| Security : 2004-June-28 A mysterious password-stealing trojans were spreading quietly over the weekend. It is thought that the attackers first compromised IIS server by adding malicious code to every web pages served by the server, visitors who were served those codes were then redirected to a Russian web site, which then send over the trojan program that would log the user's keyboard entry in a file, eventually to be uploaded to a Russian site. In other word, it is a very sophisticated attack that exploits vulnerabilities in both the server (IIS) and the client (Internet Explorer). More attacks like these are expected in the near future.
Virus : 2004-May-3 A new virus called "Sasser" is spreading rapidly. It is similar to the "Blaster" worm in that it actively scans random IP addresses until it finds unpatched systems. Sasser.B quickly outpaced its sibling by Sunday evening, claiming the highest number of new infections. At the time of this writing, Estonia, Taiwan, Malaysia and Turkey were among the most affected regions, with Sasser.B claiming infection rates of 17% - 14% in those areas. Infected system may become unstable and may shutdown automatically. UPDATE : Although all the existing variants of this virus merely attempt to propogate themselves, they are spreading so rapidly that, statistically, an unpatched system will be infected in 10 minutes if it is connected to the Internet and does not have protection such as a personal firewall installed.
Security : 2004-Apr-17 EarthLink and WebRoot had released the result of their scan of over a million systems between Jan. 1, 2004 to March 31; they found more than 29 million instances of spayware, 184,000 of which were Trojans and 175,000 of which were system monitoring programs. Spyware, the term which broadly defines software that secretly forwards information about a user's online activities to another person or company without either that user's permission or even knowledge, are typically downloaded from the Internet hiding behind another program.
Virus : 2004-Mar-23 Internet Security Systems' firewall products, such as its BlackICE and RealSecure software, were intended to protect user against malicious hacking; unfortunately they have a security hole that was being exploited by a new "Witty" virus. Infected computer will scan the network for vulnerable computers and copy itself over. Once infected, the virus opens a random drive on the computer and writes 65KB of data to a random location on the disk. It repeats that process until the system is rebooted or the computer crashes. In other words, it slowly corrupts the victim's PC while it continues to spread. Because it targets a specific firewall that was suppose to be the frontline of defense, there is no cure. Users of BlackICE firewall are advised to update the software immediately.
Security : 2004-Mar-12 Microsoft has issued the latest Windows and Office patches for the month of March.
Virus : 2004-Mar-4 For weeks, three groups of malcontents have been waging a cyberwar with different versions of the MyDoom, Bagle and Netsky e-mail viruses. It started out as friendly - if annoying - competition, with one virus writer trying to outdo his rivals by releasing a more powerful computer bug onto the Web. Things really heated up on Friday, when the authors of Bagle released a third version of the virus, or variant C. Bagle is now up to variant K, successfully spreading around the world despite the release of a cure. Netsky's authors created three new versions of their virus to disable Bagle and MyDoom. The authors of MyDoom have responded by releasing MyDoom.G, a variant that is not disabled by Netsky. The virus writers have started leaving notes for each other. The authors of Bagle.J wrote in the programming code: "Hey, NetSky, **** off you *******, don't ruine our bussiness, wanna start a war?" Netsky's writers retorted: "Skynet AntiVirus - Bagle - you are a looser!!!!" and "We are the skynet - you can't hide yourself!_ we kill malware - MyDoom.F is a thief of our idea!" As these viruses propogate themselves as attachment to a spoof email, we therefore urge all users to be suspicious of email attachments of sizes between 20k bytes to 34k bytes.
Virus : 2004-Mar-2 W32.Netsky.D is a variant of Netsky.C and it is spreading repadly. Symantec virus definition dated March 1, 2004 or later will detect this virus.
Virus : 2004-Feb-23 A new file-deleting variant of "Mydoom" virus is spreading rapidly. Called "W32.Mydoom.F@mm", it deletes random Microsoft Word and Excel files, plus photos and movies stored on an infected computer.
Virus : 2004-Feb-19 W32.Netsky.B is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. This worm also searches drives C through Z for folder names containing "Share" or "Sharing," and then copies itself to those folders. Symantec virus definition dated February 18, 2004 or later will detect this virus.
Virus : 2004-Feb-13 W32.Welchia.B.Worm is a variant of W32.Welchia.Worm. If the version of the operating system of the infected machine is Chinese, Korean, or English, the worm will attempt to download the Microsoft Workstation Service Buffer Overrun and Microsoft Messenger Service Buffer Overrun patches from the Microsoft® Windows Update Web site, install it, and then restart the computer. The worm also attempts to remove W32.Mydoom.A@mm and W32.Mydoom.B@mm worms. However, if the version of the operating system of the infected machine is Japanese, it will search for files with the extensions: .shtml .shtm .stm .cgi .php .html .htm .asp, and replaces them with an html file that lists certain keydates of Worldworld Two.
Virus : 2004-Jan-27 A new email virus, "W32.Novarg.A@mm", is spreading rapidly worldwide. The worm will perform a DoS attack against www.sco.com starting on February 1, 2004, and is programmed stop spreading on and after February 12, 2004. The worm is also known as "Mydoom", "Novarg'' or "MiMail.r'', and is crippling many corporate networks. Both Jaring and TM Net's email services are affected by this virus, as their servers are being bombarded with large amount of emails generated by the worm. UPDATE : There is now a second, more potent, variant of "Mydoom" virus that target both SCO's and Microsoft's websites. This new variant also blocks the infected computer from accessing certain websites, such as antivirus sites, thus preventing the users from obtaining instruction to clean up the infection. UPDATE : A new virus called "Doomjuice" appeared in mid February. It installs itself through the backdoor left open by the "MyDoom" virus, and leaves the sourcecode of the "MyDoom.A" virus on the victim's computer. It is widely believed that both "Doomjuice" and "MyDoom" are created by the same person, and the purpose of the new virus is to plant evidents on computer system worldwide so as to make it harder to pinpoint the original creator.
Scam : 2004-Jan-27 RHB Bank account holders are the target of the latest round of phishing attack. Posing as a legitimate email from ibanksupportuser@rhbbank.com, it contains the following message: Due to a database operations some online banking accounts can be lost. We are insisting to our clients to check their account if they are active or if their current balance is right. Please follow this link and log on to your online banking account. The real RHB Bank web site offer this piece of advice to its customers: Please do not respond to any email that requires you to disclose your SignOn ID & password. Also do not click on any hyperlinks in the email, as the email might contain a virus program that can access your personal information.
Virus : 2004-Jan-19 A new email virus, known as "W32.Beagle.A@mm", spreads with the subject "Hi" and a 16Kbytes attachment. This is a simple and effective virus that may bog down access to many email servers, but it will only work until 28th of January. |
|
Download Symantec Antivirus Definition
Current Alert
147A Jalan Perisai, Taman Sri Tebrau 80050. Johor Bahru, Johor, Malaysia.