CipherTrust launches new anti-spam portal

Opinion
Sep 1, 20056 mins

* Patches from Adobe, Symantec, Mandriva, others * Malware may hide behind long names in Windows registry * Zotob arrests point to cybercrime nexus

CipherTrust launches new anti-spam portal

E-mail administrators looking for information on the sources of spam and about their own company’s perception in the e-mail world now have a new free resource. CipherTrust, which makes anti-spam, anti-virus and compliance e-mail gateways, will this week launch its TrustedSource portal (www.trustedsource.org), which aggregates data collected from 4,000 sensors in 40 countries. Data includes historical information on senders, patterns of e-mail sent from specific sources down to the IP address level, and a map of spam activity of a global level. The data behind TrustedSource is also used by CipherTrust’s appliances in the message accept or reject decision-making process.

Today’s bug patches and security alerts:

Malware may hide behind long names in Windows registry

Security experts have found a vulnerability in the Windows operating system that could allow malware to lurk undetected in long string names of the Windows Registry. IDG News Service, 08/30/05.

http://www.networkworld.com/news/2005/083005-malware-windows.html

Secunia advisory:

https://secunia.com/advisories/16560/

**********

Flaws revealed in Adobe Version Cue

Two new security vulnerabilities were revealed this week in Adobe’s Version Cue software, the second and third security flaws discovered in the company’s software in less than two weeks, according to security consulting firm iDefense. IDG News Service, 08/30/05.

http://www.networkworld.com/news/2005/083005-adobe-flaw.html

Adobe patch:

https://www.adobe.com/support/security/main.html#vcuemac

iDefense advisories:

http://www.networkworld.com/go2/0829bug2d.html

http://www.networkworld.com/go2/0829bug2c.html

**********

Symantec patches flaw in AntiVirus 9 Corporate Edition

A design flaw in Symantec’s AntiVirus 9 Corporate Edition could be exploited by a local user to gain elevated privileges on the affected machine. Symantec has released a fix for this issue. For more, go to:

http://www.networkworld.com/go2/0829bug2b.html

iDefense advisory:

http://www.networkworld.com/go2/0829bug2a.html

**********

Mandriva, SuSE patch pcre

The Perl library libpcre (pcre) is vulnerable to an integer overflow that could be exploited to run malicious applications on the affected machine. For more, go to:

Mandriva:

https://www.mandriva.com/security/advisories?name=MDKSA-2005:151

SuSE:

https://www.novell.com/linux/security/advisories/2005_48_pcre.html

**********

Gentoo, Mandriva fix lm_sensors

A flaw in the way one of the lm-sensors utilities creates temporary files could be exploited in a symlink attack to run malicious code on the affected machine, possibly under root privileges. For more, go to:

Gentoo:

https://security.gentoo.org/glsa/glsa-200508-19.xml

Mandriva:

https://www.mandriva.com/security/advisories?name=MDKSA-2005:149

**********

Mandriva patches bluez-utils

Bluez-utils, a tool for implementing the Bluetooth wireless standard on Linux, is not properly validating input, which could be exploited to run malicious commands on the affected machine. For more, go to:

https://www.mandriva.com/security/advisories?name=MDKSA-2005:150

Mandriva releases fixes for python, gnumeric, php

Mandriva’s implementations of python, gnumeric and php are affected by the pcre integer overflow vulnerability noted above. Fixes are available:

python:

https://www.mandriva.com/security/advisories?name=MDKSA-2005:154

gnumeric:

https://www.mandriva.com/security/advisories?name=MDKSA-2005:153

php:

https://www.mandriva.com/security/advisories?name=MDKSA-2005:152

Mandriva issues fix for vim

According to an alert from Mandriva, “A vulnerability was discovered in the way that vim processed modelines. If a user with modelines enabled opened a textfile with a specially crafted modeline, arbitrary commands could be executed.” For more, go to:

https://www.mandriva.com/security/advisories?name=MDKSA-2005:148

Mandriva patches slocate

A bug in the way slocate handles very long path names could result in incomplete database entries. For more, go to:

https://www.mandriva.com/security/advisories?name=MDKSA-2005:147

Mandriva releases patch for openvpn

A number of vulnerabilities have been found in openvpn for Mandriva. All flaws could be exploited in denial-of-service attacks against the affected server. For more, go to:

https://www.mandriva.com/security/advisories?name=MDKSA-2005:145

**********

Debian patches Kismet

A number of flaws have been found in Kismet, a wireless network analyzer. The flaws could be exploited to run arbitrary code. For more, go to:

https://www.debian.org/security/2005/dsa-788

**********

Today’s roundup of virus alert:

Virus shipped on Creative MP3 players

F-Secure is reporting that MP3 player maker Creative accidentally sent out 4,000 5G-byte Zen Neeon devices loaded with the Wullik.B worm to consumers in Japan. Fortunately, the user has to click on the malicious file to get infected.

https://www.f-secure.com/weblog/#00000642

Troj/Nethief-P — A data logger that can be used to steal information entered into Web forms and download/execute additional code. It installs itself as “EXPLORER.exe” in the Windows system ShellExt folder. (Sophos)

W32/Chode-G — A worm that spreads through a link sent via AOL Instant Messenger or MSN Messenger. When clicked, “csrss.exe” will be installed in the Windows system folder. It can be access via IRC and used for a number of malicious purposes. It also disables access to security Web sites by modifying the Windows HOSTS file. (Sophos)

Troj/Feutel-U — A backdoor Trojan that drops “ftplanServer.exe” in the Windows root directory. No word on how it exactly spreads or what type of damage can be caused. (Sophos)

Troj/Dloader-TB — A tool that monitors Internet usage on the infected machine and may have the capability to download and install additional code. It drops “wlan1934.sys” in the Windows system “drivers” folder. (Sophos)

Troj/Dloader-SR — Another Dloader variant that can be used to download/execute malicious code from remote sites. (Sophos)

W32/Rbot-AMA — This Rbot variant spreads through network shares, exploiting a number of known Windows vulnerabilities. It drops “updates.pif” in the Windows System folder and can allow backdoor access via IRC. (Sophos)

Troj/Banker-FH — A Trojan that attempts to steal login information for certain banking Web sites. It installs itself as “configservice.exe”. (Sophos)

Troj/Fumilo-A — No word on how this worm spreads, but its goal is to block access to certain banking sites. (Sophos)

Troj/QQPass-U — A password-stealing Trojan that drops “runlli32.exe” in the Windows System directory. No word on how it spreads between Windows machines. (Sophos)

Troj/Bancban-EW — Another Trojan that targets data entered into Internet banking sites. It also has the ability to download and install additional code. It drops “imgst.scr” in the Windows system directory. (Sophos)

W32/Forbot-FL — A new Forbot variant that spreads through network shares, exploiting the Windows LSASS vulnerability. It drops “iexplore.exe” in the Windows system folder. (Sophos)

W32/Bobax-R — This worm spreads via network shares (exploiting the PnP vulnerability) and e-mail (with the subject line “Cool”). It modifies the Windows HOSTS file to hamper access to security related Web sites. (Sophos)

**********

From the interesting reading department:

Zotob arrests point to cybercrime nexus

The expanding investigation into last month’s Zotob worm outbreak is uncovering evidence of the growing nexus between worm writers and gangs looking to profit from cybercrime, according to security experts. Computerworld, 08/31/05.

http://www.networkworld.com/news/2005/083105-zotob-cybercrime.html

‘Loverspy’ program creator indicted, on the run

The creator of Loverspy, software used to surreptitiously observe individuals’ online activities, has been indicted for allegedly violating federal computer privacy laws, local and federal authorities announced Friday. IDG News Service, 08/29/05.

http://www.networkworld.com/news/2005/082905-loverspy.html