Security : 2004-June-28
A mysterious password-stealing trojans were spreading quietly over the weekend. It is thought that the attackers first compromised IIS server by adding malicious code to every web pages served by the server, visitors who were served those codes were then redirected to a Russian web site, which then send over the trojan program that would log the user's keyboard entry in a file, eventually to be uploaded to a Russian site.
In other word, it is a very sophisticated attack that exploits vulnerabilities in both the server (IIS) and the client (Internet Explorer). More attacks like these are expected in the near future.
Virus : 2004-May-3
A new virus called "Sasser" is spreading rapidly. It is similar to
the "Blaster" worm in that it actively scans random IP addresses until
it finds unpatched systems.
Sasser.B quickly outpaced its sibling by Sunday evening, claiming the highest
number of new infections. At the time of this writing, Estonia, Taiwan, Malaysia
and Turkey were among the most affected regions, with Sasser.B claiming infection
rates of 17% - 14% in those areas.
Infected system may become unstable and may shutdown automatically.
UPDATE : Although all the existing variants of
this virus merely attempt to propogate themselves, they are spreading so rapidly
that, statistically, an unpatched system will be infected in 10 minutes if it
is connected to the Internet and does not have protection such as a personal firewall
installed.
Download Symantec Antivirus Definition
"W32.Sasser" Virus Removal Tool
Security : 2004-Apr-17
EarthLink and WebRoot had released the result of their scan of over a million
systems between Jan. 1, 2004 to March 31; they found more than 29 million instances
of spayware, 184,000 of which were Trojans and 175,000 of which were system monitoring
programs.
Spyware, the term which broadly defines software that secretly forwards information
about a user's online activities to another person or company without either that
user's permission or even knowledge, are typically downloaded from the Internet
hiding behind another program.
Virus : 2004-Mar-23
Internet Security Systems' firewall products, such as its BlackICE and RealSecure
software, were intended to protect user against malicious hacking; unfortunately
they have a security hole that was being exploited by a new "Witty"
virus. Infected computer will scan the network for vulnerable computers and copy
itself over. Once infected, the virus opens a random drive on the computer and
writes 65KB of data to a random location on the disk. It repeats that process
until the system is rebooted or the computer crashes. In other words, it slowly
corrupts the victim's PC while it continues to spread.
Because it targets a specific firewall that was suppose to be the frontline
of defense, there is no cure. Users of BlackICE firewall are advised to update
the software immediately.
Security : 2004-Mar-12
Microsoft has issued the latest Windows and Office patches for the month of
March.
Microsoft Windows Security Bulletin Summary
Microsoft Office Security Bulletin Summary
Virus : 2004-Mar-4
For weeks, three groups of malcontents have been waging a cyberwar with different
versions of the MyDoom, Bagle and Netsky e-mail viruses. It started out as friendly
- if annoying - competition, with one virus writer trying to outdo his rivals
by releasing a more powerful computer bug onto the Web. Things really heated up
on Friday, when the authors of Bagle released a third version of the virus, or
variant C.
Bagle is now up to variant K, successfully spreading around the world despite
the release of a cure. Netsky's authors created three new versions of their virus
to disable Bagle and MyDoom. The authors of MyDoom have responded by releasing
MyDoom.G, a variant that is not disabled by Netsky.
The virus writers have started leaving notes for each other.
The authors of Bagle.J wrote in the programming code: "Hey, NetSky, ****
off you *******, don't ruine our bussiness, wanna start a war?" Netsky's
writers retorted: "Skynet AntiVirus - Bagle - you are a looser!!!!"
and "We are the skynet - you can't hide yourself!_ we kill malware - MyDoom.F
is a thief of our idea!"
As these viruses propogate themselves as attachment to a spoof email, we therefore
urge all users to be suspicious of email attachments of sizes between 20k bytes
to 34k bytes.
Virus : 2004-Mar-2
W32.Netsky.D is a variant of Netsky.C and it is spreading repadly.
Symantec virus definition dated March 1, 2004 or later will detect this virus.
Download Symantec Antivirus Definition
"W32.Netsky" Virus Removal Tool
Virus : 2004-Feb-23
A new file-deleting variant of "Mydoom" virus is spreading rapidly.
Called "W32.Mydoom.F@mm", it deletes random Microsoft Word and Excel
files, plus photos and movies stored on an infected computer.
Download Symantec Antivirus Definition
"W32.Mydoom@mm" Virus Removal Tool
Virus : 2004-Feb-19
W32.Netsky.B is a mass-mailing worm that uses its own SMTP engine to send itself
to the email addresses it finds when scanning the hard drives and mapped drives.
This worm also searches drives C through Z for folder names containing "Share"
or "Sharing," and then copies itself to those folders.
Symantec virus definition dated February 18, 2004 or later will detect this
virus.
Download Symantec Antivirus Definition
"W32.Netsky.B" Virus Removal Tool
Virus : 2004-Feb-13
W32.Welchia.B.Worm is a variant of W32.Welchia.Worm. If the version of the
operating system of the infected machine is Chinese, Korean, or English, the worm
will attempt to download the Microsoft Workstation Service Buffer Overrun and
Microsoft Messenger Service Buffer Overrun patches from the Microsoft® Windows
Update Web site, install it, and then restart the computer.
The worm also attempts to remove W32.Mydoom.A@mm and W32.Mydoom.B@mm worms.
However, if the version of the operating system of the infected machine is
Japanese, it will search for files with the extensions: .shtml .shtm .stm .cgi
.php .html .htm .asp, and replaces them with an html file that lists certain keydates
of Worldworld Two.
Download Symantec Antivirus Definition
"W32.Welchia.Worm" Virus Removal Tool
Virus : 2004-Jan-27
A new email virus, "W32.Novarg.A@mm", is spreading rapidly worldwide.
The worm will perform a DoS attack against www.sco.com starting on February 1,
2004, and is programmed stop spreading on and after February 12, 2004.
The worm is also known as "Mydoom", "Novarg'' or "MiMail.r'',
and is crippling many corporate networks.
Both Jaring and TM Net's email services are affected by this virus, as their
servers are being bombarded with large amount of emails generated by the worm.
UPDATE : There is now a second, more potent, variant
of "Mydoom" virus that target both SCO's and Microsoft's websites. This
new variant also blocks the infected computer from accessing certain websites,
such as antivirus sites, thus preventing the users from obtaining instruction
to clean up the infection.
UPDATE : A new virus called "Doomjuice"
appeared in mid February. It installs itself through the backdoor left open by
the "MyDoom" virus, and leaves the sourcecode of the "MyDoom.A"
virus on the victim's computer. It is widely believed that both "Doomjuice"
and "MyDoom" are created by the same person, and the purpose of the
new virus is to plant evidents on computer system worldwide so as to make it harder
to pinpoint the original creator.
Download Symantec Antivirus Definition
"W32.Novarg.A@mm" Virus Removal Tool
Scam : 2004-Jan-27
RHB Bank account holders are the target of the latest round of phishing attack.
Posing as a legitimate email from ibanksupportuser@rhbbank.com, it contains the
following message:
The real RHB Bank web site offer this piece of advice to its
customers:
Virus : 2004-Jan-19
A new email virus, known as "W32.Beagle.A@mm", spreads with the subject
"Hi" and a 16Kbytes attachment. This is a simple and effective virus
that may bog down access to many email servers, but it will only work until 28th
of January.
Download Symantec Antivirus Definition
|