Virus Warnings from 2004 (Jan 01 - Dec 31, 2004)
   ______________________________________________________________

      [  Jump to Amiga  |  Jump to Windows  |  Jump to Misc  ]
   ______________________________________________________________


   Amiga

    17 May 2004 - "Elvin-Agga" bootblock virus added to Xvs library
   Georg Hörmann has released the latest version of the antivirus External
   Virus Scanner Library. This new update of the xvs.libary includes fixes
   and added "Elvin-Agga" bootblock virus. Read Xvs library v33.42 Readme
   for further details.

   Top of Page


   Windows

    02 September 2004 - SP2 plays havoc with online banking
   ZDNet says an Australian bank says installing the Windows update prevents
   users from logging into its Web interface
 
    02 September 2004 - Sympa New List HTML Injection Vulnerability
   Security Focus says an HTML injection vulnerability is reported in Sympa.
   The problem occurs due to failure of the application to properly sanitize
   user-supplied input data.  Unsuspecting users viewing the affected page
   will have attacker-supplied malicious code interpreted by their browser
   in the security context of the website hosting Sympa. Read the full
   report for further details.
 
    02 September 2004 - Opera Browser JavaScript Vulnerability
   Security Focus says Opera, the web browser available for a number of
   platforms, including Microsoft Windows, Linux and Unix variants and Apple
   MacOS, is reported to be susceptible to a JavaScript denial of service
   vulnerability. This vulnerability presents itself when Opera attempts to
   execute a specific JavaScript command. Upon executing this command, Opera
   will reportedly crash. This vulnerability was reported to exist in
   version 7.23 of Opera for Microsoft Windows. Other versions are also
   likely affected.
 
    31 August 2004 - Winamp attackers hide under 'skins'
   ZDNet says spyware makers are using a flaw in the media software to
   infect PCs via graphical themes or skins
 
    31 August 2004 - Symantec Security Category 2: W32.Spybot.DAZ
   Symantec Security Updates reports W32.Spybot.DAZ is a worm that spreads
   through IRC, network shares, exploits, and computers that are infected
   with common backdoor Trojan horses. Also Known As: Backdoor.Rbot.gen
 
    31 August 2004 - Symantec Security Category 2: W32.Lovgate.AO@mm
   Symantec Security Updates reports that they have updated this bulletin
   on August 26, 2004 with link to removal tool. W32.Lovgate.AO@mm is a
   mass-mailing worm that propagates through open network shares and
   prepends itself to .exe files.
 
    25 August 2004 - Eugene Kaspersky: Who knows what tomorrow will bring?
   Kaspersky Lab has an article saying in part that a handful of sites are
   stating that Eugene Kaspersky, founder of Kaspersky Labs, believes that
   tomorrow will bring a massive terrorist attack on the Internet. This is
   being quoted in a range of ways, ranging from factual reporting to citing
   the story as an example of cyber hysteria. However, Kaspersky is not
   predicting the end of the Internet tomorrow - or even in the near future.
   The story stems from brief comments made yesterday at a press conference
   which was dedicated to cybercrime and the problems of spam.
   Kaspersky emphasised that the likelihood of a massive attack directed
   against Israeli institutions tomorrow is low. However, he believes that
   Pandora's box has now been opened. Hackers and virus writers can be
   motivated by a range of factors: money, curiosity, or political
   conviction. But whatever their motivation, the insecure nature of the
   Internet and weak security precautions offer a wealth of opportunities.
   'Maybe it won't be tomorrow, or the day after tomorrow - but sooner or
   later, terrorists will be using the Internet as another weapon in their
   arsenal.'
 
    25 August 2004 - Symantec Security Category 2: W32.Sasser.G
   Symantec Security Updates reports W32.Sasser.G is a variant of
   W32.Sasser.Worm that attempts to exploit the LSASS vulnerability
   described in Microsoft Security Bulletin MS04-011. The worm spreads
   by scanning random IP addresses and drops W32.Netsky.AC@mm. Read the
   report for recommendations and removal instructions.
   Variants: W32.Sasser.Worm
 
    25 August 2004 - UK police issue 'vicious' Trojan alert
   Security Focus has an article by John Leyden of The Register, saying
   Britain's top cybercrime fighters have joined up with the banking
   industry today in warning of the latest attempt to defraud online
   banking customers.
 
    25 August 2004 - IE flaw introduces new form of infection
   ZDNet says a flaw in Internet Explorer means that people tricked into
   visiting a malicious Web site and clicking on an image could unknowingly
   drag malware onto their PC
 
    25 August 2004 - Rbot virus spies on surfers
   ZDNet says a new worm takes control of Webcams to watch PC users
 
    25 August 2004 - First virus hits 64-bit Windows
   ZDNet says the program seems to be an experiment, according to Symantec
 
    17 August 2004 - Symantec Security Category 3: W32.Mydoom.Q@mm
   W32.Mydoom.Q@mm is a mass-mailing worm that downloads an executable file
   and uses its own SMTP engine to send itself to the email addresses that
   it finds on the infected computer.
   Also Known As: W32/Mydoom.s@MM [McAfee], W32/MyDoom-S [Sophos],
   Win32.Mydoom.S [Computer Associates], WORM_RATOS.A [Trend Micro]
   * Click here for F-Secure Radar Level 2: Mydoom.S
   F-Secure Virus Report says "We are getting a constantly increasing
   number of reports of Mydoom.S email worm, which was spammed widely
   earlier today. Emails sent by the worm have subject "photos" and
   attachment photos_arc.exe. The worm contains a backdoor."
 
    17 August 2004 - Symantec Security Category 2: W32.Neveg.C@mm
   W32.Neveg.C@mm is a mass-mailing worm that spreads using its own SMTP
   engine, and performs a Denial of Service (DoS) attack on various Web
   design Web sites. The worm replicates through email and shared
   folders. Also Known As: W32/Nevag.c@MM [McAfee]
 
    17 August 2004 - Symantec Security Category 2: Backdoor.Nemog
   Backdoor.Nemog is a Backdoor Trojan horse that allows an infected computer
   to be used as an email relay and HTTP proxy. This backdoor is dropped by
   W32.Mydoom.Q@mm.
 
    17 August 2004 - Latest MyDoom worm exploits Web site guestbooks
   ZDNet says the worm that brought down Google strikes again, with a new
   variant that links to Web sites compromised by their use of standard
   scripts
 
    17 August 2004 - Yahoo patches IM security hole
   ZDNet says the company has issued a fix for a PNG flaw that could put
   Yahoo Messenger users at risk of buffer overflow attacks
 
    13 August 2004 - Symantec Security Category 3: W32.Beagle.AO@mm
   Symantec Security Updates reports W32.Beagle.AO@mm is a mass-mailing worm
   that uses its own SMTP engine to spread. The email attachment is a
   downloader, similar to the Mitglieder family of Trojans, that downloads
   the worm from an external source. The worm also contains backdoor
   functionality, opening TCP port 80 and UDP port 80.
   Also Known As: W32/Bagle.aq@MM [McAfee], WORM_BAGLE.AC [Trend],
   Win32.Bagle.AG [Computer Associates], W32/Bagle-AQ [Sophos]
 
    13 August 2004 - Symantec Security Category 2: W32.Mydoom.P@mm
   Symantec Security Updates reports W32.Mydoom.P@mm is a mass-mailing worm
   that uses its own SMTP engine to send itself to the email addresses that
   it finds on an infected computer. The email contains a spoofed From
   address. The subject and message body vary, and the attachment has a
   .bat, .cmd, .exe, .pif, .scr, or .zip extension.
   Also Known As: WORM_MYDOOM.R [Trend Micro], W32/Mydoom.r@MM [McAfee],
   W32/MyDoom-R [Sophos]
 
    13 August 2004 - Microsoft Security Bulletin MS04-026
   Microsoft TechNet Security's latest bulletin outlines "Vulnerability in
   Exchange Server 5.5 Outlook Web Access Could AllowCross-Site Scripting
   and Spoofing Attacks (842436)". This update resolves a newly-discovered,
   privately reported vulnerability. A cross-site scripting and spoofing
   vulnerability exists in Outlook Web Access for Exchange Server 5.5 that
   could allow an attacker to convince a user to run a malicious script.
   The vulnerability is documented in the Vulnerability Details section of
   the bulletin.
 
    13 August 2004 - Microsoft Security Bulletin MS04-020 (Re-Release)
   Microsoft TechNet Security's re-release of the bulletin that outlined
   "Vulnerability in POSIX Could Allow Code Execution", has been updated
   to reflect an additional affected product - Microsoft INTERIX 2.2.
   It was originally posted July 13, 2004 with severity rating of Important
 
    13 August 2004 - A Bluetooth window of opportunity
   VirusList.com Alert says Pentest, a British company specialising in IT
   security and pentration testing, has released an advisory warning of a
   serious vulnerability in software produced by WIDCOMM Bluetooth
   Connectivity Software. This software is used by many major vendors in
   Bluetooth devices, including PCs, PDAs, mobile phones, headsets, and
   digital cameras.
 
    13 August 2004 - Attacks on mobiles continue
   VirusList.com Alert says mobile phones running the Symbian OS (including
   Nokia 3650, 7650 and N-Gage phones) are under attack once more, this time
   from Mosquit a Trojan contained in a pirated version of the popular
   Mosquitos game. Users who download and install the cracked version from
   illegal download sites, or via P2P networks, are also downloading this
   Trojan dialer. Mosquit will use the infected phone to secretly send text
   messages to premium rate sites.
 
    13 August 2004 - Latest Security News from ZDNet
   The following articles are the latest for August 2004:
   * 'Trojan' emails conceal theft tools
   Police have issued a warning about spam that sends the unwary to Web
   sites hiding malicious software that can record their online-banking
   passwords
   * Smartphone 'Trojan' found to be code flaw
   What was thought to be a Trojan that triggered premium-rate SMSes has
   turned out to be an altered copy-protection feature of the original
   game
   * Peer-to-peer networks carry surprising cargo
   The latest Windows patch is being distributed on networks more known
   for their illegal content
   * AOL: Fix for critical IM flaw due this week
   AOL has admitted that there's a flaw in its Instant Messenger
   application, but says a fixed version is just days away
   * 'Critical security hole' found in AOL IM
   A serious flaw in AOL's Instant Messenger application means users
   could fall foul of a buffer overflow attack, according to experts
   * Latest Bagle masquerades as quote
   Yet another variant of the worm pretends to quote prices and attempts
   to download other pieces of malicious code
   * Windows XP SP2 may stop the worms
   Service Pack 2, the long-awaited upgrade to Windows XP, will prevent
   the rapid spread of worms such as Sasser, according to a security
   company that has reverse-engineered some of the code
   * Service Pack 2 gets the green light
   The massive update to Windows XP has been released to manufacturing,
   and is expected to be available to business and consumers within weeks
 
    05 August 2004 - Microsoft Security Bulletin MS04-025 (Re-Release)
   Microsoft TechNet Security says the bulletin has undergone a major
   revision increment. Please see the appropriate bulletin for more details.
   Reason for re-release: Bulletin updated to reflect availability of a new
   version of the update for Windows XP customers running Windows Update
   Version 5.
 
    05 August 2004 - VirusList Alerts: Working malware for handhelds
   VirusList.com says it's just three weeks since the 29A virus group
   delivered Duts, the first proof-of-concept virus for PDAs [Personal
   Digital Assistants] running PocketPC, and  already we have a viable
   Trojan horse that targets these handheld devices. The new Trojan,
   called Brador, was written by a Russian malicious code writer, with
   the accompanying text, "Get to work, folks, the PocketPC market will
   soon explode".
 
    05 August 2004 - Microsoft's message: Patch IE today
   VirusList.com News says the patch fixes three vulnerabilities, all of
   which were rated critical by the company: a cross-domain vulnerability,
   and two flaws which can potentially result in buffer overruns when the
   browser processes .bmp and .gif files. All of these vulnerabilities have
   been public for some time. 'The .bmp processing vulnerability was
   exploited by TrojanDownloader.Win32.BMPAgent.a in May this year. Full
   details of the patch can be found in Microsoft Security Bulletin MS04-25.
   The beta version of Service Pack 2 made some radical changes to the
   structure of the browser; therefore users who have installed it are not
   at risk.
 
    31 July 2004 - Microsoft Security Bulletin MS04-025
   Microsoft TechNet Security's latest bulletin outlines "Cumulative Security Update for Internet Explorer (867801)".
   Critical Security Bulletin - Affected Software: Internet Explorer 6,
   Internet Explorer 5.5, Internet Explorer 5.01, Internet Explorer 6.0 for
   Windows Server 2003 Internet Explorer 6 Gold, Internet Explorer 6 SP1,
   Internet Explorer 5.5 SP2, Internet Explorer 5.01 SP2, Internet Explorer
   5.01 SP3, Internet Explorer 5.01 SP4, Windows Server 2003 Gold
 
    31 July 2004 - Latest Symantec Security Responses updates for July
   * Category 2 W32.Bugbros.C@mm
   W32.Bugbros.C@mm is a minor variant of W32.Bugbros.B@mm. It is a simple
   mass-mailing worm that sends itself to all of the addresses in the MS
   Outlook(R) Address Book. Read report for the email characteristics
   Also Known As: Bloodhound.W32.VBWORM, I-Worm.generic [Kaspersky],
   W32/Generic.a@MM [McAfee
   * Category 2 W32.Mydoom.N@mm
   W32.Mydoom.N@mm is a variant of W32.Mydoom.M@mm. It is a mass-mailing worm
   that drops and executes a backdoor that is detected as Backdoor.Zincite.A,
   which listens on TCP port 1034. The worm uses its own SMTP engine to send
   itself to email addresses that it finds on the infected computer. The email
   contains a spoofed From address. The subject and body text will vary, as
   will the name of the attachment.
   * Category 2 W32.Lovgate.AK@mm
   W32.Lovgate.AK@mm is a variant of W32.Lovgate.W@mm that:
   - attempts to reply to all email messages in the Microsoft Outlook inbox
   - scans files that have the .txt, .pl, .wab, .adb, .tbb, .dbx, .asp,
     .php, .sht, and .htm extensions for email addresses
   - uses its own SMTP engine to send itself to the addresses that it finds
   - attempts to copy itself to Kazaa-shared folders and all the computers
     on a local network
   The From line of the email is spoofed and Subject plus Message vary. The
   attachment name also varies, with a .bat, .cmd, .exe, .pif, or .scr file
   extension. The worm may also send a .zip file containing the attachment
   Also Known As: W32/Lovgate.q@MM [McAfee], I-Worm.LovGate.gen [Kaspersky]
   * Category 2 W32.Mota.B@mm
   W32.Mota.B@mm is a worm that propagates by sending itself to the email
   addresses gathered from the system. The email has a variable subject
   and attachment name. The attachment will have a .txt, .scr, or .zip
   file extension.
   Also Known As: W32/Mabutu.a@MM [McAfee]
   * Category 2 W32.Korgo.Z
   W32.Korgo.Z is a worm that attempts to propagate by exploiting the
   Microsoft Windows LSASS Buffer Overrun Vulnerability (described in
   Microsoft Security Bulletin MS04-011) on TCP port 445.
   Also Known As: WORM_KORGO.AC [Trend], Worm.Win32.Padobot.gen [Kaspersky],
   Win32.Korgo.AC [CA]
   * Category 2 W32.Zindos.A
   W32.Zindos.A is a worm that performs a Denial of Service (DoS) attack
   against the domain, microsoft.com. The worm spreads through the backdoor
   that Backdoor.Zincite.A opens on TCP port 1034. Due to bugs in the code,
   when a system that is infected with Backdoor.Zincite.A becomes infected
   with W32.Zindos.A, an infinite infection loop is entered, with each
   infection of W32.Zindos.A re-infecting the system. This may cause the
   system to become slow and unresponsive. Note: Backdoor.Zincite.A is a
   backdoor Trojan horse that W32.Mydoom.M@mm drops.
   Also Known As: W32/Zindos.worm [McAfee]
   * Category 2 Backdoor.Zincite.A
   Backdoor.Zincite.A is a backdoor server program that allows unauthorized
   remote access to a compromised computer. It runs on TCP port 1034.
   W32.Mydoom.M@mm drops this Trojan.
   * Category 2 W32.Mits.A@mm
   W32.Mits.A@mm is a mass-mailing worm that uses its own SMTP engine to
   send itself to the email addresses that it finds on an infected host. The
   worm alters many system settings, including registry editing to make it
   difficult to remove.
   Also Known As: Trojan.Win32.Smith
   * Category 2 W32.Beagle.AH@mm
   W32.Beagle.AH@mm mass-mailing worm:
   - uses its own SMTP engine to spread through email. The email will have
     a variable subject and a file attachment, which will have a .com, .cpl,
     .exe, .hta, .scr, .vbs, or .zip file extension
   - opens a backdoor on TCP port 1234
   - is functionally similar to W32.Beagle.X@mm, and is packed with UPX
   Refer to the "Technical Details" section for the message that
   W32.Beagle.AH@mm displays.
   * Category 2 Backdoor.Agent.B
   Backdoor.Agent.B is a backdoor that installs a .dll file when a user
   visits certain malicious Web sites. The .dll file allows other malicious
   programs to perform various actions. This backdoor is packed with UPX.
   Also Known As: BackDoor-CFB [McAfee], TROJ_AGENT.AC [Trend],
   Troj/Agent-AC [Sophos], Agent.E [Panda], Backdoor.Agent.ac [Kaspersky]
 
    27 July 2004 - Service Pack Deux?
   SecurityFocus Newsletter article by Scott Granneman says Microsoft
   should make SP2 available to all users and backport the changes to
   older operating systems, or they risk putting profits ahead of security
   yet again. 
 
    27 July 2004 - Mydoom continues to cause chaos
   VirusList.com News says Mydoom.m, the latest version of I-Worm.Mydoom is
   not only infecting machines around the globe, but reportedly causing
   problems for users of Google, Yahoo!, AltaVista and Lycos search engines.
   The outbreak caused by Mydoom.m caused the search engines either to
   intermittently fail, or to return results far slower than usual. The
   most serious problems were experienced by users in the UK, France, and
   parts of the US.
 
    27 July 2004 - No summer break for Microsoft
   VirusList.com News says Microsoft released its monthly security bulletin,
   together with patches for the latest vulnerabilities. The company, which
   says it is stepping up its security efforts, issued patches to fix 7
   separate vulnerabilities. Some of the vulnerabilities were not publicized
   prior to the release of...
 
    27 July 2004 - Microsoft Security Bulletin Summary for July 2004
   Microsoft TechNet Security's latest bulletins are as follows:
   Critical Security Bulletins
   * MS04-022 - Vulnerability in Task Scheduler Could Allow Code Execution
     (841873)
   * MS04-023 - Vulnerability in HTML Help Could Allow Code Execution
     (840315)
   Important Security Bulletins
   * MS04-019 - Vulnerability in Utility Manager Could Allow Code Execution
     (842526)
   * MS04-020 - Vulnerability in POSIX Could Allow Code Execution (841872)
   * MS04-021 - Security Update for IIS 4.0 (841373)
   * MS04-024 - Vulnerability in Windows Shell Could Allow Remote Code
     Execution (839645)
   Moderate Security Bulletins
   * MS04-018 - Cumulative Security Update for Outlook Express (823353)
 
    01 July 2004 - Latest Symantec Security Updates for June 2004
   Security Category 2: W32.Gaobot.AUS
   Security Category 2: W32.Randex.ATX
   Security Category 2: W32.Bugbear.K@mm
   Security Category 2: W32.Korgo.R
   Security Category 2: JS.Scob.Trojan
   Security Category 2: W32.Korgo!gen
   Security Category 2: W32.Randex.ATS
 
    16 June 2004 - F-Secure Radar Level 2: Zafi.B
   F-Secure Virus Report titled "Zafi.B worm can terminate antivirus
   programs", says they are upgrading Zafi.B to level 2 due to increased
   number of infections. Zafi.B sends emails in many different languages
   with variable content and .pif attachment. It disables security
   applications and tools as it has a feature that can close down firewalls
   and antivirus programs in order to help itself spread further.

    16 June 2004 - Microsoft Security Bulletin: MS04-011 [Re-Release]
   Microsoft TechNet Security's latest bulletin outlines "Security Update
   Re-Release for Microsoft Windows (835732)".  Reason for re-release:
   Updated bulletin to advise on the availability of an updated Windows
   NT 4.0 Workstation update for the Pan Chinese language. This update
   should be installed by customers even if the original update was
   installed.

    10 June 2004 - Padobot aka Korgo - what are the chances of infection?
   VirusList.com Alert says lately a lot of antivirus software vendors have
   been alerting Windows 2000 and Windows XP users worldwide to new variants
   of Worm.Win32.Padobot aka Korgo. A new variant of this malware appears
   every few days, with the latest being Padobot.e (named W32.Korgo by
   Symantec). Padobot variants exploit the Windows LSASS vulnerability
   described in MS Security Bulletin MS04-011. Other worms that have used
   this breach include Sasser, Cycle and Plexus. Padobot presents yet another
   example of why patching is important, since responsible users probably
   downloaded patches after the Sasser outbreak. If you haven't patched yet,
   you are open to infection by Padobot, Plexus and any other malware
   exploiting the LSASS vulnerability.

    13 May 2004 - Sasser and Agobot Coder Arrests - What Next?
   VirusList.com News says over this past weekend, two virus virus writers
   were arrested in Germany. Sven Jaschen has admitted to writing the Sasser
   worms and seemingly some of the Netsky worms. The second coder is alleg-
   edly involved in creating the endless Agobot/Phatbot worm family. Read
   the article to find out more about 'What do these arrests prove and where
   is cyber-law enforcement heading?

    12 April 2004 - Microsoft patches latest Windows flaw
   CNET reports Microsoft has detailed a new vulnerability in Windows XP
   and Windows Server 2003 that could enable an attacker to remotely execute
   malicious code. Microsoft says customers should install the update at the
   earliest opportunity.
   * Microsoft Security Bulletin MS04-015

    12 April 2004 - Microsoft Security Bulletin Re-releases, May 2004
   The following bulletins have undergone a major revision increment. Please
   see the appropriate bulletin for more details. To verify the digital sigs
   on any Microsoft bulletins, please download their PGP key at:
   http://www.microsoft.com/technet/security/bulletin/notify.mspx
   * Microsoft Security Bulletin MS01-052 (Version: 3.0)
   Originally posted: October 18, 2001   Updated: May 11, 2004
   Reason for re-release: Bulletin updated to advise of the availability of
   an update for Windows NT Server 4.0 Terminal Server Edition. This update
   addresses an additional denial of service vulnerability.
   * Microsoft Security Bulletin MS04-014 (Version: 2.0)
   Originally posted: April 13, 2004     Updated: May 11, 2004
   Reason for re-release: Microsoft has released a revised version of the
   Windows XP security update that contains the correctly localized optional
   Jet error strings.

     May 2004 - Virus creator may have made new version
   Story at Bell Globemedia, says that investigators say teen arrested Friday
   may have released latest Sasser virus variant just prior to being taken
   into custody

    07 May 2004 - Symantec Security Category 2: W32.Supova.Z@mm
   Symantec Security Updates reports W32.Supova.Z@mm is a mass mailing worm
   that sends itself to the email addresses in the Microsoft Outlook address
   book. The worm also uses IRC to spread. Read the report on how to get rid
   of this worm.
   The email has the following characteristics:
   Subject: This document is interesting
   Body:  Hi!  How are you, i hope all okay. I send you an attachment that
   you should see.
   Attachment: ha ha ha ha.doc.exe

    07 May 2004 - Net watchers wary of Sasser fallout
   Story at Globe and Mail, says that security experts are warning there
   could still be more trouble to come from Sasser worm

    05 May 2004 - VirusList Alert: Sasser spreads - no attachment required
   VirusList.com Alert says Sasser, the network worm which appeared over the
   weekend, differs radically from recent widespread worms. Unlike Bagle and
   Netsky, it does not spread via email, and can therefore infect machines
   without any action from the user. Instead, Sasser has more in common with
   Lovesan, which caused an epidemic in summer 2003.

    01 May 2004 - F-Secure Radar Level 2: Sasser
   F-Secure Virus Report says Sasser is an Internet worm spreading through
   the MS04-011 (LSASS) vulnerability. This vulnerability is caused by a
   buffer overrun in the Local Security Authority Subsystem Service, and
   will affect all machines that are:
   - Running Windows XP or Windows 2000
   - Haven't been patched against this vulnerability
   - Are connected to the Internet without a firewall
   See  the Microsoft Bulletin for more info on the vulnerability. F-Secure
   suggests reading the MS Bulletin MS04-011 and running the Windows Update
   to patch your systems now.
   * Click here for Frisk Report: W32/Sasser

    29 April 2004 - VirusList News: Phishing: don't take the bait
   VirusList.com News says phishing attacks, which use bogus 'security
   check' emails from well-known banks and financial services to trick users
   into handing over passwords and account details, are on the rise. A wide
   range of banks and financial institutions have been targeted, including
   Citibank, Lloyds, VISA, PayPal and many other major banks, credit card
   companies and electronic payment systems. It is estimated that approx-
   imately 5% of phishing attack victims respond by entering their details
   on bogus web sites. Banks and credit card companies are starting to wake
   up to this new threat, warning their customers not to disclose any
   personal data if the request is received via email. Instead, users should
   contact the bank or company directly for more information.

    15 April 2004 - New patches close 20 holes in Windows
   ZDNet says Microsoft has issued fixes for more than 20 security flaws as
   part of its monthly update

    15 April 2004 - Netsky attacks: Four sites down, one to go
   ZDNet says four out of the five Web sites targeted by a Netsky worm DDoS
   attack have either been knocked over, or had to change their Web address
   to remain accessible

    15 April 2004 - Microsoft Security Bulletin MS04-014
   Microsoft TechNet Security's latest bulletin outlines "Vulnerability in
   the Microsoft Jet Database Engine Could Allow Code Execution (837001)".
   Affected software includes Windows 98 Second Edition (SE). Microsoft
   recommends that customers install the update at the earliest
   opportunity.

    15 April 2004 - Microsoft Security Bulletin MS04-013
   Microsoft TechNet Security's latest bulletin outlines "Cumulative Security
   Update for Outlook Express (837009)". Affected software includes Microsoft
   Windows 98 Second Edition (SE) and Internet Explorer 6 SP1. Vulnerabliity
   could occur even if Outlook Express is not used as the default e-mail
   reader on the system. Microsoft recommends that customers install this
   update immediately.

    15 April 2004 - Microsoft Security Bulletin MS04-012
   Microsoft TechNet Security's latest bulletin outlines "Cumulative Update
   for Microsoft RPC/DCOM (828741)". Affected software includes Windows 98
   Second Edition (SE). An attacker who successfully exploits the most
   severe of these vulnerabilities could take complete control of the
   affected system. An attacker could then take any action on the affected
   system, including installing programs; viewing, changing, or deleting
   data, or creating new accounts that have full privileges. Microsoft
   recommends customers apply the update immediately.

    15 April 2004 - Microsoft Security Bulletin MS04-011
   Microsoft TechNet Security's latest bulletin outlines "Security Update
   for Microsoft Windows (835732)". The affected Software includes Microsoft
   Windows 98 Second Edition (SE). An attacker who successfully exploits the
   most severe of these vulnerabilities could take complete control of an
   affected system, including installing programs; viewing, changing, or
   deleting data; or creating new accounts that have full privileges.
   Microsoft recommends that customers apply the update immediately.

    05 April 2004 - IIS opens Witty worm patch to all customers
   ZDNet says ISS has said that all customers, regardless of their
   maintenance contracts, will be able to download a patch to protect
   themselves from the Witty worm - for now

    05 April 2004 - MSBlast infects eight million PCs
   ZDNet says a PC will on average receive an MSBlast-infected packet within
   a second of connecting to the Internet, according to a study by Symantec

    26 March 2004 - ISS products targeted by Witty worm
   ZDNet says ISS is warning users to patch their systems against the
   Witty worm, which writes junk data onto physical hard drives
 
    26 March 2004 - Symantec closes NIS back door
   ZDNet says Symantec has released a fix for a flaw in Norton Internet
   Security that could allow a back door to be opened
 
    26 March 2004 - Symantec Security Category 3: W32.Beagle.U@mm
   Symantec Security Updates reports W32.Beagle.U@mm is a variant of
   W32.Beagle.T@mm. The worm sends itself as an email with a blank subject
   and body and a randomly named attachment. It also opens a backdoor on
   TCP port 4751. Also Known As: Bagle.U, WORM_BAGLE.U, W32/Bagle-U and
   W32/Bagle.u@MM
 
    26 March 2004 - Symantec Security Category 2: W32.Snapper.A@mm
   Symantec Security Updates reports W32.Snapper.A@mm is a worm that spreads
   to all the contacts in the Windows Address Book. It does not send itself
   as an email attachment. Instead, it exploits the Internet Explorer Object
   Tag Vulnerability that is described in MS Security Bulletin  MS03-032.
   This vulnerability allows W32.Snapper.A@mm to automatically download and
   install the worm when the email is opened. Also Known As: I-Worm.Snapper,
   W32/Snapper@MM and Snapper
 
    26 March 2004 - Symantec Security Category 2: W32.Blackmal@mm
   Symantec Security Updates reports W32.Blackmal@mm is a mass-mailing worm
   that uses its own SMTP engine to email itself to all the contacts in MSN
   Messenger, Yahoo Pager, and email addresses found in the files with the
   m or .dbx extensions. The worm uses Windows Media Player to mask its
   malicious intentions and attempts to delete security software and system
   files. The email message has attachment with a .src, .exe, .zip, or .tgz
   file extension. Also Known As: W32/MyWife.a@MM, I-Worm.Nyxem, W32/Nyxem-A
   and WORM_BLUEWORM.A
 
    26 March 2004 - Symantec Security Category 2: W32.Gaobot.SA
   Symantec Security Updates reports W32.Gaobot.SA is a worm that attempts
   to spread through network shares that  have  weak  passwords and allows
   attackers to access an infected computer using a predetermined IRC
   channel. The worm uses multiple vulnerabilities to spread.
   Also Known As: W32.HLLW.Polybot.B, W32/Gaobot.worm.gen.d, Phatbot
 
    19 March 2004 - FRISK Virus Alert: Four new variants of W32/Bagle@mm
   F-Prot Antivirus Alert Service says the Bagle deluge continues with new
   additions to this rapidly growing family of mass-mailers. This newest
   variant differs from its predecessors in that it does not send itself as
   a binary attachment via e-mail. Instead, it sends out e-mail that takes
   advantage of vulnerabilities by launching a Visual Basic script that
   causes Outlook and Outlook Express to download the worm from the remote
   site.
   * Frisk Security Alert Risk: Low W32/Bagle.Q@mm
   * Frisk Security Alert Risk: Low W32/Bagle.R@mm
   * Frisk Security Alert Risk: Low W32/Bagle.S@mm
   * Frisk Security Alert Risk: Low W32/Bagle.T@mm
 
    19 March 2004 - Symantec Security Category 2: W32.HLLW.Polybot
   Symantec Security Updates reports W32.HLLW.Polybot is a worm that attempts
   to spread through network shares that have weak  passwords and allows
   attackers to access an infected computer using a predetermined IRC
   channel. The worm uses multiple vulnerabilities to spread.
   Also Known As: Phatbot, W32/Polybot.l!irc [McAfee], WORM_AGOBOT.HM [Trend]
   Backdoor.Agobot.hm [Kaspersky]
 
    19 March 2004 - Microsoft tightens XP's security
   ZDNet says Microsoft is nearing the finish line for its Service Pack 2
   update, with the release of a near-final version that features centralised
   security management
 
    17 March 2004 - Bagle eats Netsky as the worm turns
   ZDNet says the Bagle worm has turned into a killer: the latest variants
   are designed to search and destroy copies of Netsky
 
    15 March 2004 - Outlook flaw upgraded to 'critical'
   ZDNet says a security hole that Microsoft patched on Tuesday is more
   serious than first thought, the company says
 
    15 March 2004 - Bagle turns to anti-spam trick
   ZDNet says the latest Bagle variants are hiding their passwords in
   graphic files in a new ploy to avoid detection by antivirus software
 
    15 March 2004 - Netsky copycat sparks search for source code
   ZDNet says Antivirus companies are trawling the Internet looking for
   evidence that the author of Netsky has published the worm's source code,
   after new variants were discovered
 
    09 March 2004 - Microsoft Security Bulletin MS04-010
   Microsoft TechNet Security's latest bulletin outlines "Vulnerability in
   MSN Messenger Could Allow Information Disclosure (838512)". Affected
   Software: MSN Messenger MSN Messenger Gold Moderate
 
    09 March 2004 - Microsoft Security Bulletin MS04-009
   Microsoft TechNet Security's latest bulletin outlines "Vulnerability in
   Microsoft Outlook Could Allow Code Execution (828040)". Affected
   Software: Outlook 2002, Office XP Office XP SP2 Important
 
    09 March 2004 - Microsoft Security Bulletin MS04-008
   Microsoft TechNet Security's latest bulletin outlines "Vulnerability in
   Windows Media Services Could Allow a Denial of Service (832359)".
   Affected Software: Windows 2000 Advanced Server, Windows 2000
   Datacenter Server, Windows 2000 Server Windows 2000 Service Pack 2,
   Windows 2000 Service Pack 3, Windows 2000 Service Pack 4 Moderate
 
    09 March 2004 - Symantec Security Category 2: W32.Cone.C@mm
   Symantec Security Updates reports W32.Cone.C@mm is a minor variant of
   W32.Cone@mm. The worm sends itself to the email addresses it gathers from
   the files on an infected computer. The worm also modifies the local hosts
   file to prevent access to various websites.
   Aliases: W32.Cone@mm, W32.Cone.B@mm
 
    09 March 2004 - Netsky author signs out with final variant
   ZDNet says the author of Netsky.K tells antivirus researchers 'this is
   the last version' of the worm
   * Click here for NAI Virus Report: W32/Netsky.k@MM
   * Click here for Symantec Virus Report: W32.Netsky.K@mm
 
    08 March 2004 - FRISK Software's Guidelines for Safe Computing
   In light of the multiple virus outbreaks of recent days FRISK software
   presents users with a few simple guidelines for safer computing
   practices
 
    08 March 2004 - F-Secure Radar Level 2: Sober.D
   F-Secure radar alert says new Sober.D was found spreading mostly in
   Europe. It sends emails in both German and English and pretends to be
   a MS update to remove Mydoom. The infected email comes from a fake
   Microsoft address.
   Aliases: I-Worm.Sober.D, W32/Sober.D@mm, W32/Roca-a, Win32/Roca.A@mm
   * Click here for NAI Virus Report: W32/Sober.d@MM
   * Click here for Symantec Report Category 2: W32.Sober.D@mm
 
    08 March 2004 - Symantec Security Category 2: W32.Keco@mm
   Symantec Security Response is currently investigating this worm and will
   post more information as it becomes available.
 
    04 March 2004 - Antivirus software decrypts Bagle attachments
   ZDNet says the latest security software adds a new trick to its arsenal,
   decrypting and scanning password-protected attachments
 
    03 March 2004 - F-Secure Radar Level 2: Bagle.J
   F-Secure Virus Report says the 10th variant of Bagle during the last 5
   days (Bagle.J) is spreading in-the-wild. Bagle.J sends random emails with
   encrypted ZIP attachments, containing an executable with a Wordpad icon.
   Aliases: I-Worm.Bagle.i, W32.Beagle.J@mm, W32/Bagle.J@mm
 
    01 March 2004 - F-Secure Radar Level 2: Bagle worm variants (F & G)
   F-Secure Virus Report says two more Bagle worm variants(F and G) are
   spreading. They can send password-protected ZIPs, mentioning the password
   in the message. They use a deceiving icon for the attachment, looking
   like a folder.
   * Click here for Symantec Report Category 2 W32.Beagle.G@mm
   * Click here for Symantec Report Category 2 W32.Beagle.F@mm
 
    01 March 2004 - F-Secure Radar Level 2: Netsky.D
   F-Secure Virus Report says Netsky.D has been found. It is already
   spreading very rapidly. It sends emails with random subject, one line
   of English text and a random PIF attachment. It will play weird beeping
   sounds on March 2nd.
   * Click here for Symantec Report Category 2 W32.Netsky.D@mm
   * Click here for Frisk Report W32/Netsky.D@mm
 
    26 February 2004 - MyDoom & Netsky altered to attack vulnerable users
   ZDNet says despite requiring the computer user to actively run an
   attachment, Netsky.C seems to be spreading fast, with antivirus vendor
   Central Command claiming it had discovered 1,500 infections of the virus
   within 40 minutes of its discovery. Like Netsky.B, the latest virus uses
   its own SMTP engine to email itself to addresses found on the computer,
   and copies itself into any folder it finds whose name includes "shar".
   MyDoom.F is the latest variant of the virus that launched a distributed
   denial of service (DDoS) attack against the SCO Web site early this month.
   The latest variant launches a DDoS attack against both www.microsoft.com
   and www.riaa.com if the infected computer's local system is dated between
   17 and 22 of any month. The virus also opens a backdoor which will allow
   crackers to gain access to the computer. MyDoom.F also randomly deletes
   files on the infected computer, a feature that has started to die out
   from viruses.
   * Click here for F-Secure Virus Report on Mydoom.F
   * Click here for Symantec Report on W32.Mydoom.F@mm
   * Click here for F-Secure Virus Report on Netsky.C
   * Click here for Symantec Report on W32.Netsky.C@mm
 
    25 February 2004 - Another MyDoom spreads havoc
   ZDNet says a new version of the virulent worm deletes files from infected
   computers at random
 
    25 February 2004 - Symantec Security Category 2: W32.Bizex.Worm
   Symantec Security Updates reports W32.Bizex.Worm spreads by sending an
   ICQ message that contains a link to all the contacts in the users's ICQ
   contacts list. W32.Bizex.Worm has several components which may be down-
   loaded by clicking on the hyperlink received via ICQ message. The Web
   site has a maliciously formated HTML file that refers a sound scheme file
   meine.scm within an IFRAME tag. When you click on the link, meine.scm is
   downloaded locally. This file is 13,502 bytes in length. 
   Also Known As: Worm.Win32.Bizex [Kaspersky], W32/Bizex.worm [McAfee],
   W32/Bizex-A [Sophos], W32/Bizex.worm.dll
   * Click here for FRISK Security Alert: W32/Bizex.A
   * Click here for NAI Virus Report: W32/Bizex.worm
 
    24 February 2004 - Symantec Security Category 2: W32.Welchia.D.Worm
   Symantec Security Updates reports W32.Welchia.D.Worm is a minor variant
   of W32.Welchia.C.Worm. The worm exploits multiple vulnerabilities, and
   attempts to exploit the W32.Mydoom.A@mm backdoor (port 3127) to spread.
   The presence of the file, 'Windir\system32\drivers\svchost.exe', is an
   indication of a possible infection. Systems Affected: Windows 2000,
   Windows XP
 
    19 January 2004 - FRISK Security Alerts: W32/Netsky.B@mm
   F-Prot Antivirus Alert Service says this is a mass mailer that uses its
   own mail engine. It attempts to improve spreading by copying itself to
   directories called "Share" or "Sharing". The attachments can be zip
   files or have double extensions. If it is already in memory when executed
   it terminates, else it displays a dialog box. After the user closes that
   dialog box the worm creates a copy of itself in the windows directory
   named services.exe. It puts itself in the registry so it gets executed on
   every startup. The worm achieves that by adding a value called service in
   the registry key. It also makes an attempt to disable certain software by
   removing values from the registry. Removal Instructions: If you run the
   OnDemand Scanner regularly it can be used to disinfect but some viruses,
   such as Netsky.B@mm, it is necessary to disinfect using the DOS scanner
   (for Windows 95/98/ME) or the Command-line scanner (for Windows NT/2000/XP)
   Alias: I-worm.Moodown
   * Click here for F-Secure Virus Report on NetSky.B
   * Click here for NAI Virus Report: W32/Netsky.b@MM
   * Click here for Symantec Report on W32.Netsky.B@mm
 
    19 January 2004 - FRISK Security Alerts: W32/Bagle.B@mm
   F-Prot Antivirus Alert Service says to make sure you always have the
   latest version of F-Prot Antivirus installed on your computer and update
   the virus signature files regularly. Kaspersky Labs says Bagle.b arrives
   in messages with subject lines reading 'ID' followed by a random string
   of characters. The body also starts with 'ID' followed by another random
   character string. The backdoor function of Bagle opens port 8866 leaving
   machines open to further attacks. The danger lies in the possibility of
   infected computers being used as platforms for spam or DoS attacks. The
   good news is that Bagle.b is scheduled to stop spreading on February 25,
   2004. The bad news is that there's no telling what use will be made of
   the network of victim machines the worm will leave for its creator.
   Alias: W32.Beagle.B@mm, WORM_BAGLE.B, I-Worm.Bagle, W32/Tanx.A,
   W32/Yourid.A
   * Click here for KLabs Virus Alert on Bagle
   * Click here for F-Secure Virus Report on Bagle worm
   * Click here for NAI Virus Report: W32/Bagle.b@MM
   * Click here for Symantec Report on W32.Beagle.B@mm
 
    10 February 2004 - Microsoft Security Bulletin MS04-007
   Microsoft TechNet Security's latest bulletin outlines "ASN.1 Vulnerability
   Could Allow Code Execution (828028)". The vulnerability is caused by an
   unchecked buffer in the Microsoft ASN.1 Library, which could result in a
   buffer overflow.
 
    10 February 2004 - Microsoft Security Bulletin MS04-006
   Microsoft TechNet Security's latest bulletin outlines "Vulnerability in
   the Windows Internet Naming Service (WINS) Could Allow Code Execution
   (830352)". This  vulnerability  exists because of the method that WINS
   uses to validate the length of specially-crafted packets.
 
    12 February 2004 - Welchia returns: a new version of the 'virtuous' virus
   VirusList.com Alert says Welchia.b uses the DCOM RPC vulnerability and
   the WebDav vulnerability in MS IIS 5.0 to spread through the Internet.
   It then attempts to locate and delete Mydoom, as well as installing the
   Microsoft patch for the DCOM vulnerability. These actions may seem
   constructive, not destructive at first glance. However, the author of
   Welchia has committed at least two cyber-crimes: unauthorized access
   (breaking and entering) and continued unsanctioned access. While reminding
   users to use patches is important, it should be only done by legal means.
   Welchia.b is coded to retain control over infected computers until June
   1, 2004
   Useful Links Detailed descriptions of: Welchia.b
   * Mydoom.a
   * Mydoom.b
   * Lovesan
   * Welchia.a
   * MS Security Bulletins: DCOM RPM vulnerability
   * WebDav in MS IIS 5.0
   * Microsoft Security Bulletin MS04-007
 
    09 January 2004 - F-Secure Radar Level 2: Doomjuice
   F-Secure Virus Report titled "Authors of Mydoom worm launched yet another
   attack",says Doomjuice spreads between computers that are already infected
   with the Mydoom.A  worm. It uses the backdoor installed by Mydoom.A. To
   locate machines with the backdoor open, Doomjuice scans random IP addresses
   by trying to connect to TCP port 3127. If the port is open the worm sends
   itself in a specially crafted package that makes the Mydoom.A infected
   machine to execute the file thus infecting it with Doomjuice too. After
   entering the system Doomjuice copies itself to Windows System Directory as
   'intrenat.exe'. The copy is added to the registry.
   Aliases: Mydoom.c W32.HLLW.Doomjuice Worm.Win32.Doomjuice and
   WORM_DOOMJUICE.A
   * Click here for NAI Virus Report: W32/Doomjuice.worm.a
   * Click here for Symantec Report on W32.HLLW.Doomjuice
 
    06 February 2004 - Check Point warns firewall can be breached
   ZDNet says the software firm says an attacker could compromise its
   firewall if a patch is not installed [vht-can note: Not comforting, when
   you think of 'Check Point Software Technologies To Acquire Zone Labs'
   announcement in December 2003
 
    06 February 2004 - Microsoft IE patch leaves users locked out
   ZDNet says when Microsoft patched a security hole in Internet Explorer
   this week, it also blocked users from accessing certain Web sites
 
    02 February 2004 - Microsoft Security Bulletin MS04-004
   Microsoft TechNet Security's latest bulletin outlines "Cumulative
   Security Update for Internet Explorer (832894)". This is a cumulative
   update that includes the functionality of all the previously-released
   updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet
   Explorer 6.0. Additionally, it eliminates three newly-discovered
   vulnerabilities.
 
    28 January 2004 - FRISK Security Alerts: W32/Mydoom.A@mm
   F-Prot Antivirus Alert Service says W32/Mydoom.A@mm spreads via e-mail
   messages with technically sounding subject lines. The attachment
   containing the worm's executable also bears technical and harmless-
   sounding names. However, if such an attachment is executed, the worm
   infects the computer, harvests e-mail addresses from the hard drive and
   then spreads itself further by sending itself to these addresses.
   Users of F-Prot Antivirus should update their virus signature files
   immediately. W32/Mydoom.A is detected by F-Prot Antivirus using virus
   signature files dated 26 January 2004 and later. W32/Mydoom.A@mm is also
   known as: W32.Novarg.A@mm WORM_MIMAIL.R W32/Mydoom@mm Mydoom Win32/Shimg
   * Click here for F-Secure Virus Report: Mydoom
   * Click here for NAI Virus Report: W32/Mydoom@MM
   * Click here for Symantec Virus Report: W32.Novarg.A@mm
   * Zone Labs Security Alert: MyDoom Worm
   While the free version of ZoneAlarm can prevent an infected host from
   further exploitation by not allowing the worm to open TCP port 3127, it
   does not provide the enhanced MailSafe Protection. Users of the free
   ZoneAlarm  should consider upgrading to ZoneAlarm Pro to take advantage
   of MailSafe features.

    28 January 2004 -  NAI Virus Report: W32/Dumaru.y@MM
   Network Associates says this worm contains its own SMTP engine to
   construct messages and harvests target email addresses from the local
   machine. Additionally, the worm is also intended to steal data from the
   victim machine (eg. certain application passwords, keylogger data).
   This may be triggered via remote commands from the hacker.
   Aliases: CapeGold W32.Dumaru.Y@mm (NAV) W32/Dumaru.z@MM Win32/ZHymn (CAI)
   and WORM_DUMARU.Y (Trend)
   * Click here for Symantec Virus Report: W32.Dumaru.Z@mm

    19 January 2004 - FRISK Virus Alert: W32/Bagle.A@mm
   W32/Bagle.A@mm is a mass-mailing worm that also behaves like a trojan
   downloader in its attempts to access remote websites. This is a time-
   restricted worm and will not execute if the system date has passed the
   27th of January 2004. Bagle.A harvests e-mail addresses from the infected
   machine's harddrive in order to spread itself further. The worm uses its
   own SMTP engine to send out e-mails to these harvested addresses and fakes
   the [From:] address by using another of these harvested addresses. This
   means that these e-mails can appear to be sent by someone the recipient
   knows. The subject of these e-mails is normally "Hi", the attachment's
   name is generated with random characters and the attachment's icon is
   identical to that of Windows Calculator.
   * Click here for F-Secure Virus Report: Bagle
   * Click here for NAI Virus Report: W32/Bagle@MM
   * Click here for Symantec Report: W32.Beagle.A@mm 
 
    19 January 2004 - Antivirus firms fear Bagle's bite
   ZDNet says a new worm spreading rapidly in the Asia Pacific region mimics
   Sobig's attitributes
 
    19 January 2004 - VoIP holes remain open
   ZDNet says Microsoft is still checking its products for vulnerabilities
   after a bug was discovered in its implantation of a VoIP standard
 
    15 January 2004 - Microsoft update ignores spoofing hole
   ZDNet says Microsoft has released its January batch of patches but has
   failed to fix an Internet Explorer 'phishing' vulnerability
 
    15 January 2004 - Microsoft Security Bulletin MS04-003
   Microsoft TechNet Security's latest bulletin outlines "Buffer Overrun in
   MDAC Function Could Allow code execution (832483)".
 
    15 January 2004 - Microsoft Security Bulletin MS04-002
   Microsoft TechNet Security's latest bulletin outlines "Vulnerability in
   Exchange Server 2003 Could Lead to Privilege Escalation (832759)".
 
    15 January 2004 - Microsoft Security Bulletin MS04-001
   Microsoft TechNet Security's latest bulletin outlines "Vulnerability in
   H.323 Filter can Allow Remote Code Execution (816458)".
 
    15 January 2004 - Symantec slams the door on Live Update flaw
   ZDNet says security company Symantec has had to update its Live Update
   feature to fix a flaw that could open a security hole in the software
 
    15 January 2004 - Yahoo fixes Messenger transfer flaw
   ZDNet says Yahoo haixed a bug in its instant messenger application after
   it was found to be vulnerable to buffer-overflow errors when receiving
   files, potentially leaving PCs open to attack
 
    15 January 2004 - Xombe Horse imitates Microsoft security warning
   ZDNet says an email pretending to be a Microsoft security warning
   harbours a malicious Trojan horse
 
    09 January 2004 - Symantec Security Category 2: Trojan.Xombe
   Symantec Security Updates reports Trojan.Xombe is a Trojan horse that
   has at least two components: a 4,096 byte downloader and a 27,136 byte
   Trojan. The downloader component will retrieve the Trojan file from a
   predetermined Web site. The download component has been distributed in
   an unsolicited email, purporting to be a security update for Windows XP,
   sent by Microsoft. The email has the following characteristics:
   From: windowsupdate@microsoft.com
   Subject: Windows XP Service Pack 1 (Express) - Critical Update.
   Attachment: winxp_sp1.exe (4,096 KB)
   Aliases: Xombe [FSecure], Downloader-GJ [McAfee], Troj/Dloader-L [Sophos]
   Trojan.Win32.Xombe and TrojanDownloader.Win32.Xombe
   Additional information: To prevent this Trojan from running, outgoing
   HTTP connections to domain gamemaniacs.org can be blocked.
   * Click here for F-Secure Virus Report: Xombe
 
    08 January 2004 - Symantec Security Category 2: W32.Mimail.P@mm
   Symantec Security Response has received a new variant of W32.Mimail.P
   Information will be made available as analysis of this sample is completed
   This threat spreads via email which has the following characteristics:
   Subject: GREAT NEW YEAR OFFER FROM PAYPAL.COM!
   Attachment: pp-app.zip
   Aliases: W32/Mimail.p@MM [McAfee], Win32.Mimail.P [Computer Associates],
   WORM_MIMAIL.P [Trend]
 
    08 January 2004 - Symantec Security Category 2: W32.Bugbros@mm
   Symantec Security Updates reports W32.Bugbros@mm is a mass-mailing worm
   that uses Microsoft Outlook to send itself to all the contacts in the
   Outlook address book.
   The email has the following characteristics:
   From: support@microsoft.com
   Subject: LiveUpdate Informations
   Attachment: [varies]
 
    08 January 2004 - Microsoft seeks to stamp out persistent worm
   ZDNet says Microsoft has released a removal tool for the Blaster worm,
   saying many PCs remain infected and are causing network congestion
 
    05 January 2004 - New Year rings in more worms
   ZDNet says Jitux has begun to spread through MSN Messenger, while Quis
   wreaks Christmas-themed mayhem on Windows PCs
 
    05 January 2004 - Symantec Security Category 2: W32.Cissi.A@mm
   Symantec Security Updates reports W32.Cissi.A@mm is a mass-mailing worm,
   which also contains backdoor functionality to connect to an IRC server.
   This worm can also wait for commands. It can spread to systems that do
   not have passwords or to ones that have simple passwords.
 
    04 January 2004 -  NAI Virus Report: W32/Jitux.worm
   Network Associates says this detection is for a worm intended to pro-
   pagate via MSN Messenger instant messaging. It propagates by sending
   messages to the MSN messenger contact list. The messages contain a link
   to the worm itself. When the link is clicked, the worm is downloaded to
   the target machine. Aliases: Win32/HLLW.Retgeek (GeCAD)
 
    04 January 2004 -  NAI Virus Report: W32/Gluber.b@MM
   Network Associates says this mass-mailing worm contains a remote access
   component, that allows a remote attacker to carry out tasks on an
   infected system. The worm spreads via email and accessible network shares
   It uses its own SMTP engine to spread to email addresses it finds in the
   files on your computer. This worm also gives an attacker complete access
   to your computer. By default, it listens on port 5373. The worm attempts
   to terminate various security products and system-monitoring tools.
   Variants: W32.Gluber@mm Aliases: I-Worm.Beglur.b (AVP) W32.Gluber.B@mm
   (Symantec) W32/Capush.B@mm (F-Secure) Win32.Bugler.B (CA) WORM_GLUBER.B
   * Click here for Symantec Report Security Category 2: W32.Gluber.B@mm
 
   Top of Page


   Miscellaneous

    02 September 2004 - Oracle patches finally released
   ZDNet says the database maker has fixed several flaws in its software
   as it attempts to move to a monthly patching schedule
 
    31 August 2004 - NAI Virus Report: Phish-BankFraud.eml
   Network Associates says the term Phish describes a scam designed to
   trick people into handing over personal information to thieves. Phish
   often arrives as an email message where the attacker has forged, or
   spoofed, the sender's address to make the message look authentic. Such
   messages usually ask the user to connect to a forged website to enter
   in personal information such as Username, Password and Account number.
   The Phish-BankFraud.eml detection covers Phishing messages designed to
   steal bank account information. NOTE: Whenever connecting to a website
   that requires a username and password, it is best to open a new web
   browser window and manually navigate to the site, rather than clicking
   a hyperlink sent to you in email. Read report for method of infection
   and removal instructions.
 
    31 August 2004 - Phishing lures first German victims
   ZDNet says two Postbank customers revealed money transfer codes to bogus
   Web sites, the bank has revealed
 
    31 August 2004 - One hundred suspects netted in cybercrime raids
   ZDNet says a global crackdown has resulted in 100 arrests in relation to
   identity theft and hacking
 
    25 August 2004 - Nokia to secure high-end phones
   ZDNet says encryption software will allow mobile users to protect data
   stored on their handset and memory cards
 
    25 August 2004 - Cisco flaw creates an opening for insider attacks
   ZDNet says the networking giant has warned of a bug in its routing
   software but an analyst says only experienced Cisco technicians are
   likely to be able to exploit it
 
    25 August 2004 - Fake virus texts send Evil message
   ZDNet says the makers of Resident Evil have fallen from grace with
   security firm Sophos after launching a controversial SMS marketing
   campaign
 
    13 August 2004 - Mosquito Trojan bites smartphones
   ZDNet says a virus that is able to send costly SMS messages from
   smartphones is now in the wild
 
    13 August 2004 - Opera cross-domain scripting vulnerability
   Security Focus says an attacker might leverage this issue to steal cookie
   based authentication credentials, conduct phishing attacks along with
   other attacks.  Furthermore, provided there is an HTML script invoking
   'location' methods local to a victim's computer (such as c:/winnt/help/
   ciadmin.htm in most Microsoft Windows implementations) an attacker can
   exploit this issue to gain read access to directory contents, files and
   email read using Opera's email utilities. Although this issue is reported
   to affect versions 1.52 and 1.53 of the affected software, it is likely
   that earlier versions are also affected.
 
    13 August 2004 - Thomson SpeedTouch home ADSL modem vulnerability
   Security Focus says a vulnerability is reported to exist in the
   algorithms used by Thomson SpeedTouch Home ADSL Modem to generate
   initial TCP sequence numbers. The ability to predict TCP sequence
   numbers may allow a remote attacker to inject packets into a vulnerable
   data stream, for example the telnet service on the affected modem.
 
    05 August 2004 - Email Privacy is Lost
   Security Focus article by Scott Granneman, says as if the common use of
   "web bugs" inside spam was not enough, companies are using new techniques
   to watch and track the private emails you read, forward, print, and more
 
    16 June 2004 - Mobile worm Cabir, causes no serious threat
   F-Secure says the Cabir worm runs in mobile phones that use the Symbian
   Series 60 user interface platform. The worm is packed in a Symbian
   installation file (.sis) and tries to spread further over Bluetooth. When
   installed in the phone, the worm activates automatically and starts
   looking for new devices that use Bluetooth. Once Bluetooth phones in
   discoverable mode are found, the worm tries to replicate by sending
   itself to them. The worm activates, if the user of the receiving phone
   chooses to accept and install the received file named caribe.sis, which
   contains the worm. Although the worm does not cause any immediate threat
   to phone users, it clearly demonstrates the fact that technology to write
   viruses on mobile devices already exists and is also known to virus
   writers.
   * Click here for more information and screenshots

    27 April 2004 - Special Report: Eight steps to being ready for disaster
   Debra Young of TechRepublic published this report on April 27, 2004,
   and outlines 'How to make sure that your business continuity is up to
   scratch'

    27 April 2004 - Special Report: How to survive a catastrophic outage
   Debra Young of TechRepublic published this report on February 2, 2004,
   and outlines 'Being prepared remains the key to disaster recovery'

    27 April 2004 - Code exists to exploit TCP flaw
   ZDNet says Symantec has confirmed that malicious code that can take
   advantage of the Transmission Control Protocol flaw reported this week
   exists but says that the risk of real problems is remote

    27 April 2004 - Cisco squashes one bug
   ZDNet says a fix for a critical TCP flaw has been released by Cisco

    26 March 2004 - Scripting flaw hits Hotmail and Yahoo
   ZDNet says the Web-based email services are vulnerable to a script-based
   attack discovered by a security researcher, but Microsoft says it has
   plugged the hole
 
    19 March 2004 - OpenSSL shuts attack holes
   ZDNet says two patches have been released for flaws in the open-source
   security program that permit denial-of-service attacks that could cripple
   the Internet
 
    05 March 2004 - Antivirus firm improves security after emailing virus
   ZDNet says F-Secure says users will no longer be able to submit attach-
   ments to its mailing list, after copies of a virus were forwarded to
   customers
 
    04 March 2004 - US legislators seek to ban spyware
   ZDNet says a proposed bill would make it illegal for software to install
   itself without a user's consent
 
    04 March 2004 - AIM add-on prompts spyware concerns
   ZDNet says a game distributed with new versions of AOL Instant Messenger
   does not respect users' privacy, critics say
 
    09 February 2004 - Bluetooth phones at risk from 'snarfing'
   ZDNet says a serious Bluetooth security vulnerability allows mobile phone
   users' contact books to be stolen. You've heard of bluejacking - now meet
   'bluesnarfing'
 
    06 February 2004 - Phishers improve bait as they target ISPs
   ZDNet says even tech-savvy users could be fooled by the latest phishing
   scams, which have evolved beyond all recognition in their bid to steal
   credit card details, says an anti-phishing organisation
 
    06 February 2004 - Spyware masquerades as helpful software
   ZDNet says programs promising to fight ads and unwanted monitoring may
   actually be spying on unwitting users
 
    28 January 2004 - SCO offers reward for MyDoom author
   ZDNet says SCO will pay $250,000 for information leading to the
   conviction of MyDoom's creator

    15 January 2004 - Barclays scam email exploits new IE flaw
   ZDNet says con artists have begun using an address-hiding flaw to trick
   Barclays' online banking customers into revealing their personal details
 
    15 January 2004 - Cyberwarfare 'a reality in 12 months'
   ZDNet says the increasing reliance on IP networks in critical infra-
   structure organisations such as banks and power stations could mean
   trouble, Gartner claims
 
    09 January 2004 - Chips to fight viruses
   ZDNet says AMD and Intel are developing technology that will prevent
   processors being hijacked by attackers
 
    09 January 2004 - Yahoo IM bug attacks file transfers
   ZDNet says Yahoo's instant messenger application is vulnerable to buffer
   overflow errors when receiving files, potentially leaving PCs open to
   attack
 
    08 January 2004 - Almost half of Kazaa downloads 'threaten security'
   ZDNet says around 45 percent of files downloaded from Kazaa compromise
   security, according to the latest research. Even if you don't use Kazaa,
   you may not be safe
 
    08 January 2004 - AOL to stamp out spies
   ZDNet says the Internet giant will include anti-spyware software in its
   flagship online service
 
   Top of Page


Virus Help Team Canada Site (c)2000-2012 by Charlene
VHT-CAN and our webhoster disclaimes any responsibility for software obtained through this site. All copyrights and trademarks are acknowledged
Contact VHT-Canada

Last Updated: December 01, 2005