Returning vacationers cause problems

Ugh. Just when you thought the virus threat of the past 10 days had past, it rears its ugly head again. Some co-workers that were on vacation the past couple weeks and had their laptops with them, did not get all the necessary virus and Windows updates to protect them from Sobig, Nachia/Welchia and Blaster. So they may have picked up an infection while outside the office and brought it in, or an infected machine inside our firewall that evaded cleaning last week found some fresh targets this morning. Either way, our network performance here in the office has been spotty and getting through the weekend’s e-mail load has been slow to frustrating at best. Not the best way to kick off a Monday.

Speaking of virus protection, reader Erik Williams writes in:

I find one of the reasons people are so open to getting viruses is because most new PC’s come with a AV program and 3 free months of definitions. After that, you have to pay for the service.  But how many people do you know who actually pay for the definitions after that period is up, or even know that they have to?

Good question. I also think it’s part: “Why pay the money? I won’t get hit.”

Today’s bug patches and security alerts:

Red Hat releases GDM update

A flaw in Red Hat’s GDM package allows any local user to view any file on the affected system. For more, go to:

https://www.redhat.com/apps/support/errata/index.html

**********

SCO releases patch for metamail

A buffer overflow exists in Version 2.7 and prior of metamail, a MIME implementation for UnixWare and OpenServer. An attacker could exploit the flaw to run arbitrary code on the affected machine. Download the patch:

ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2003-SCO.15

**********

Conectiva patches openslp

A symbolic link vulnerability exists in openslp, an open source version of the Service Location Protocol. An attacker could exploit the vulnerability to reset the contents of a file. For more, go to:

https://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000723

**********

Today’s roundup of virus alerts:

W32/Pandem-B – A worm that spreads via e-mail, IRC and the Kazaa file-sharing network. It purports to be a Windows update from Microsoft, but really is a backdoor Trojan Horse. (Sophos)

W32/Agobot-Q – Another backdoor Trojan horse that attempts to exploit Windows’ DCOM RPC vulnerability. An attacker can connect to the rogue client via IRC. (Sophos)

Caraga – A Word macro virus that infects the normal.dot template. The virus disables a number of Word’s features and toolbars. (Panda Software)

**********

From the interesting reading department:

Technology Insider: Internet security

How dangerous is the ‘Net? Check out our two-week slice of Internet activity from several vantage points to see where attacks are coming from, how hackers are getting into corporate nets and what they’re after.  Network World, 08/25/03.

https://www.nwfusion.com/techinsider/2003/0825techinsider.html

Net anonymity service back-doored

The popular Java Anonymous Proxy (JAP), used to anonymise one’s comings and goings across the Internet, has been back-doored by court order. The Register, 08/21/03.

https://theregister.co.uk/content/55/32450.html

Baylor University signs up for difficult course on WLAN security

Baylor University learns about wireless LAN security in the school of hard knocks. Network World, 08/25/03.

https://www.nwfusion.com/news/2003/0825baylor.html

Worm outbreaks saturate networks

Last week went down as one of the worst computer security weeks ever, as a spate of new worms crippled corporate and government networks that rely on Microsoft software. Network World, 08/25/03.

https://www.nwfusion.com/news/2003/0825worms.html

Sobig.F worm could have originated on Usenet

The Sobig.F worm, which is estimated to have infected more than 100,000 computers and generated tens of millions of e-mails, could have begun life disguised as a pornographic picture in a posting to a handful of Usenet newsgroups. IDG News Service, 08/25/03.

https://www.nwfusion.com/news/2003/0825sobiguse.html

All is quiet as deadline for Sobig attack passes

The Internet was quiet as the clock ticked past the scheduled start time for a massive, coordinated action by Microsoft Windows machines infected with the Sobig.F virus. IDG News Service, 08/22/03.

https://www.nwfusion.com/news/2003/0822bigquiet.html

SoBig.F’s porn and mob connections

Two new bits of info on the Sobig.F virus have come to light. Geek.com, 08/25/03.

https://www.geek.com/news/geeknews/2003Aug/gee20030825021447.htm

Symantec pumps up handheld anti-virus products

Symantec last week announced its first anti-virus software for Palm Pilot operating system and Microsoft PocketPC-based handhelds, making it possible for businesses to centrally manage the devices’ anti-virus configurations and updates. Network World, 08/25/03.

https://www.nwfusion.com/news/2003/0825symantec.html

Flash memory quickly becoming security risk

As if there weren’t enough risks, security experts have begun warning people about the threat of Flash Memory devices. Geek.com, 08/25/03.

https://www.geek.com/news/geeknews/2003Aug/gee20030825021452.htm

Microsoft ponders automatic patching

In the wake of a widespread Internet worm, Microsoft Thursday said it is weighing options to get more users to secure their computers, including automatically applying security patches to PCs remotely. IDG News Service, 08/22/03.

https://www.nwfusion.com/news/2003/0822mspatch.html

Messaging security services vendor lands funding

Last December, after signing on with a spam-filtering service, national law firm Gray Cary blocked about 47% of its 661,000incoming messages. Last month, the firm banned about 65% of its 1.1 million messages from arriving in end users’ mailboxes. The Edge, 08/21/03

https://www.nwfusion.com/edge/news/2003/0821front.html