Friday, July 16, 2004

Secunia - Virus Information - BAGLE.AF

Secunia - Virus Information - BAGLE.AF

This one is spreading significantly.

This is a mass-mailing worm with the following characteristics:

* contains its own SMTP engine to construct outgoing messages
* harvests email addresses from the victim machine
* the From: address of messages is spoofed
* attachment can be a password-protected zip file, with the password included in the message body.
* contains a remote access component (notification is sent to hacker)
* copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)
* uses various mutex names selected from those W32/Netsky variants have used, in order to prevent those W32/Netsky variants running on infected machines.





Tuesday, July 13, 2004

Microsoft Security Bulletin Summary for July, 2004

Of these, two are Critical.

Microsoft Security Bulletin Summary for July, 2004

MS04-024: Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) rated as: IMPORTANT http://www.microsoft.com/technet/security/bulletin/MS04-024.mspx

MS04-023: Vulnerability in HTML Help Could Allow Code Execution (840315):
MS04-023
rated as: CRITICAL
http://www.microsoft.com/technet/security/bulletin/MS04-023.mspx

MS04-022: Vulnerability in Task Scheduler Could Allow Code Execution
(841873)
rated as: CRITICAL
http://www.microsoft.com/technet/security/bulletin/MS04-022.mspx

MS04-021: Security Update for IIS 4.0 (841373) rated as: IMPORTANT http://www.microsoft.com/technet/security/bulletin/MS04-021.mspx

MS04-020: Vulnerability in POSIX Could Allow Code Execution (841872) rated as: IMPORTANT http://www.microsoft.com/technet/security/bulletin/MS04-020.mspx

MS04-019: Vulnerability in Utility Manager Could Allow Code Execution
(842526)
rated as: IMPORTANT
http://www.microsoft.com/technet/security/bulletin/MS04-019.mspx

MS04-018: Cumulative Security Update for Outlook Express (823353) rated as: MODERATE http://www.microsoft.com/technet/security/bulletin/MS04-018.mspx

Monday, July 12, 2004