• United States

New Mac OS X update available

Sep 13, 20047 mins

* Patches from Conectiva, Gentoo, others * Beware latest MyDoom variant and variety of Sbot and Rbot variants * This ISP flatfoot enjoys giving spammers the boot , and other interesting reading

XP Service Pack 2 update: Finally, got the behemoth downloaded and installed on my wife’s new laptop. Nothing happened the first time I pushed “download” a few weeks back after getting the initial prompt. This go around I ran the Windows Update myself to force the download. Our version of the update came to 102 megabytes, which took around 20 minutes or so to download over our Verizon DSL line (freshly upgraded to 3M bit/sec download speeds). The install probably took another 20 minutes or so. After that, everything ran pretty smoothly. We have found any major issues yet. The only minor things were our McAfee Security Center and the new Microsoft Security Center wanted to battle for control and the Microsoft firewall seemed to want to block every application. But I think we have the squared away.

Now to install it on my primary desktop, which was originally converted from Windows ME to XP. But first, I need to back the thing up…

Today’s bug patches and security alerts:

New Apple security update available

A new Apple Mac OS X updates for Versions 2.8 (Jaguar) through 3.5 (Panther). The update fixes problems with Apache, CoreFoundation, IPSec, Kerberos, lukemftpd, OpenLDAP, OpenSSH, PPPDialer, QuickTime Streaming Server, rsync, Safari, SquirrelMail and tcpdump. For more, go to:


Samba DoS fixed

SecuriTeam is waring of a flaw in version of Samba prior to 3.0.6 and 2.2.11 that could exploited in a denial-of-service attack against the Samba Daemon (smbd). For more, go to:



SecurityTracker warns of OpenSSH flaw

A flaw in the way OpenSSH works with anonymous services could be exploited in “port bouncing” attack. This could leave a machine vulnerable long enough for e-mail to be forwarded from it. For more, go to:


Conectiva patches wv

A buffer overflow in wv, an application that allows access to Microsoft Word files, could be exploited by an attacker to run their code of choice on the affected machine. For more, go to:

Conectiva releases Kerberos 5 update

A couple of vulnerabilities have been found in the MIT Kerberos 5 code. One flaw could be exploited to run code on an affected system, the other in a denial-of-service attack. For more, go to:


Gentoo patches LHa

According to an alert from Gentoo, “Several buffer overflows and a shell metacharacter command execution vulnerability have been found in LHa. These vulnerabilities can be used to execute arbitrary code.” For more, go to:


Today’s roundup of virus alerts:

W32/Sdbot-RY – Another newsletter, another bot that spreads via network shares and uses IRC as a backdoor. This Sdbot variant copies itself into the Windows System folder as “spoolsvc.exe” and can be used as a proxy server, to delete network shares and steal game information. (Sophos)

W32/Sdbot-OV – This Sdbot variant infects the file “usb32.exe” in the Windows System folder and can used to launch denial-of-service attacks, as a proxy server and stealing game application information. (Sophos)

W32/Sdbot-OY – This is a typical Sdbot variant. The file it infects in the Windows System directory: “sload32.exe”. (Sophos)

Troj/Delf-DU – A Trojan horse that copies itself to “services.exe” in the Windows System directory and terminates a number of applications. It can also be used to download code via IRC. (Sophos)

W32/Rbot-IK – An Rbot variant used to steal applications keys for popular games. This variant uses a random file name as its infection point and spreads via network shares by attempting to exploit vulnerabilities or previous infections. (Sophos)

W32/Rbot-IL – A typical Rbot variant that spreads by network shares and gets remote commands via IRC. This one deletes a number of commonly named network drives. (Sophos)

W32/Rbot-IO – Yet another Rbot variant. This one infects the file “WUAMGDR.EXE” in the Windows System folder. No word on any permanent damage caused, but it does have IRC backdoor functionality. (Sophos)

W32/Rbot-IT – See Rbot-IO above, replacing the file name with “mswinc.exe”. (Sophos)

W32/Forbot-Q – A bot that can used for distributed denial of service attacks, to run a Socks proxy server or obtain information about the infected computer. It spreads by trying to exploit the Windows LSASS vulnerability and infects the file “”ssvchost.exe” in the Windows System folder. (Sophos)

W32/MyDoom-V – Yet another MyDoom variant. Similar to its predecessor, this one spreads via e-mail and infects the file “windrv32.exe”.  It uses a variety of e-mail subjects, body text and attachment names in its quest to spread. (Sophos)


From the interesting reading department:

This ISP flatfoot enjoys giving spammers the boot

The most trying part of Louis Rush’s job is confronting scofflaws, some of whom are hardened criminals, to inform them they’ve been caught. Network World, 09/13/04.

Crime and punishment

Computer security breaches are a recurring problem for companies, particularly those that conduct business online. Based on results of its annual survey of e-commerce crime, security company CyberSource estimates online crooks made away with 1.7%, or $1.6 billion, of 2003 U.S. business-to-consumer e-commerce revenue. Network World, 09/13/04.

Relocation services firm digs out worms

Relocation services firm Sirva was hit so hard by the wave of computer worms and viruses that swept the Internet this time last year, that preventing future attacks became a top priority for the company. Network World, 09/13/04.

Symantec service to fight phishing

Symantec this week will release an anti-fraud service designed to protect financial institutions and retailers, as well as their customers, from phishing attacks. Network World, 09/13/04.

Vendors unveil new security lines of defense

Security vendor McAfee last week unveiled a line of appliances and services for combating spam and viruses, while start-up iPolicy Networks introduced a line of intrusion-prevention systems with content filtering. Network World, 09/13/04.

New options for secure remote access

3am Labs this month is debuting three products that aim to do just that: Provide highly secure PC remote access and administrative tools to manage users’ connections. And two of the three products are free. Network World, 09/13/04.

Enterprise WLAN security meets small offices

Interlink Networks’ new product, LucidLink, aims to give small offices with limited or no IT support the best of both worlds. Network World, 09/13/04.

ISP Telenor cripples zombie PC network

Authorities in Singapore shut down a large network of around 10,000 robot, or “zombie,” computers this week, after technicians at Norwegian Internet service provider Telenor stumbled on the illicit network by tracing Internet Relay Chat communications from compromised customer PCs on its system. IDG News Service, 09/10/04.

Spam on the menu at annual virus conference

Computer viruses and worms will have to share the stage with a new challenger for the attention of attendees at a conference of anti-virus researchers: spam e-mail. IDG News Service, 09/09/04.

German teenager indicted over Sasser worm

Prosecutors in Verden, Germany, Wednesday indicted an 18-year-old student for allegedly creating the Sasser worm that crashed hundreds of thousands of computers worldwide after spreading at lighting speed over the Internet. IDG News Service, 09/09/04.

McAfee AV ate my application

An Australian software developer has been left fuming after the latest virus definition update from McAfee caused his package to be wrongly identified as a Trojan horse programme. The Register, 09/07/04.