<< Small Biz Server news of the week Jan 31>>

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Susan Bradley (sbradcpa_at_pacbell.net)
Date: 01/31/05

Date: Mon, 31 Jan 2022 00:31:53 -0800

Blogs of interest

Sam the SBS2003 Spammer

You want to be a consultant

Servers and tools leading the campaign?

Check out Robert Hensing's series on Intrusions

Scriptomatic 2.0


In other news

How can you NOT notice?
Jabber.Org r00t discovered, Vulnerabilities affect Koffice, Kdegraphics,
xpdf viewer, Gpdf, Cups, and Tetex
Jabber hades server 0wned

"The machine (hades.jabber.org) was cracked approximately one year ago
by means of an automated rootkit." "Developers who use JabberStudio for
their projects MUST follow the instructions posted
athttp://www.jabberstudio.org/ in order to validate their code. Only
validated code will be restored to JabberStudio!"

The House Commerce Committee has fast-tracked HR29, Representative Mary
Bono's (R-California) Spy Act, and members hope to have it out of
committee within two or three weeks. The bill is expected to easily pass
the House, since a previous version passed by a vote of 399-1. The bill
would prohibit spyware distributors from using programs that hijack web
browser homepages, log a user's keystrokes, or collect personal
information without user consent. The bill would also require spyware to
be easily identifiable and removable and would authorize the Federal
Trade Commission (FTC) to levy fines up to $3 million per violation.
Committee chair Joe Barton (R-Texas) says the bill's lower number (it
was previously HR2929) shows the higher priority lawmakers will give the
bill in this session of Congress. Some critics have expressed concern
that the bill may define spyware too broadly, while Ari Schwartz of the
Center for Democracy and Technology argues that the FTC must be given
more powers to make the measure effective. Some have called for criminal
penalties for spyware, but that requires approval from the House
Judiciary Committee.

A new version of the Forbot worm, targeting MySQL installations on
Windows servers, has begun spreading in the wild and has infected
thousands of machines, according to Joe Stewart of security company
LURHQ. The worm was first detected Wednesday, January 26, 2005, after
some Australian web developers reported finding a process called
'spoolcll.exe' on their machines attempting to access an IRC (Internet
Relay Chat) channel in Sweden. Johannes Ullrich of the SANS Internet
Storm Center reports a spike in scans on MySQL port 3306, a port
associated with Forbot infections. So far, 8,000 systems have connected
to the IRC channel. Forbot infects MySQL databases through administrator
accounts with weak or nonexistent passwords. Forbot then uses the MySQL
UDF (user Definable Functions) Dynamic Library Exploit to install
malicious code. Antivirus firm Prevx says the malware author may be
gathering machines for a distributed denial of service attack.

Also - http://www.zdnet.com.au/news/security/0,2000061744,39178706,00.ht...
Though identity theft using the Internet is a hot security issue, the
majority of financial loss as a result of fraud is perpetrated offline,
according to a new study by the Better Business Bureau. The study found
that the average case of fraud over the Internet cost $551, while fraud
through paper statements averaged at $4,543. The study concluded that
Internet fraud was not as costly or widespread as thought, and said the
total amount of money lost to identity fraud in 2004 was the same or
less than in 2003, at $52.6 billion from 9.3 million victims. James Van
Dyke, founder of Javelin, who assisted in the study, said the numbers
show that fears about online identity fraud may be out of proportion to
the relative risk.

Microsoft's patch cycle has spawned an attempt to exploit the process to
trick users into downloading and installing a Trojan program. The
e-mails, which claim to be Microsoft security notifications, have the
subject “MS Windows/Critical Error,” and contain numerous spelling and
grammar errors. The executable file attached, Windowsupdate.rar, is not
listed in Symantec’s virus database. Debby Fry Wilson, director of
Microsoft’s security response center, says Microsoft is aware of the
threat, but that there is no malicious payload associated with the
attachment and it has caused no customer problems.


Anti-virus firm PandaLabs says it has discovered a new worm,
W32/Cisum.A, that displays the messge "YOU ARE AN IDIOT," and plays an
MP3 with the same phrase. The Cisum worm also shuts down security
measures such as firewalls and anti-virus programs, as well as instances
of the Netsky and Bagle worms. Cisum spreads across networks by copying
a file to the root directory of local and mapped network drives, which
PandaLabs credits for the worm’s limited spread. Cisum affects Windows
2003, XP, 2000, NT, ME, 98, and 95, and PandaLabs recommends that users
update their anti-virus software.


Relevant Pages

  • << Small Biz Server news of the week Jan 31>>
    ... A new version of the Forbot worm, ... Johannes Ullrich of the SANS Internet ... Though identity theft using the Internet is a hot security issue, ... majority of financial loss as a result of fraud is perpetrated offline, ...
  • << Small Biz Server news of the week Jan 31>>
    ... A new version of the Forbot worm, ... Johannes Ullrich of the SANS Internet ... Though identity theft using the Internet is a hot security issue, ... majority of financial loss as a result of fraud is perpetrated offline, ...
  • Re: H.D. content visible on web
    ... This Bugbear worm, the Klez thing and many other known types of infections ... are still running wild out here on the Internet. ... that has the MS O/S to the public Internet. ... those statements say a whole lot to me about the security issues ...
  • RE: Online Fraud Protection
    ... Online fraud detection and prevention is not the same as information ... standard IS security measures. ... Download FREE whitepaper on how a managed service ... Download FREE whitepaper on how a managed service can ...
  • Financial scams come in all forms
    ... Last week's column on sweepstakes fraud targeting the elderly ... Internet money scams clutter up your computer e-mail. ...