing networks to spread. This variant is installed in the Windows System directory as “msyk32.dll”. (Sophos)

W32/Tilebot-EH — This backdoor worm spreads through network shares with weak passwords or by exploiting known Windows flaws. It installs “wintray.exe” in the Windows System folder and allows backdoor access through IRC. (Sophos)

Troj/Flood-GY — A Trojan that can be used to launch denial-of-service attacks against a specified IP address. (Sophos)

Troj/Dermon-I — A password-stealing Trojan that is installed on the infected host as “abrada.exe” in the Windows System folder. (Sophos)

Troj/Bancos-YK — This Trojan targets user credentials for Internet banking sites. It is installed as “system.exe” in the Windows folder. It communicates with remote servers via HTTP. (Sophos)


From the interesting reading department:

Trend Micro data revealed due to virus

The failure of a Trend Micro employee to install his company’s own anti-virus software led to the uploading of some company reports to a popular Japanese peer-to-peer file sharing network, the company said Monday. IDG News Service, 04/03/06.

Florida banks hacked in new spoofing attack

Three Florida banks have had their Web sites compromised by hackers in an attack that security experts are calling the first of its type. IDG News Service, 03/30/06.

802.11w fills wireless security holes

IEEE 802.11i, the standard behind Wi-Fi Protected Access and WPA 2, patched the holes in the original Wired Equivalent Privacy specification by introducing new cryptographic algorithms to protect data traveling across a wireless network. Now, the 802.11w task group is looking at extending the protection beyond data to management frames, which perform the core operations of a network. Network World, 04/03/06