* Patches from Conectiva, Gentoo, others * Beware latest MyDoom variant and variety of Sbot and Rbot variants * This ISP flatfoot enjoys giving spammers the boot , and other interesting reading XP Service Pack 2 update: Finally, got the behemoth downloaded and installed on my wife’s new laptop. Nothing happened the first time I pushed “download” a few weeks back after getting the initial prompt. This go around I ran the Windows Update myself to force the download. Our version of the update came to 102 megabytes, which took around 20 minutes or so to download over our Verizon DSL line (freshly upgraded to 3M bit/sec download speeds). The install probably took another 20 minutes or so. After that, everything ran pretty smoothly. We have found any major issues yet. The only minor things were our McAfee Security Center and the new Microsoft Security Center wanted to battle for control and the Microsoft firewall seemed to want to block every application. But I think we have the squared away.Now to install it on my primary desktop, which was originally converted from Windows ME to XP. But first, I need to back the thing up…Today’s bug patches and security alerts:New Apple security update available A new Apple Mac OS X updates for Versions 2.8 (Jaguar) through 3.5 (Panther). The update fixes problems with Apache, CoreFoundation, IPSec, Kerberos, lukemftpd, OpenLDAP, OpenSSH, PPPDialer, QuickTime Streaming Server, rsync, Safari, SquirrelMail and tcpdump. For more, go to:https://docs.info.apple.com/article.html?artnum=61798 **********Samba DoS fixedSecuriTeam is waring of a flaw in version of Samba prior to 3.0.6 and 2.2.11 that could exploited in a denial-of-service attack against the Samba Daemon (smbd). For more, go to:https://us4.samba.org/samba/history/3.0_DOS_sept04_announce.txtGentoo:https://security.gentoo.org/glsa/glsa-200409-14.xml **********SecurityTracker warns of OpenSSH flawA flaw in the way OpenSSH works with anonymous services could be exploited in “port bouncing” attack. This could leave a machine vulnerable long enough for e-mail to be forwarded from it. For more, go to:https://www.securitytracker.com/alerts/2004/Sep/1011143.html **********Conectiva patches wvA buffer overflow in wv, an application that allows access to Microsoft Word files, could be exploited by an attacker to run their code of choice on the affected machine. For more, go to:https://www.nwfusion.com/go2/0913bug1a.htmlConectiva releases Kerberos 5 updateA couple of vulnerabilities have been found in the MIT Kerberos 5 code. One flaw could be exploited to run code on an affected system, the other in a denial-of-service attack. For more, go to:https://www.nwfusion.com/go2/0913bug1b.html**********Gentoo patches LHaAccording to an alert from Gentoo, “Several buffer overflows and a shell metacharacter command execution vulnerability have been found in LHa. These vulnerabilities can be used to execute arbitrary code.” For more, go to:https://security.gentoo.org/glsa/glsa-200409-13.xml**********Today’s roundup of virus alerts:W32/Sdbot-RY – Another newsletter, another bot that spreads via network shares and uses IRC as a backdoor. This Sdbot variant copies itself into the Windows System folder as “spoolsvc.exe” and can be used as a proxy server, to delete network shares and steal game information. (Sophos)W32/Sdbot-OV – This Sdbot variant infects the file “usb32.exe” in the Windows System folder and can used to launch denial-of-service attacks, as a proxy server and stealing game application information. (Sophos)W32/Sdbot-OY – This is a typical Sdbot variant. The file it infects in the Windows System directory: “sload32.exe”. (Sophos)Troj/Delf-DU – A Trojan horse that copies itself to “services.exe” in the Windows System directory and terminates a number of applications. It can also be used to download code via IRC. (Sophos)W32/Rbot-IK – An Rbot variant used to steal applications keys for popular games. This variant uses a random file name as its infection point and spreads via network shares by attempting to exploit vulnerabilities or previous infections. (Sophos)W32/Rbot-IL – A typical Rbot variant that spreads by network shares and gets remote commands via IRC. This one deletes a number of commonly named network drives. (Sophos)W32/Rbot-IO – Yet another Rbot variant. This one infects the file “WUAMGDR.EXE” in the Windows System folder. No word on any permanent damage caused, but it does have IRC backdoor functionality. (Sophos)W32/Rbot-IT – See Rbot-IO above, replacing the file name with “mswinc.exe”. (Sophos)W32/Forbot-Q – A bot that can used for distributed denial of service attacks, to run a Socks proxy server or obtain information about the infected computer. It spreads by trying to exploit the Windows LSASS vulnerability and infects the file “”ssvchost.exe” in the Windows System folder. (Sophos)W32/MyDoom-V – Yet another MyDoom variant. Similar to its predecessor, this one spreads via e-mail and infects the file “windrv32.exe”. It uses a variety of e-mail subjects, body text and attachment names in its quest to spread. (Sophos)**********From the interesting reading department:This ISP flatfoot enjoys giving spammers the bootThe most trying part of Louis Rush’s job is confronting scofflaws, some of whom are hardened criminals, to inform them they’ve been caught. Network World, 09/13/04.https://www.nwfusion.com/news/2004/091304widernetearthlink.html?nlCrime and punishmentComputer security breaches are a recurring problem for companies, particularly those that conduct business online. Based on results of its annual survey of e-commerce crime, security company CyberSource estimates online crooks made away with 1.7%, or $1.6 billion, of 2003 U.S. business-to-consumer e-commerce revenue. Network World, 09/13/04.https://www.nwfusion.com/careers/2004/0913man.html?nlRelocation services firm digs out wormsRelocation services firm Sirva was hit so hard by the wave of computer worms and viruses that swept the Internet this time last year, that preventing future attacks became a top priority for the company. Network World, 09/13/04.https://www.nwfusion.com/news/2004/091304sirva.html?nlSymantec service to fight phishingSymantec this week will release an anti-fraud service designed to protect financial institutions and retailers, as well as their customers, from phishing attacks. Network World, 09/13/04.https://www.nwfusion.com/news/2004/091304symantec.html?nlVendors unveil new security lines of defenseSecurity vendor McAfee last week unveiled a line of appliances and services for combating spam and viruses, while start-up iPolicy Networks introduced a line of intrusion-prevention systems with content filtering. Network World, 09/13/04.https://www.nwfusion.com/news/2004/091304security.html?nlNew options for secure remote access3am Labs this month is debuting three products that aim to do just that: Provide highly secure PC remote access and administrative tools to manage users’ connections. And two of the three products are free. Network World, 09/13/04.https://www.nwfusion.com/net.worker/news/2004/091304netlead.html?nlEnterprise WLAN security meets small officesInterlink Networks’ new product, LucidLink, aims to give small offices with limited or no IT support the best of both worlds. Network World, 09/13/04.https://www.nwfusion.com/net.worker/news/2004/0913netinterlink.htmlISP Telenor cripples zombie PC networkAuthorities in Singapore shut down a large network of around 10,000 robot, or “zombie,” computers this week, after technicians at Norwegian Internet service provider Telenor stumbled on the illicit network by tracing Internet Relay Chat communications from compromised customer PCs on its system. IDG News Service, 09/10/04.https://www.nwfusion.com/news/2004/0910isptelen.html?nlSpam on the menu at annual virus conferenceComputer viruses and worms will have to share the stage with a new challenger for the attention of attendees at a conference of anti-virus researchers: spam e-mail. IDG News Service, 09/09/04.https://www.nwfusion.com/news/2004/0909spamonth.html?nlGerman teenager indicted over Sasser wormProsecutors in Verden, Germany, Wednesday indicted an 18-year-old student for allegedly creating the Sasser worm that crashed hundreds of thousands of computers worldwide after spreading at lighting speed over the Internet. IDG News Service, 09/09/04.https://www.nwfusion.com/news/2004/0909germateena.html?nlMcAfee AV ate my applicationAn Australian software developer has been left fuming after the latest virus definition update from McAfee caused his package to be wrongly identified as a Trojan horse programme. The Register, 09/07/04.https://www.theregister.co.uk/2004/09/07/mcafee_false_alarm/ Related content feature 5 ways to boost server efficiency Right-sizing workloads, upgrading to newer servers, and managing power consumption can help enterprises reach their data center sustainability goals. By Maria Korolov Dec 04, 2023 9 mins Green IT Green IT Green IT news Omdia: AI boosts server spending but unit sales still plunge A rush to build AI capacity using expensive coprocessors is jacking up the prices of servers, says research firm Omdia. By Andy Patrizio Dec 04, 2023 4 mins CPUs and Processors Generative AI Data Center feature What is Ethernet? History, evolution and roadmap The Ethernet protocol connects LANs, WANs, Internet, cloud, IoT devices, Wi-Fi systems into one seamless global communications network. By John Breeden Dec 04, 2023 11 mins Networking news IBM unveils Heron quantum processor and new modular quantum computer IBM also shared its 10-year quantum computing roadmap, which prioritizes improvements in gate operations and error-correction capabilities. By Michael Cooney Dec 04, 2023 5 mins CPUs and Processors High-Performance Computing Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe