| Scam : 2003-Dec-29 DBS bank online account holders are urged to exercise caution when logging on to the bank's online website. A web site in Hong Kong masquerading as the legitimate site is attempting to fool users into releasing their account username and password. E-mail phishing attacks jumped over 400 percent in late December. Phishing, the term used to describe malignant e-mail posing as legitimate messages from banks, retailers, and credit card companies, soared in November and December as scammers took advantage of the holiday rush to try to trick users into divulging personal and financial information.
Scam : 2003-Dec-2
From the sample we received, our investigation showed that the link contained in faked email would bring you to a machine in Korea with the address 211.36.224.18 and attempts to connect to port 10093. You would then be presented with a login page, which the site operator uses to harvest your password. As of now, the site is still operational and its faked login page looks very official. Here's an excerpt from Maybank's official press release: Maybank would like to clarify that such e-mail messages are not issued by Maybank and advises customers NOT to login to any of the website links contained in the e-mail. If any customer had clicked on the link in the e-mail, they are advised to change their password immediately, by directly logging in through www.maybank2u.com Since Maybank doesn't seem to be proactive and is reactiving very passively, we would like to advise all Maybank's customers to be wary of any email messages asking you to change password; when in doubt, call and ask.
Security : 2003-Nov-12 For the month of November, Microsoft issued several patches to fix two critical security holes in its Windows operating system and Internet Explorer browser.
Virus : 2003-Nov-1 A new email virus, known as "W32.Mimail.C@mm", spreads with the subject "our private photos [random string of letters]" and the attachment "photos.zip", is spreading rapidly through many organizations' email in the US. It is a variant of the "W32.Mimail.A@mm" virus and behaves similarly. Once infected, it will scour victim's system for valid email addresses and send itself to those addresses via its own SMTP engine.
Security : 2003-Oct-16 Microsoft issued several patches to fix critical security holes in its Windows operating system. With these new patches, Microsoft has begun to implement its initiative to notify computer users of patches on a more regular basis, applies to a wide range of Microsoft software.
Security : 2003-Oct-4 Microsoft issued a patch to fix a critical security hole in its Internet Explorer 5.01, 5.5 and 6.0 which was supposed to be patched in an earlier fix, but wasn't. Customers are advised to download this Cumulative Patch for Internet Explorer (828750) at their earliest convenience.
Security : 2003-Sep-29 It is very likely that two new viruses will emerge within the next two weeks, one spread through Microsoft MSN Instant Messenger, the other is an improved version of MBlaster virus that has some bug fixes and also exploit a newly discovered flaw in Microsoft Windows 2000 and XP. We advice our clients to update all potentially vulnerable systems with the latest Microsoft patches.
Virus : 2003-Sep-19 
"W32.Swen.A@mm" is a mass-mailing worm that arrives as an attachment to an e-mail pretending to contain a patch for holes in Internet Explorer, Outlook and Outlook Express and then mails itself off to addresses located on the victim's computer. The virus is spreading very rapidly because it looks very official (to the right is one of the possible emails sent by the virus) by pretending to be a legitimate E-mail from Microsoft or as a fix tool for a well-known virus. It also attempts to spread through file-sharing networks, such as KaZaA and IRC, and will attempt to de-activate antivirus and personal firewall programs running on the computer.
UPDATE : Microsoft DOES NOT attach any executable with its official emails. Infection rate has increased significantly in Singapore and Malaysia as at 22 September 2003. Jaring and TMNet users should be prepared for emails problems, and possibly overall Internet performance degradation over the next few days.
Security : 2003-Sep-11 This is an urgent alert: Microsoft issued a patch to fix a critical security hole in the following versions of its Windows Operating Systems: Microsoft Windows NT Workstation 4.0 There are three identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation- two that could allow arbitrary code execution and one that could result in a denial of service. An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges. To exploit these vulnerabilities, an attacker could create a program to send a malformed RPC message to a vulnerable system targeting the RPCSS Service. These are critical vulnerabilities similar to those that the M.Blaster virus exploited. For more information:
Virus : 2003-Aug-21 Yet another virus, known as "W32.Sobig.F@mm", attempts to turn infected machines into open email relays. This worm virus spreads by emailing itself out to potential victims. Its infection rate has became the highest in history for an email virus, even though it was quite low when it first came out two days ago, possibly due to the increased awareness of the public by the MBlaster worm virus. The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003.
UPDATE : Although this virus is gradually dying off in the US and Europe, we have observed infection rate in Singapore and Malaysia going up significantly as of 3 September 2003. Unlike the large US ISPs such as AOL, MSN, Hotmail and Yahoo, the local ISPs are not as eager to block this virus. Both Jaring and TMNet users should expect some difficulty with emailing soon.
Security : 2003-Aug-21 Microsoft issued a patch to fix a critical security hole in Internet Explorer. This is a cumulative patch that incorporates the functionality of all previously released patches for Internet Explorer. In addition, the patch eliminates the following newly reported vulnerabilities:
For more information:
Virus : 2003-Aug-19 A new worm virus "W32.Welchia.Worm" is spreading rapidly in Asia in the same fashion as the MBlaster virus, but in a new twist, this is actually a well-intention virus that aims to clean up the MBlaster virus by automatically download the patch from Microsoft Windows Update site. However, this virus will only do that if you are running the Japanese or Chinese version of the affected Microsoft Operating Systems. Although this virus will self-destruct in 2004, it is far more aggressive in replicating itself and actually causing more damage than the MBlaster worm by overloading the ISPs backbone; both Jaring and TMNet are affected.
Virus : 2003-Aug-12 !! WARNING !! This is both a virus and a security alert: a new worm known as "W32.Blaster.Worm" will attempt to infect the victim's computer via a known DCOM RPC vulnerability as described in our July 17 and July 30 alerts. Infected computer will do the following things:
Because of inefficiency in the worm, it may crash the infected computers intermittently, but we expect a new and improved version of this worm to appear in around two weeks time. Norton Antivirus definition file dated 11-Aug or later will correctly detect this virus.
UPDATE 1 : We have observed an increasing scanning rate since 13 August, 9:00AM, indicating that this worm is infecting more and more computers in Malaysia. Even if your computer is not infected, you should expect your Internet connection to slowdown significantly over the next few days, as more and more computers become infected and start searching the Internet for its next victim. UPDATE 2 : Two new variants of the worm have been identified as at 14 August. These variants specifically target Windows 2000 and Windows XP machines.
Virus : 2003-Aug-1 Please be aware that the "W32.Mimail.A@mm" worm virus is spreading at an alarming rate. It emails itself to the potential victims with the following characteristic: From: admin@<current domain> (The from address may be spoofed as if to appear its coming from the current domain) Subject: your account %s Message: Best regards, Attachment: Message.zip Norton Antivirus definition file dated 1-Aug or later will correctly detect this virus.
Security : 2003-Jul-30 This is an urgent update to our security alert published on July 17. A hacker group in China called XFocus has posted sample exploit code for the
vulnerability patched by Microsoft Security Bulletin MS30-26. The existence of
sample code makes it easier for an active exploit to be developed and released
into the wild, Microsoft therefore urges its customers to immediately
apply the patch, available
Security : 2003-Jul-25 Microsoft issued a patch to fix a critical security hole in its DirectX engine. An identified security issue in Microsoft DirectX could allow an attacker to run programs on a computer running Microsoft Windows. The attacker would first have to send you an e-mail message or entice you into visiting a malicious Web site. You can help protect your computer by installing this update from Microsoft. For more information:
Security : 2003-Jul-17 Microsoft issued a patch to fix a critical security hole that could allow an attacker to take control of computers running the following operating systems: Microsoft(r) Windows (r) NT 4.0 For more information:
Security : 2003-Jul-11 With the proliferation of inexpensive high-speed Internet connection, we have seen a steady rise in the number of computer system being hacked and taken over by hackers. The latest trend is "anonymous hosting", where the hacked PC is used to send SPAM emails or host web sites by a small program which the hacker install. The program runs in the background and doesn't interfere with normal operation, nor does the hacker attempt to steal information form the hacked PC. The result? if you have high-speed Internet link and your PC is not secured, you may unknowingly become porn site operator. Update : Many of these programs can be detected by most Anti-Virus software, be sure to update your virus definition file regularly.
Security : 2003-Jul-10 Microsoft has issued a patch to fix a vulnerability which allows an attacker to execute code of their choice. This vulnerability is considered critical and exists in all version of Microsoft Windows operating system. There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. This flaw causes a security vulnerability to exist. A specially crafted request to the HTML converter could cause the converter to fail in such a way that it could execute code in the context of the currently logged-in user. Because this functionality is used by Internet Explorer, an attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's system. A user visiting an attacker's Web site could allow the attacker to exploit the vulnerability without any other user action. For more information:
Security : 2003-Jul-3 There is an online Web site defacement contest. The contest awards points to vandal groups for defacing Web sites, with higher points awarded for sites that are run on less common servers. Web servers that run on Windows systems--historically the most common targets of defacements--may weather Sunday's storm quite well, as the contest awards such systems the least points per defacement. The contest awards a point for every Windows systems defaced, two points for a Unix, Linux or BSD system, three points for any system running IBM's AIX, and five points for an HP-UX system or Apple Computer OS X system. The winner of the contest will be the group that defaces 6,000 servers in the shortest amount of time. Security Web site Zone-H.org, the largest archive of defaced sites on the Web, expects to record between 20,000 and 30,000 Web site defacements during the contest. Because the contest doesn't differentiate between defacements on the same server, so-called mass defacements will be far more likely, a lot of Web-hosting companies will be hit.
|
|
There
is a scam going on involving Maybank's online account; an email messages purportedly
sent from security@maybank2u.com.my requesting customers to reactivate their accounts.
This is done with the intention to illegally obtain customers' password.
www.microsoft.com/technet/security/winnov03.asp
Current Alert
147A Jalan Perisai, Taman Sri Tebrau 80050. Johor Bahru, Johor, Malaysia.