NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 09/23/04 Today's focus: XP SP2 VPN probled fixed
Dear [EMAIL PROTECTED], In this issue: * Patches from Conectiva, OpenPKG, HP, others * Beware latest Sdbot, Sasser variants * When outsourcing, don't forget security, experts say, and ��other interesting reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Altris Try telling your boss you were beaten by a worm. With Altiris, you'll never have to. Altiris Patch Management Solution(tm) allows companies to proactively manage patches and software updates by automating the collection, analysis, and delivery of patches across the enterprise. Find out how Altiris can solve your patch problems: http://www.fattail.com/redir/redirect.asp?CID=81306 _______________________________________________________________ DOWNLOAD THE LATEST SPECIAL REPORTS FROM NETWORK WORLD Focused reports on compelling industry topics, Network World Special Reports are available online at Network World Fusion. Network World Special Reports on Mobility, IP Telephony Security, the State of Wireless LANs and more are currently available. Download any or all of our Special Reports at: http://www.fattail.com/redir/redirect.asp?CID=81409 _______________________________________________________________ Today's focus: XP SP2 VPN probled fixed By Jason Meserve Network World Fusion Radio: Symantec's Internet Security Threat Report Symantec this week released its semi-annual Internet Security Threat Report that covers the first half of 2004 and the numbers are not good. Bot networks are up from 2,000 at the beginning of the year to 30,000 as of the end of June and there are some 10,000 malicious programs that could infect a Windows PC. Joining us to discuss the findings is Dean Turner, executive editor of the Internet Security Threat Report for Symantec. Network World Fusion, 09/23/04. <http://www.nwfusion.com/research/2004/0923radio.html?nl> Today's bug patches and security alerts: XP SP2 distribution accelerated, VPN problem fixed Microsoft will accelerate the rollout of Windows XP Service Pack 2 over the next month and has released the first official update for SP2 to fix a problem some users had with VPNs. IDG News Service, 09/22/04. <http://www.nwfusion.com/news/2004/0922xpsp2d.html?nl> Exploit posted for Microsoft JPEG flaw, 09/21/04 <http://www.nwfusion.com/news/2004/0921exploposte.html?nl> ********** Conectiva patches kde Multiple vulnerabilities have been fixed in the latest kde release for Conectiva Linux. Most of the flaws could be exploited to run code on the affected machine. For more, go to: <http://www.nwfusion.com/go2/0920bug2a.html> Conectiva releases fix for SpamAssassin A denial-of-service vulnerability has been found in SpamAssassin for Conectiva. An attacker could send a malformed message through the system, causing it to crash. For more, go to: <http://www.nwfusion.com/go2/0920bug2b.html> Conectiva issues patch for qt3 A heap overflow in qt3 could be exploited by a specially crafted BMP image and used to gain access to the affected user account. For more, go to: <http://www.nwfusion.com/go2/0920bug2c.html> Conectiva zlib fix available A flaw in zlib could be exploited by an attacker to run a denial-of-service attack against any application that uses the zlib compression library. For more, go to: <http://www.nwfusion.com/go2/0920bug2d.html> ********** OpenPKG patches kerberos A new update from OpenPKG patches a number of vulnerabilities in the Kerberos authentication system. For more, go to: <http://www.openpkg.org/security/OpenPKG-SA-2004.039-kerberos.txt ********** HP patches Web Jetadmin A flaw found in HP Web Jetadmin could be exploited by a remote user to run commands on the affected machine. Download Version 7.6 to fix the problem: <http://www.hp.com/go/webjetadmin> ********** Debian, Gentoo, Mandrake Linux patch Webmin According to the Mandrake Linux alert, "A temporary directory was used in webmin, however it did not check for the previous owner of the directory. This could allow an attacker to create the directory and place dangerous symbolic links inside." For more, go to: Debian: <http://www.debian.org/security/2004/dsa-544> Gentoo: <http://security.gentoo.org/glsa/glsa-200409-15.xml> Mandrake Linux: <http://www.nwfusion.com/go2/0920bug2e.html> ********** Debian releases fix for imagemagic A buffer overflow in imagemagic could be exploited by a specially crafted image or movie file. An attacker could use this in a denial-of-service attack or to potentially run commands on the affected machine. For more, go to: <http://www.debian.org/security/2004/dsa-547> ********** Today's roundup of virus alerts: W32/Sdbot-PI - A Sdbot variant that spreads via network shares, uses IRC for backdoor access and installs itself as "ntlogin32.exe' in the Windows System folder. It can be used to steal CD keys, transfer files, act as a proxy and launch DoS attacks. (Sophos) W32/Sdbot-PJ - This Sdbot variant installs itself as "msnmngr.exe" in the Windows System folder. It's used to run code on the infected machine. (Sophos) W32/Sdbot-PK - Another Sdbot variant. This one uses the file name "msfrewall.exe". (Sophos) W32/Squirrel-A - A virus that overwrites EXE files, rendering them useless. No word on how it spreads. (Sophos) W32/Forbot-AE - A bot that uses random file names to infect a machine and connects to IRC to recieve commands and malicious code from an attacker. (Sophos) Evaman.D/MyDoom-Y - An e-mail worm that uses varying message attributes to spread between machines. It disables anti-virus applications running on the infected machine. (Panda Software, Sophos) W32/Rbot-KZ - An Rbot variant that tries to exploit multiple Windows vulnerabilities as it spreads via network shares. It installs itself in the Systems folder as "Win32x.exe" and can be used for backdoor access, keystroke logging and information theft. (Sophos) W32/Sasser-G - A Sasser variant that tries to exploit the LSASS flaw in Windows as it spreads through network shares. It tries to download code via FTP from a remote site. (Sophos) ********** >From the interesting reading department: When outsourcing, don't forget security, experts say When it comes to outsourcing IT operations to countries such as India and China, companies often focus on slashing costs and gaining productivity but fail to take into account the cultural differences that may affect their security, according to experts attending the Gartner IT Security Summit in London on Tuesday. IDG News Service, 09/21/04. <http://www.nwfusion.com/news/2004/0921whenoutso.html?nl> PC security threats hit new high The numbers of viruses, worms, Trojans and other malicious programs aimed at PC users has now surpassed 100,000. According to security firm McAfee, a variant of the Sdbot bug has the honour of being the 100,000th security threat. BBC Online, 09/21/04. <http://news.bbc.co.uk/1/hi/technology/3673814.stm> Ireland blocks calls to 13 countries to thwart 'Net scam Ireland's telecom regulator said this week that is taking "extraordinary" measures to protect Internet users from rogue autodialer programs that hijack their modems and run up long-distance phone charges by suspending direct dialing to 13 countries, most of which are South Pacific islands. IDG News Service, 09/22/04. <http://www.nwfusion.com/news/2004/0922irelablock.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by Alterpoint Read the latest analyst report on Network Change and Configuration Management (NCCM) written by EMA's Dennis Drogseth. This report discusses the latest developments in the NCCM market, including an in-depth look at DeviceAuthority Suite, a comprehensive solution for configuring, changing, and controlling today's complex, multi-vendor IT network infrastructures. Download the report today to learn how you can leverage NCCM to reduce the cost and complexity of managing network change. http://www.fattail.com/redir/redirect.asp?CID=81348 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE GETTING AHEAD OF SARBANES-OXLEY The Sarbanes-Oxley Act of 2002, which was passed in the wake of accounting scandals at firms such as Enron and WorldCom, is one of the greatest challenges to companies' corporate reporting and compliance efforts. Find out how Thermo Electron's Michael Kamens is meeting the requirement for having a properly audited system of internal controls and processes is in place by November. Click here <http://www.nwfusion.com/news/2004/092004yourtakethermo.html?ts> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
