Virus Security Information Page

              MSNBC News

Symantec Security Check 

    ISC Logo       

Symantec Security Check is a free service designed to help you understand your computer's exposure to online security intrusions and virus threats. To access site click here .

Use Windows Update on a regular basis,  or Schedule Automatic Updates in Windows XP, Windows 2000, or Windows Server 2003  Click here for more details.  NOTE:  close ALL programs before you run updates.  If this is a host server your need to turn off all the services you can before you attempt any patch. Exchange Server may not work after a patch if this is not done.  U.S. Department of Homeland Security US-CERT strongly encourages users to install and maintain anti-virus software and exercise caution when handling attachments. Anti-virus software may not be able to scan password protected archive files so users must use discretion when opening archive files and should scan files once extracted from an archive.  Why should I run Windows update?
 

12/13/2004 Monday Symantec - If you have a Norton 2004 - Error: "Your server has unexpectedly terminated the connection . . ." when sending or receiving email in Outlook or Outlook Express. Click Here for more details.

12/02/2004 Wednesday A critical flaw in Microsoft Corp.'s Internet Explorer Web browser could allow a hacker to take control of your computer. MSNBC/Reuters -SEATTLE - A critical flaw in Microsoft Corp.'s Internet Explorer Web browser could allow a hacker to take control of a computer, the world's largest software maker said Wednesday.  Click here for details.

Microsoft, which issued the security bulletin outside of its regular monthly security update cycle, said that the software flaw can be fixed by running "Windows Update", or downloading a software patch at its Web site http://www.microsoft.com/security .  Users who have already installed Windows XP Service Pack 2 are already protected from the software flaw, but other users will have to update their software.
 

11/09/2004 Tuesday University of California, Davis - Anti-virus vendors report a false email is being used to distribute a new virus. The infected email includes a link to an infected Web server. Clicking on the link will exploit an Internet Explorer buffer overflow vulnerability.  Click here for details.  For more information from U.S. Department of Homeland Security - US-CERT Click here

10/12/2004 Tuesday Microsoft Security Bulletin Summary for October, 2004 - Microsoft has released ten new security bulletins. Seven of these bulletins are rated critical, and three are identified as important on Microsoft's severity scale. In addition, the company has re-released the Office XP patches for the the September GDI issue - MS04-028 (another critical update). All told, these security bulletins represent over 30 individual patches and impact a wide range of servers, applications and operating systems. These patches fix security vulnerabilities that could allow a hacker to take control of a computer and execute malicious code, access sensitive information and/or cause denial of service.

Below is a detailed listing of the new Microsoft security bulletins:

MS04-029: Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350) (
Important)
MS04-030: Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service (824151) (
Important)
MS04-031: Vulnerability in NetDDE Could Allow Remote Code Execution (841533) (
Important)
MS04-032: Security Update for Microsoft Windows (840987) (Critical)
MS04-033: Vulnerability in Microsoft Excel Could Allow Remote Code Execution (886836) (Critical)
MS04-034: Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376) (Critical)
MS04-035: Vulnerability in SMTP Could Allow Remote Code Execution (885881) (Critical)
MS04-036: Vulnerability in NNTP Could Allow Remote Code Execution (883935) (Critical)
MS04-037: Vulnerability in Windows Shell Could Allow Remote Code Execution (841356) (Critical)
MS04-038: Cumulative Security Update for Internet Explorer (834707) (Critical)

Additional information about these security bulletins can be found at Microsoft's TechNet web site: http://www.microsoft.com/technet/security/Bulletin/ms04-oct.mspx
 

09/20/2004 Monday Reuters - SAN FRANCISCO - The number of new viruses and worms aimed at Microsoft Corp.'s (MSFT.O: Quote, Profile, Research) ubiquitous Windows operating system rose 400 percent between January and June from the same year-earlier period, leading computer security company Symantec said on Sunday. Click Here for more details

09/17/2004  - Friday U.S. Department of Homeland Security - US-CERT Multiple vulnerabilities in Mozilla products - Several vulnerabilities exist in the Mozilla web browser and derived products, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. Click Here for more details.

09/02/2004 Thursday MSNBC - SEATTLE - Though Microsoft Corp.'s new security update package is all about protecting systems from worms, viruses and spyware, it can't do much about what's already on computers -- and that could pose a problem. The company is warning users of the Windows XP operating system to check for spyware before downloading the free massive security update, called Service Pack 2.  Click here for details.  Microsoft - Check your computer for spyware and other unwanted software. A variety of tools are available from other companies to detect and remove unwanted software from your computer, including Lavasoft Ad-aware. (Note Microsoft is not responsible for the quality, performance, or reliability of third-party tools.) Click here for details.  Internet Partners - here are a couple of programs you may use to check for spyware Ad-Aware, and SpySweeper.

07/26/2004 Monday Symantec - W32.Mydoom.M@mm is a mass-mailing worm that drops and executes a backdoor, detected as Backdoor.Zincite.A, that listens on TCP port 1034. The worm uses its own SMTP engine to send itself to email addresses it finds on the infected computer. The email contains a spoofed From address, and the Subject and Body text will vary. The attachment name will also vary. Click here for details.  Symantec Security Response has developed a removal tool. Click here for details.  McAfee - If you think that you may be infected with Mydoom, and are unsure how to check your system, you may download the Stinger tool to scan your system and remove the virus if present. This is not required for McAfee users as McAfee products are capable of detecting and removing the virus with the latest update. (see the removal instructions below for more information). Click here for details.  Trend Micro - Like earlier variants, this worm spreads via email through SMTP (Simple Mail Transfer Protocol), gathering target recipients from the Windows Address Book, the Temporary Internet Files folder, and certain fixed drives. Click here for details.  MSNBC - A new version of the MyDoom computer virus targeted to attack Internet search engines spread so quickly Monday morning that some Web surfers received error messages when attempting to use Google. Click here for details.

07/02/2004 Friday MSNBC - Microsoft Corp. issued an interim security update Friday to protect users of its nearly ubiquitous Internet Explorer browsers from a new technique for spreading viruses. The update does not entirely fix the flaw that makes the spread possible, but it changes settings in Windows operating systems to disable hackers’ ability to deliver malicious code with it. The security measure came in response to last week’s discovery of a computer virus designed to steal valuable information like passwords. Though its outbreak was mild, security experts said the technique for spreading it was novel and could be used to send spam or launch broad attacks to cripple the Internet. (MSNBC is a Microsoft - NBC joint venture.)  Click here for details.  U.S. Department of Homeland Security - US-CERT - Internet Explorer Update to Disable ADODB.Stream ActiveX Control - A class of vulnerabilities in IE allows malicious script from one domain to execute in a different domain which may also be in a different IE security zone. Attackers typically seek to execute script in the security context of the Local Machine Zone (LMZ). One such vulnerability (VU#713878) is described in US-CERT Technical Alert TA04-163A. Other cross-domain vulnerabilities have similar impacts.  Click here for details.

06/09/2004 Wednesday U.S. Department of Homeland Security - US-CERT Vulnerability Note VU#713878.  Microsoft Internet Explorer does not properly validate source of redirected frame. Overview: Microsoft Internet Explorer (IE) does not adequately validate the security context of a frame that has been redirected by a web server. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary code with the privileges of the user running IE.   Click here for details.
 

06/04/2004  - Friday Infoworld The new worm, known as both "Plexus" and "Explet.A," was first detected on Wednesday and spreads by exploiting Windows machines with vulnerabilities used by two recent worms, Sasser and Blaster, according to alerts. Network Associates Inc.'s McAfee Antivirus Emergency Response Team and Symantec Corp. both said the new worm does not pose a serious threat, but issued software updates on Thursday to detect it. It is also able to spread to other computers on the Internet using shared folders and the copies itself to the shared folder file on the KaZaa peer-to-peer network using a variety of file names, including Shrek_2.exe, playing on the popularity of the recently released animated film. To view the article Click here .  To view information from Trend Micro Click here.  To view information from McAfee Click here .  To view information from Symantec Click here

05/02/2004  - Sunday U.S. Department of Homeland Security - US-CERT has received reports of a new worm, referred to as "W32/Sasser". This worm attempts to take advantage of a buffer overflow vulnerability in the Windows Local Security Authority Service Server (LSASS). The vulnerability allows a remote attacker to execute arbitrary code with SYSTEM privileges. More information on this vulnerability is available in Vulnerability Note VU#753212 and Microsoft Security Bulletin MS04-011Software effected : Microsoft NetMeeting  Microsoft Windows Systems effected : Server 2003 64-Bit Edition - Server 2003 - XP 64-Bit Edition Version 2003 - XP Professional - XP home - 2000 Server - 2000 Professional - NT Server 4.0 Terminal Server Edition - NT Server 4.0 - NT Workstation 4.0  Microsoft Windows Systems NOT effected : 98, 98 Second Edition, or ME (Millennium Edition)  Impact of vulnerability: Remote Code Execution  Maximum Severity Rating: Critical  Recommendation: Customers should apply the updates immediately  Caveats: The security update for Windows NT Server 4.0 Terminal Server Edition Service Pack 6 requires, as a prerequisite, the Windows NT Server 4.0 Terminal Server Edition Security Rollup Package (SRP). To download the SRP, visit the following Web site. You must install the SRP before you install the security update that is provided in this security bulletin. If you are not using Windows NT Server 4.0 Terminal Server Edition Service Pack 6 you do not need to install the SRP.  Symantec Security Response has developed a removal tool to clean the infections of W32.Sasser.Worm. This is the easiest way to remove this threat and should be tried first.  Click here to download the removal tool.  McAfee AVERT Stinger - Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system.  Click here to download the scan removal tool.  For more details about McAfee AVERT Stinger Click here .

NetworkWorld Ellen Messmer 05/10/2004 -Sasser is similar to an earlier worm, Blaster, because users do not need to receive eMail or open a file to be infected. Instead, just having a vulnerable Windows machine connected to the Internet is enough to get stung.  Here's how it works: 

1.  An infected Windows XP or 2000 machine spawns 128 tread processes that scan random IP addresses for exploitable systems that have not been patched.

2.  Once an exploitable system is found, the worm creates a script, and executes it.  This scripts instructs the system to download, and run the worm form the system that just infected it.  This is done via FTP on TCP Port 5554.

3.  The newly infected system spawns 128 tread processes that scan random IP addresses for exploitable systems that have not been patched.  As the number of infected system systems grow the amount of traffic generated by all of these tread processes can slow, and disrupt traffic on the Internet.

 

04/13/2004  - Tuesday MSNBC Microsoft warns of 3 'critical' flaws in Windows Microsoft Corp., the world’s largest software maker, warned Tuesday that three "critical"-rated flaws in the Windows operating system and other programs could allow hackers to sneak into personal computers and snoop on sensitive data.   Click Here for more information.  InfoWorld Microsoft issues flood of critical patches - Microsoft Corp. on Tuesday released a flood of information on new and previously disclosed holes in a wide range of software products, many of them rated "critical" and well-suited to use by malicious hackers or computer virus writers, according to one security expert.  Click Here for more information.  eEye® Digital Security Discovers Six New Security Flaws in Microsoft Windows®  eEye® Digital Security, a leading developer of network security software solutions, today announced the discovery of six new vulnerabilities related to Microsoft (NASDAQ: MSFT) Windows®. The critical discoveries include dangerous flaws in Windows Remote Procedure Call (RPC), Local Security Authority Subsystem Service (LSASS), and in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats. These critical security flaws affect unpatched Windows NT, 2000, XP and Windows Server 2003 machines. eEye’s research team discovered two of the most critical vulnerabilities as early as September 2003. The patch for these vulnerabilities released today comes more than 200 days after eEye’s discovery.  Click Here for more information. 

03/19/200 to 04/13/2004  - Symantec at vast number of eMail viruses, and worms.  Please review the Symantec website form more information.  Click Here

03/26/2004  - Friday Symantec W32.Beagle.U@mm worm The W32.Beagle.U@mm is a variant of W32.Beagle.T@mm. The worm sends itself as an email with a blank subject and body and a randomly named attachment. It also opens a backdoor on TCP port 4751.The attachment name is a random string of letters with an .exe extension. Click Here for more information.  McAfee AVERT Stinger - Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system.  Click here to download the scan removal tool.  For more details about McAfee AVERT Stinger Click here .

03/19/2004 Friday - MSNBC Four new Bagle worms added to Internet soup The viruses attempt to use an ActiveX vulnerability, discovered in August, to automatically upload and run a program on the victim's computer, without needing the user to run a file. The viruses pose a threat to Windows users who have not updated their operating system since the patch came out in August.  The four new variants of the virus, which Symantec calls "Beagle," add to the slew of slightly modified programs attempting to infect Internet users. Virus writers have used the Bagle, NetSky and MyDoom worms to attempt to gain control of large numbers of PCs. Comments in some of the programs have led researcher to believe that the authors of at least two of the worms are competing against each other.  Click Here for the article.  McAfee AVERT Stinger - Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system.  Click here to download the scan removal tool.  For more details about McAfee AVERT Stinger Click here .

03/03/2004 Wednesday - MSNBC - Net virus outbreak keeps getting worse -  The flu season may be over, but computers are continuing to catch infections at a furious rate. There are currently 20 variations of the Mydoom, Netsky and Bagle viruses circulating around the Internet, an outbreak of a size and scale rarely seen, antivirus experts say. Inboxes around the world are teeming with cryptic notes that have simple messages like "Here is the file," or "I want a reply."   Click Here for the article.  McAfee AVERT Stinger - Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system.  Click here to download the scan removal tool.  For more details about McAfee AVERT Stinger Click here .

03/01/2004 Monday - Symantec W32.Netsky.D@mm is a mass-mailing worm that is a variant of W32.Netsky.C@mm. The worm scans drives C through Z for email addresses and sends itself to those that are found. Due to an increased rate of submissions, Symantec Security Response has upgraded W32.Netsky.D@mm from a Category 3 to a Category 4.  Click Here for more details.  Symantec Security Response has developed a removal tool to clean infections of the following Netsky variants: W32.Netsky.B@mm - W32.Netsky.C@mm - W32.Netsky.D@mm - W32.Netsky.E@mm Click Here to download removal tool.  McAfee AVERT Stinger - Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system.  Click here to download the scan removal tool.  For more details about McAfee AVERT Stinger Click here .

02/28/2004 Saturday - Symantec W32.Beagle.E@mm is a mass-mailing worm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email. It can also send the port on which the backdoor listens, as well as a randomized ID number, to the attacker.  Click Here for more details.  Symantec Security Response has developed a removal tool to clean infections of the following Beagle variants: W32.Beagle.A@mm - W32.Beagle.B@mm - W32.Beagle.C@mm - W32.Beagle.E@mm  Click Here to download removal tool.  McAfee AVERT Stinger - Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system.  Click here to download the scan removal tool.  For more details about McAfee AVERT Stinger Click here .

02/24/2004 Tuesday - Symantec W32.Netsky.C is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning hard drives and mapped drives. This worm also searches drives C through Y for the folder names containing "Shar" and then copies itself to those folders.  Click Here for details.   Symantec Security Response has developed a removal tool to clean infections of the following Netsky variants: W32.Netsky.B@mm - W32.Netsky.C@mm - W32.Netsky.D@mm - W32.Netsky.E@mm Click Here to download removal tool.  McAfee AVERT Stinger - Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system.  Click here to download the scan removal tool.  For more details about McAfee AVERT Stinger Click here .  


02/10/2004 Tuesday - Microsoft - Severity Level Critical - released a critical software update to patch a security hole in a common Windows component that could allow malicious hackers to place and run their own code on machines running the Windows operating system.  Click Here for more details.  Department of Homeland Security - National Cyber Alert System Click Here for details.   Infoworld - New Microsoft security hole stretches wide -  The security hole, in a Windows component called the ASN.1 library, affects a wide range of Windows features and software, from file sharing between Windows machines, to software applications that use digital certificates, said Microsoft and eEye Digital Security Inc., which discovered the problem.  "This is one of the most serious Microsoft vulnerabilities ever released," said Marc Maiffret of eEye Digital Security Inc. of Aliso Viejo, Calif., which discovered the new Windows flaws. "The breadth of systems affected is probably the largest ever. This is something that will let you get into Internet servers, internal networks, pretty much any system."   Click Here for the article.

01/26/2004 Monday - Symantec W32.Novarg.A@mm is a mass-mailing worm. The worm will arrive as an attachment with a file extension of .bat, .cmd, .exe, .pif, .scr, or .zip. The worm also contains functionality to perform as a proxy server. It listens on all TCP ports in the range 3127-3198. The worm will perform a DoS starting on February 1, 2004. On February 12, 2004 the worm has a trigger date to stop spreading.  Click here for more details.  InfoWorld New e-mail worm breaks infection records - Infected e-mail messages carrying the Mydoom virus, also known as "Shimgapi" and "Novarg," have been intercepted from over 142 countries and now account for one in every 12 e-mail messages, according to Mark Sunner, chief technology officer at e-mail security company MessageLabs Ltd.  Click here for more details.  Reuters - MyDoom knocks down SCO Web site, Microsoft braced. Click Here for more details.  Removal Tool from Symantec Click Here to download the removal tool.

 

©2000-2006 Internet Partners, Inc.
1800 NW 167th Place Suite 160 - Beaverton, Oregon 97006-8132
+1 503 690 2700    FAX +1 503 690 9700