• United States

Virus headaches

Mar 04, 20045 mins

* Patches from FreeBSD, Red Hat, Debian, others * Beware another variant of Agobot * With Bagle, Netsky, March comes in like a worm, and other interesting reading

‘Worm war’ behind recent virus releases

Anti-virus experts have identified new versions of three major e-mail worms and say that a “war” between rival virus writers may be to blame for the rash of outbreaks in recent weeks. New versions of the MyDoom, Netsky and Bagle have all appeared on the Internet in the last 24 hours. Researchers have uncovered text messages in two of the worms that suggests a battle is underway between virus writers, anti-virus companies said on Wednesday. IDG News Service, 03/03/04.

Today’s bug patches and security alerts:

FreeBSD patches tcp

A flaw in the way FreeBSD handles out-of-sequence TCP packets could be exploited by an attacker to launch a low-bandwidth denial-of-service attack against the affected machine. For more, go to:


Red Hat issues patch for libxml2

A flaw in the way libxml2 parses remote data retrieved using FTP or HTTP could be exploited to cause a buffer overflow. This in turn could be used to run arbitrary code on the affected machine. For more, go to:

Red Hat releases updates SANE packages

According to an alert from Red Hat, “A recent change in the way that the dynamic loader searches for shared libraries has exposed a problem with the SANE ‘backend’ shared libraries.  This problem may result in scanners not being recognized as available by SANE.” For more, go to:


SGI updates 11, 12 and 13

Over the past week SGI has pushed out three updates that fix a number of problems in various packages used in ProPack v2.4 and ProPack v2.3. For more, go to:

SGI update #11:

SGI update #12:

SGI update #13:


Debian updates mips kernel 2.4.19

Several vulnerabilities in Debian’s Linux kernel 2.4.19 for mips systems have been patched. For more, go to:

A similar kernel update is available for 2.2.22 alpha kernel:

Debian issues fix for Apache mod_python

A flaw in the Apache Python module for Debian could be exploited in a denial-of-service against the affected machine. For more, go to:

Debian patches xboing flaw

A buffer overflow in the xboing game could be exploited by a local user to gain the privileges of the group ‘games’. For more, go to:


Flaw in Symantec Gateway Security 2.0 fixed

A cross scripting vulnerability has been found in Symantec Gateway Security’s management service. This flaw could be exploited by an attacker to hijack a management session. Symantec has issued a fix for the problem:


Today’s roundup of virus alerts:

W32/Hiton-A – A new mass-mailing worm being reported by Sophos, but that’s all the details they have. (Sophos)

W32/Agobot-DG – Yet another Agobot variant that attempts to spread via network shares by exploiting the DCOM and RPC Windows vulnerabilities. The virus installs a backdoor to the infected system accessible by an IRC channel. (Sophos)

W32/MyDoom-G – A variant of the MyDoom mass mailing worm with a twist. It won’t send itself to certain domains, such as those owned by anti-virus companies, universities or Linux vendors. (Sophos)


From the interesting reading department:

With Bagle, Netsky, March comes in like a worm

Conventional wisdom claims March comes in like a lion and goes out like a lamb. But with new versions of the Bagle e-mail worm and a virulent new form of Netsky virus, March’s arrival is looking more wormy than leonine. IDG News Service, 03/01/04.

Microsoft to make its software ‘behave’

Microsoft’s revelation last week that it is adopting a new approach to computer security dubbed “behavior blocking” represents a radical shift in the company’s software design strategy that could pay off for attack-weary Windows users, industry watchers say. Network World, 03/01/04.

What are they thinking?

Knowing hackers’ favorite attack patterns and motivations can lead to better network security. Network World, 03/01/04.

Review: Secure Shell software

New SSH Communications’ offering adds ease of use to its Tectia package. Network World, 03/01/04.

Software helps battle network security threats

Two vendors recently upgraded products that promise to help network executives identify potential threats and reduce the effects of vulnerabilities on revenue-generating applications. Network World, 03/01/04.

SonicWall intrusion-prevention service on tap

SonicWall is adding intrusion prevention to its IPSec VPN and firewall appliances, offering users a way to protect small and midsize businesses as well as branch offices from multiple security threats using a single device. Network World, 03/01/04.