* Patches from Microsoft, Google, Mandriva, others * Beware new Dasher variant Today’s bug patches and security alerts:Malicious hackers busy exploiting Windows flawFully patched systems running Windows XP and Windows Server 2003 can be successfully attacked by malicious hackers, various security firms warned Tuesday and Wednesday. The attacks can be carried out thanks to a newly discovered vulnerability in those operating systems’ handling of corrupted .WMF (Windows Metafile) graphic files, the firms said. IDG News Service, 12/28/05.http://www.networkworld.com/news/2005/122805-windows-flaw.html CERT advisory:https://www.us-cert.gov/cas/techalerts/TA05-362A.html ISS advisory:https://xforce.iss.net/xforce/alerts/id/211**********Google plugs security holes in Web siteGoogle has patched security flaws in its Web site that would have exposed users to phishing and other attacks designed to steal account information, according to security researchers. IDG News Service, 12/22/05.http://www.networkworld.com/news/2005/122205-google-holes.html Watchfire advisory:https://www.watchfire.com/securityzone/advisories/12-21-05.aspx**********Recent advisories from Mandriva: php (e-mail header flaw):https://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:238cpio (buffer overflow, code execution):https://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:237fetchmail (denial of service):https://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:236kernel (multiple flaws):https://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:235**********Ubuntu patches kernelMultiple flaws have been found in the kernels used by various Linux vendors. An attacker could exploit the flaws to run arbitrary code on the affected machine. For more, go to:http://www.networkworld.com/go2/0102bug1a.html**********Recent updates from Debian:dhis-tools-dns (poorly secured temp files):https://www.debian.org/security/2005/dsa-928tkdiff (poorly secured temp files):https://www.debian.org/security/2005/dsa-927ketm (buffer overflow, code execution):https://www.debian.org/security/2005/dsa-926phpbb2 (multiple flaws):https://www.debian.org/security/2005/dsa-925**********Recent patches from Gentoo:scponly (multiple flaws):https://security.gentoo.org/glsa/glsa-200512-17.xmlOpenMotif, AMD64 x86 emulation X libraries (multiple buffer overflows):https://security.gentoo.org/glsa/glsa-200512-16.xmlrssh (root privileges):https://security.gentoo.org/glsa/glsa-200512-15.xmlDropbear (root privileges):https://security.gentoo.org/glsa/glsa-200512-13.xmlMantis (multiple flaws):https://security.gentoo.org/glsa/glsa-200512-12.xml**********Today’s roundup of virus alerts:W32/Dasher-D — A new Dasher variant that tries to disable anti-virus and other security programs running on the infected host. It spreads by exploiting a known Windows vulnerability and drops a number of files on the host, including “Sqltob.exe”. (Sophos)W32/Nosun-A — A virus that displays the message “Your computer refuses to execute that program on sundays.” on Sundays and “I hate love, i love hate!” on the 23rd of any given month. (Sophos)W32/Crutle-A — A peer-to-peer worm that drops “WinExec.exe” in the Windows folder. It spreads through the Kazaa file-sharing network by disguising itself behind provocatively titled files. (Sophos)W32/Rbot-ALO — An Rbot variant that spreads through network shares, dropping “npmsys.exe” in the Windows System folder. It can allow backdoor access via IRC and is used for a number of malicious purposes, including creating an FTP/Web/Proxy server and logging key presses. (Sophos)W32/Rbot-BHQ — Another Rbot variant that spreads through network shares by exploiting weak passwords and known Windows flaws. It drops “windows32.exe” in the Windows System folder. (Sophos)W32/Rbot-BGH — Our third Rbot variant of the day in installed as “sysmsn.exe” in the Windows System folder. (Sophos)W32/Rbot-BFR — Rbot variant No 4 of the day uses the file “winsrt.exe” as its infection point. It too allows backdoor access via IRC. (Sophos)W32/Hazif-C — A passwords stealing Trojan that spreads through the Yahoo messenger service. (Sophos)Troj/Horst-C — A keylogging Trojan that drops a number of files in the Windows System folder, including “wsock32.exe”. It displays a fake error message when infecting the host. (Sophos)W32/Loosky-M — This virus is said to spread through network attachments, but no details are given. It does drop “sachostx.exe” in the Windows folder and a number of similarly named files in the Windows System directory. (Sophos)W32/Loosky-K — A second, similar Loosky variant. It uses the same file names as Loosky-M above. (Sophos)W32/Sdbot-AKZ — A new Sdbot variant that drops “spoolss.exe” in the Windows System folder after spreading through a network share. It allows backdoor access via IRC. (Sophos)W32/Sdbot-TQ — A second new Sdbot variant that allows backdoor access via IRC. It is installed as “WindowsSP2.exe” in the Windows System folder. (Sophos)W32/Mytob-GK — A mass-mailing worm that can be used to harvest additional e-mail addresses. It drops “winsvc32.exe” in the Windows System folder and changes the HOSTS file to prevent access to security-related Web sites. (Sophos)W32/Mytob-GF — Another Mytob mass-mailing worm that uses a message that looks like a security or account warning message. Instead of an attachment, the message provides a link to a malicious Web site. If clicked, “mqSSl;.exe” is installed in the Windows System directory. (Sophos)Troj/Vixup-U — This virus is used to download additional malicious code to the infected machine. The original virus drops “kernels64.exe” in the Windows System folder. (Sophos)W32/Brontok-L — A virus that harvests e-mail addresses from the infected machine and changes Internet Explorer settings. The virus drops “RakyatKelaparan.exe” on the infected host. (Sophos)W32/Brontok-J — A second Brontok variant that can close Windows that have “.exe” in the title. (Sophos)Troj/Feutel-B — A Trojan that installs a backdoor for downloading additional malicious code and can be used a keystroke logger. It drops “svchost.exe” or “sb.exe” in the Windows System folder. (Sophos)Troj/RKNu-A — A rootkit for the Windows platform that tries to hide itself from discovery. (Sophos)Troj/Bancban-LF — A Trojan that is used to target Internet banking Web sites. It drops “install.exe” in the Windows System directory. (Sophos)Troj/Agent-TM — This Trojan communicates with pre-configured remote servers via HTTP. It is installed as “UpdaterUI.exe” in the Windows System folder. (Sophos)Troj/Spyaks-B — A Trojan that downloads additional malicious code from remote sites and displays the popup message “Your computer is infected!”. (Sophos)W32/Erkez-G — A peer-to-peer and e-mail worm that drops “AntiVirus Update.exe” in the Windows System folder. (Sophos)W32/Chode-Q — A virus with IRC backdoor capability that spreads through the MSN and AOL instant messaging platforms. It is installed as “csrss.exe” in the Windows System folder. (Sophos)W32/Tilebot-GS — A Tilebot variant that provides backdoor access via IRC and spreads through network shares by exploiting known Windows flaws. It drops “nvidcgui.exe” in the Windows folder and “remon.sys” in the Windows System directory. (Sophos)Troj/Raker-B — A Trojan that is installed as “msjcf.exe” in the Windows System folder. (Sophos)Troj/Bagle-AS — A new Bagle variant that drops “wintems.exe” in the Windows System folder and can allow backdoor access through a random port between 2000 to 50000. (Sophos)W32/Bagle-EX — This Bagle variant spreads through messages titled “Happy New Year!” and drops “wind2ll2.exe” in the Windows System folder. (Sophos)W32/Bagle-AR — The third Bagle variant that drops “windll2.exe” in the Windows System folder. (Sophos)Troj/Small-FQ — This Trojan can be used to download and run additional malicious code to the infected host. It is installed as “snake.exe” in the Windows directory. (Sophos)Troj/Banload-H — A virus that tries to silently download and install additional code from pre-configured Web sites via HTTP. (Sophos)W32/Bobax-N — This Bobax variant spreads through e-mail with messages that say Osama Bin Laden has been captured or Saddam Hussein has been killed. It installs a randomly named file in the Windows System machine. (Sophos)Troj/Torpig-U — Another virus that communicates with remote servers via HTTP. It installs “Microsoft SharedWeb Foldersibm00001.exe” on the infected machine. (Sophos) Related content news analysis Cisco, AWS strengthen ties between cloud-management products Combining insights from Cisco ThousandEyes and AWS into a single view can dramatically reduce problem identification and resolution time, the vendors say. By Michael Cooney Nov 28, 2023 4 mins Network Management Software Cloud Computing opinion Is anything useful happening in network management? Enterprises see the potential for AI to benefit network management, but progress so far is limited by AI’s ability to work with company-specific network data and the range of devices that AI can see. By Tom Nolle Nov 28, 2023 7 mins Generative AI Network Management Software brandpost Sponsored by HPE Aruba Networking SASE, security, and the future of enterprise networks By Adam Foss, VicePresident Pre-sales Consulting, HPE Aruba Networking Nov 28, 2023 4 mins SASE news AWS launches Cost Optimization Hub to help curb cloud expenses At its ongoing re:Invent 2023 conference, the cloud service provider introduced several new and free updates that are expected to help enterprises optimize their AWS costs. By Anirban Ghoshal Nov 28, 2023 3 mins Amazon re:Invent Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe