Virus Security Information Page

               MSNBC News Symantec Security Check       ISC Logo            NSA     Secunia - Stay Secure

Symantec Security Check is a free service designed to help you understand your computer's exposure to online security intrusions and virus threats. To access site click here .

Use Windows Update on a regular basis,  or Schedule Automatic Updates in Windows XP, Windows 2000, or Windows Server 2003  Click here for more details.  NOTE:  close ALL programs before you run updates.  If this is a host server your need to turn off all the services you can before you attempt any patch. Exchange Server may not work after a patch if this is not done.  U.S. Department of Homeland Security US-CERT strongly encourages users to install and maintain anti-virus software and exercise caution when handling attachments. Anti-virus software may not be able to scan password protected archive files so users must use discretion when opening archive files and should scan files once extracted from an archive.  Why should I run Windows update?

Why do I have to have a password?  Computerworld - Study: Weak passwords really do help hackers. Four computers left online for 24 days were hit by 270,000 hacking attempts. Click here for details.
 

10/23/2007 Tuesday NetworkWorld - Adobe patches critical PDF vulnerability - Adobe patched its Reader and Acrobat programs today to fix a flaw that exposed most Windows XP users to exploits arriving in malicious PDF files. The patches are included in updates to Reader, the for-free PDF rendering utility, and Acrobat, Adobe's full-featured application; both have been tagged as Version 8.1.1.  Click here for details.
 

10/10/2007 Wednesday McAfee - Microsoft has issued a Security Advisory on a remote command execution possibility in Internet Explorer 7 (IE7) on Windows XP and Windows 2003. The flaw lies in the way URIs and URLs are validated in IE7. A user would need to be coerced into following a malicious URI or URL presented in certain applications (e.g. Mozilla Firefox, Adobe Acrobat Reader, and Outlook are among the documented applications). IE7 users are strongly advised not to follow any unknown links specially those in unsolicited e-mails or instant text messages. Click Here for details.

10/09/2007 Tuesday ComputerWorld - Microsoft Corp. today released six security bulletins that patched nine vulnerabilities in Windows, Internet Explorer, Microsoft Word, Outlook Express and SharePoint.

MS07-057, the critical update to IE, should be patched first, said Andrew Storms, director of security operations at nCircle Network Security Inc. "It's an update for every version of IE and for every supported version of Windows, so its impact is across the board," he said. Of the four vulnerabilities patched by the update, three are related to address-bar-spoofing, the practice of disguising the URL shown by a browser to trick users into thinking they're visiting a safe or legitimate site. Two of those three were publicly disclosed in February and July, the first by Polish researcher Michal Zalewski and Danish researcher Jakob Balle of Secunia, the second by Zalewski alone. Click Here for details.

iTnews - Microsoft patches 19 bugs with 7 bulletins, all critical. The vulnerabilities being fixed include a highly critical bug in Microsoft Exchange and a zero-day flaw in the DNS Server Service. Click Here for details.
 

09/17/2007 Monday Symantec Corp. - CUPERTINO, Calif. – Sept. 17, 2007 – The latest Internet Security Threat Report (ISTR), Volume XII released today by Symantec Corp. (Nasdaq: SYMC) concludes that cyber criminals are increasingly becoming more professional – even commercial – in the development, distribution and use of malicious code and services. While cybercrime continues to be driven by financial gain, cyber criminals are now utilizing more professional attack methods, tools and strategies to conduct malicious activity. Click here for more details.

09/11/2007 Tuesday U.S. Department of Homeland Security US-CERT - Microsoft Releases September Security Bulletins. Microsoft has released updates to address vulnerabilities in Windows, Visual Studio, Windows Services for UNIX, Subsystem for UNIX-based Applications, MSN Messenger, and Windows Live Messenger as part of the Microsoft Security Bulletin Summary for September 2007.

InfoWorld - Hackers update malware tool kit with zero-day code. Newest iteration of IcePack kit is the first to include attack code aimed at exploiting unpatched Microsoft bug. Click here for details. 

eWeek - Microsoft is throttling a potentially evil paperclip this Patch Tuesday: Namely, a critical vulnerability in its Microsoft Agent—aka "Clippy"—that can open a system up to hijacking. "This one is critical, and it's like a browser fix: You surf to an evil Web site and you'll get hacked" Click here for details.
 

09/06/2007 Thursday NetworkWorld - Financially motivated malware attacks are on the rise, with automated software packages making it easy for unskilled hackers to earn a living by sending out spam, researchers at messaging security vendor Secure Computing say.  Click here for details.


08/22/2007 Wednesday InfoWorld -
The Storm malware, which first appeared in January of this year, is showing no signs of slowing down -- just this week reinventing itself as a Web site membership confirmation message.  Click here for details.

U.S. Department of Homeland Security US-CERT is aware of several new propagation techniques being used by the Storm Worm Trojan to spread. The new variants arrive as either an email message claiming to contain a link to adult pictures, or as credentials for a membership-based website, asking you to login to change your temporary ID and password. The messages contain links to malicious websites that when visited, install malware on the user's system.

U.S. Department of Homeland Security US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:

* Do not follow unsolicited links.
* Install anti-virus software, and keep its virus signature files up-to-date.
* Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

eWeek - The Storm worm continues to sweep through the Internet, this time via a new series of spam e-mails that use login account confirmation details as bait to get recipients to visit malicious Web sites.  Click here for details.

08/14/2007 Tuesday U.S. Department of Homeland Security US-CERT - Cyber Security Alert SA07-226A - Vulnerabilities in Microsoft Windows, Windows Media Player, Office, and Office for Mac may allow an attacker to access your computer, install and run malicious software on your computer, or cause it to crash. Run Windows Update!!!  Click here for details.  eWeek - Patch Tuesday brings with it a host of security issues with Vista, issues with virtualization and a fun time for system administrators who deal with clients using some wildly popular Microsoft applications: Internet Explorer and Excel. Microsoft released nine security patches for 14 vulnerabilities, with six of the updates rated critical, in its biggest patch release since February.  Click here for details.
 

08/08/2007 Wednesday Computer World - Leaked Vista hotfix packs now official, ready to download. Microsoft also confirms Vista SP1 and XP SP3 now in hands of testers.  Click here for details.

06/12/2007 Tuesday U.S. Department of Homeland Security US-CERT - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Windows Secure Channel, Internet Explorer, Win32 API, Windows Mail and Outlook Express. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.  Click here for details.

05/08/2007 Tuesday U.S. Department of Homeland Security US-CERT - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Office, Exchange, Cryptographic API Component Object Model (CAPICOM), and BizTalk.  Click here for details.
 

04/13/2007 Friday U.S. Department of Homeland Security US-CERT - Microsoft has released a security advisory regarding a vulnerability in the Domain Name System (DNS) Server Service. This vulnerability affects Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2.  Click here for details.  eWeek - Microsoft is investigating attacks exploiting a vulnerability in the Windows Server Domain Name System Service, as well as two types of hacks targeting Vista's OEM BIOS activation feature. Click here for details.  InfoWorld - Microsoft warns of dangerous flaw in DNS server. 'Highly critical' vulnerability in several Microsoft server products could allow attackers to run unauthorized code. Click here for details.
 

04/06/2007 Friday InfoWorld - Microsoft patching five flaws, two critical - The software giant returns to its monthly security update schedule, announcing plans to ship fixes for five vulnerabilities including four issues in Windows -- one of which it ranked as critical.

Some industry watchers are already questioning why Microsoft's April 2007 Patch Tuesday distribution fails to address at least three known vulnerabilities in its popular Office software, including a code execution in Word that has been exploited and reported publicly since at least mid-February.  Click here for details.
 

04/03/2007 Monday InfoWorld - Microsoft issues emergency Windows patch. The patch fixes a flaw in the processing of .ani animated cursor files that hackers have been exploiting heavily since last week. Click here for details.  Microsoft - A security issue has been identified that could allow an attacker to compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.  Click here for details.  InfoWorld -  ANI Exploit Tries the 'Hot Pictures of Britiney Speers' Shtick - Spam promising "Hot Pictures of Britiney Speers [sic]" is linking to sites hosting the Windows ANI exploit, Websense discovered today. The e-mail, coming from "Nude BritineySpeers.com," is written in HTML and contains text that allows it to skirt anti-spam rules in the HTML comments. The come-on is from a server hosted in Russia that Websense says is the same one used previously by groups to install rootkits, password-stealing Trojans and other malware.  Click here for details.  UPDATE04/10/2007 Tuesday InfoWorld - By Jeremy Kirk, IDG News Service - Over 2,000 sites exploit .ani security flaw. The number of Web sites exploiting the problem will continue to rise unless patches are immediately applied. Click here for details.

04/02/2007 Monday MSNBC/REUTERS - SAN FRANCISCO - Microsoft Corp. plans to patch a security hole in Windows on Tuesday related to an animated cursor that hackers have used to launch attacks after users click on links to malicious Web sites. Click here for details.

02/14/2007 Wednesday  InfoWorld - Microsoft fixes critical flaw in security products Half of the 12 updates are listed as 'critical' as they plug major security holes in MS software, including Word, Office, and Explorer.  Click here for details.  eWeek - Microsoft Patches 20 Security Vulnerabilities - The software giant matches its all-time high for monthly security fixes, issuing a dozen bulletins that aim to patch 20 holes in its products, including 14 critical issues in Windows, Office, IE and even its own anti-virus tools.  Click here for details.

01/21/2007 Friday REUTERS - Storm Worm hits computers around the world - most users would not notice the malware, or trojan, which creates a back door to the computer that can be exploited later to steal data.  Click here for more details.

01/10/2007 Wednesday - MSNBC/AP - REDMOND, Wash. - Microsoft Corp. released three security patches for its prevalent Office line of software and one for the Windows operating system on Tuesday, fixing holes that could let an outsider take control of an unwitting victim's computer. Click here for more details.
 

01/01/2007 Monday - the Month of Apple Bugs This initiative aims to serve as an effort to improve Mac OS X, uncovering and finding security flaws in different Apple software and third-party applications designed for this operating system. A positive side-effect, probably, will be a more concerned (security-wise) user-base and better practices from the management side of Apple. Also, we want to develop and provide tools and documented techniques to aid security research in this platform. If nothing else, we had fun working on it and hope people-with-a-brain out there will enjoy the results.  Click here for details
 

Links to virus alerts pages from past years

 

©2000-2007 Internet Partners, Inc.
1800 NW 167th Place Suite 160 - Beaverton, Oregon 97006-8132
+1 503 690 2700    FAX +1 503 690 9700