• United States

XP SP2 VPN problem fixed

Sep 23, 20045 mins

* Patches from Conectiva, OpenPKG, HP, others * Beware latest Sdbot, Sasser variants * When outsourcing, don't forget security, experts say, and other interesting reading

Network World Fusion Radio: Symantec’s Internet Security Threat Report

Symantec this week released its semi-annual Internet Security Threat Report that covers the first half of 2004 and the numbers are not good. Bot networks are up from 2,000 at the beginning of the year to 30,000 as of the end of June and there are some 10,000 malicious programs that could infect a Windows PC. Joining us to discuss the findings is Dean Turner, executive editor of the Internet Security Threat Report for Symantec. Network World Fusion, 09/23/04.

Today’s bug patches and security alerts:

XP SP2 distribution accelerated, VPN problem fixed

Microsoft will accelerate the rollout of Windows XP Service Pack 2 over the next month and has released the first official update for SP2 to fix a problem some users had with VPNs. IDG News Service, 09/22/04.

Exploit posted for Microsoft JPEG flaw, 09/21/04


Conectiva patches kde

Multiple vulnerabilities have been fixed in the latest kde release for Conectiva Linux. Most of the flaws could be exploited to run code on the affected machine. For more, go to:

Conectiva releases fix for SpamAssassin

A denial-of-service vulnerability has been found in SpamAssassin for Conectiva. An attacker could send a malformed message through the system, causing it to crash. For more, go to:

Conectiva issues patch for qt3

A heap overflow in qt3 could be exploited by a specially crafted BMP image and used to gain access to the affected user account. For more, go to:

Conectiva zlib fix available

A flaw in zlib could be exploited by an attacker to run a denial-of-service attack against any application that uses the zlib compression library. For more, go to:


OpenPKG patches kerberos

A new update from OpenPKG patches a number of vulnerabilities in the Kerberos authentication system. For more, go to:


HP patches Web Jetadmin

A flaw found in HP Web Jetadmin could be exploited by a remote user to run commands on the affected machine. Download Version 7.6 to fix the problem:


Debian, Gentoo, Mandrake Linux patch Webmin

According to the Mandrake Linux alert, “A temporary directory was used in webmin, however it did not check for the previous owner of the directory.  This could allow an attacker to create the  directory and place dangerous symbolic links inside.” For more, go to:



Mandrake Linux:


Debian releases fix for imagemagic

A buffer overflow in imagemagic could be exploited by a specially crafted image or movie file. An attacker could use this in a denial-of-service attack or to potentially run commands on the affected machine. For more, go to:


Today’s roundup of virus alerts:

W32/Sdbot-PI – A Sdbot variant that spreads via network shares, uses IRC for backdoor access and installs itself as “ntlogin32.exe’ in the Windows System folder. It can be used to steal CD keys, transfer files, act as a proxy and launch DoS attacks. (Sophos)

W32/Sdbot-PJ – This Sdbot variant installs itself as “msnmngr.exe” in the Windows System folder. It’s used to run code on the infected machine. (Sophos)

W32/Sdbot-PK – Another Sdbot variant. This one uses the  file name “msfrewall.exe”. (Sophos)

W32/Squirrel-A – A virus that overwrites EXE files, rendering them useless. No word on how it spreads. (Sophos)

W32/Forbot-AE – A bot that uses random file names to infect a machine and connects to IRC to recieve commands and malicious code from an attacker. (Sophos)

Evaman.D/MyDoom-Y – An e-mail worm that uses varying message attributes to spread between machines. It disables anti-virus applications running on the infected machine. (Panda Software, Sophos)

W32/Rbot-KZ – An Rbot variant that tries to exploit multiple Windows vulnerabilities as it spreads via network shares. It installs itself in the Systems folder as “Win32x.exe” and can be used for backdoor access, keystroke logging and information theft. (Sophos)

W32/Sasser-G – A Sasser variant that tries to exploit the LSASS flaw in Windows as it spreads through network shares. It tries to download code via FTP from a remote site. (Sophos)


From the interesting reading department:

When outsourcing, don’t forget security, experts say

When it comes to outsourcing IT operations to countries such as India and China, companies often focus on slashing costs and gaining productivity but fail to take into account the cultural differences that may affect their security, according to experts attending the Gartner IT Security Summit in London on Tuesday. IDG News Service, 09/21/04.

PC security threats hit new high

The numbers of viruses, worms, Trojans and other malicious programs aimed at PC users has now surpassed 100,000. According to security firm McAfee, a variant of the Sdbot bug has the honour of being the 100,000th security threat. BBC Online, 09/21/04.

Ireland blocks calls to 13 countries to thwart ‘Net scam

Ireland’s telecom regulator said this week that is taking “extraordinary” measures to protect Internet users from rogue autodialer programs that hijack their modems and run up long-distance phone charges by suspending direct dialing to 13 countries, most of which are South Pacific islands. IDG News Service, 09/22/04.