-----Original Message----- From: InfraGard [mailto:infragard@private] Sent: Friday, June 27, 2003 7:44 AM To: Information Technology Subject: [Information_technology] Daily News 6/27/03 June 26, Computerworld Sobig.E worm spreading around globe. The latest version of the Sobig worm, Sobig.E, has been making its way through computer networks around the world since Wednesday. The worm spreads by scouring an infected computer's hard drive for e-mail addresses in address books or even Web browser cache files, then sends itself out to the addresses it finds. It can spoof its sender's address, so the recipients believe they are receiving a message from someone they know. Graham Cluley of anti-virus software vendor Sophos says the new version of Sobig, which is set to expire on July 14, is being sent as a .zip file, perhaps to allow it to spread in corporate environments where .exe and other file types are automatically blocked in incoming e-mails. Marty Lindner of the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, said the rapid spread of the worm since yesterday means recipients are still opening files in messages even when they have been warned countless times that it's unsafe to do so. Users should update their anti-virus software and should not open unsolicited attachments. Source: http://www.computerworld.com/securitytopics/security/virus/story/0,10801 ,825 12,00.html?SKC=news82512 June 25, CNET News.com IE flaw could unearth worm. A vulnerability in Microsoft's Internet Explorer could result in the creation of a serious Internet worm, security experts have warned. However, there is no proof that the vulnerability foretells the execution of arbitrary code. The buffer overflow vulnerability is triggered by a malicious Java script that can be embedded in an HTML document. When a Web page or HTML file containing the malicious script is viewed by Internet Explorer, versions 5 and 6, the buffer is overrun and the browser crashes. The code was posted to the BugTraq security mailing list early Sunday morning. Microsoft wasn't pleased with the premature revelation of the vulnerability before its security teams got a chance to look into the matter. There is currently no patch unavailable. Source: http://rss.com.com/2100-1009_3-1020919.html?type=pt&part=rss&tag=feed&su bj=n ews June 25, IDG News Service Serious security holes, buggy code found in Symantec products. On Monday, anti-virus software company Symantec acknowledged a report about a serious security flaw in Symantec Security Check, an online service that enables users to scan their computer's vulnerability to a number of security threats. An ActiveX control installed by the Security Check service contains a buffer overflow vulnerability that could enable a remote attacker to crash or run malicious code on systems that had the control installed. Symantec updated the ActiveX control in the Security Check service, but security researchers monitoring the issue noted attackers who have a copy of the flawed ActiveX code with a valid Symantec digital signature could trick a Microsoft Windows system into accepting the control, opening that system to attack. Also on Monday customers using Symantec AntiVirus Corporate Edition reported that an automated anti-virus definition update from the company caused the anti-virus software to fail. Symantec subsequently provided instructions on how to repair systems that had downloaded the faulty update. Source: http://www.idg.net/ic_1324888_9716_1-5046.html Internet Security Systems - AlertCon: 1 out of 4 https://gtoc.iss.net/ Last Changed 10 June 2003 Security Focus ThreatCon: 1 out of 4 www.securityfocus.com Last Changed 11 June 2003 Current Virus and Port Attacks Virus: #1 Virus in USA: WORM_LOVGATE.F Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 137 (netbios-ns), 80 (www), 445 (microsoft-ds), 1434 (ms-sql-m), 4662 (eDonkey2000), 139 (netbios-ssn), 6346 (gnutella-svc), 113 (ident), 0 (---), 9007 (---) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Fri Jun 27 2003 - 09:22:41 PDT