    
|
||||||||||||||||||||||||
|
||||||||||||||||||||||||
|
||||||||||||||||||||||||
|
||||||||||||||||||||||||
Network Security
Welcome to our security bulletin for February 2003;
6th February 2003 Sophos antivirus report Men questioned in UK and USA regarding internet worm Officers of the National Hi-Tech Crime Unit (NHTCU) are interviewing two UK men, in connection with an internet computer worm. http://www.sophos.com/virusinfo/articles/tkworm.html
5th February 2003:Sophos antivirus discover Trojan Manifest-A. Sophos have only had one report of this virus in the wild. Aliases: ManifestDest trojan, W32.Manifest.Trojan http://www.sophos.com/virusinfo/analyses/trojmanifesta.html
5th February 2003: Symantec antivirus corp discover VBS.Waterworks.Worm Symantec describes the worm as low risk with medium distribution but CCS advises that it does carry a data loss payload. http://www.norton.com
5th February 2003: Symantec antivirus corp discover W97M.Hopel.A It is a word macro virus that Symantec describe as low risk with low distribution. http://www.norton.com
19th February 2003: The FBI's computer Incident Response Centre http://www.fedcirc.gov/ alert us to multiple vunerabilities in Oracle in http://www2.fedcirc.gov/advisories/FA-2003-05.html the vunerabilites were discovered by Next Generation Security Software Ltd. http://www.nextgenss.com/
20th February 2003: Schoolgirl turns tables on email credit card fraudster John Leyden expands on a report printed by The Nottingham Evening Post at http://www.theregister.co.uk. We think this is an excellent demonstration of the kind of threats effecting everyday computer users. The whole article is avilable at http://www.theregister.co.uk/content/55/29403.html
20th February 2003: McAfee AVERT Labs would like to inform you of an email HOAX. The !0000 Hoax is mainly circulating in the Netherlands. The english version has a subject "Neat trick" and suggests that you forward the email to "everyone in your address book" Don't forward it - just delete it!
19th February 2003: McAfee publish information about DoS-iFrameNet and W32/Lovgate.worm. They describe them both as low risk. However Symantec antivirus corp refer to the latter as W32.HLLW.Lovgate@mm and claim this has reached a high distribution. Symantec publish extensive information about Lovegate at http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html
Mcafee also draw our attention to “Train joke" which is neither a virus nor a trojan. They describe it as a potentially unwanted application. More info at: http://vil.nai.com/vil/content/v_100073.htm
17th February 2003: UK online, a DTI-led partnership between Government and industry, which promotes the use of e-commerce in the UK has launched a security section on its Web site, designed to help small business keep abreast of the latest Internet threats and how to combat them http://www.ukonlineforbusiness.gov.uk/cms/template/infor-security.jsp?id=212908
17th February 2003: McAfee discover IRC-Yoink and W32/Gant@MM. They describe them both as low risk. http://vil.nai.com/vil/content/v_100069.htm http://vil.nai.com/vil/content/v_100067.htm
14th February 2003: Symantec antivirus corp publish information about Backdoor.SilverFTP: A backdoor Trojan that gives an attacker unauthorized access to your computer. The trojan has a low distribution and easy threat containment. http://www.norton.com/
14th February 2003: Symantec antivirus corp publish information about Backdoor.SilverFTP: A backdoor Trojan that gives an attacker unauthorized access to your computer. The trojan has a low distribution and easy threat containment. http://www.norton.com/
The x-force advisories for the 10th to 17th February are are available here: http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21930
12th February 2003: Apparently published by Microsoft® on 5th February Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) Effects Microsoft® Windows® XP but systems that are not shared between users would not be at risk.
Furthermore MS say:
Impact of vulnerability: Local elevation of privileges
Maximum Severity Rating: Important
Recommendation: Customers should consider applying the patch.
11th February 2003: Symantec antivirus corp discover W32.HLLW.Oror.D@mm Symantec describes the worm as as a mass mailer with significantly damaging features. Symantec also say that "threat containment" is "easy". It attempts to spread through email, mIRC, KaZaA, network shares, and mapped drives. It also attempts to terminate and remove various security products from the infected computer. More information can be found at http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.oror.d@mm.html
6th February 2003: McAfee discover W32.HLLW.Discoball.worm. They describe it as low risk. http://www.nai.com
17th February 2003: UK online, a DTI-led partnership between Government and industry, which promotes the use of e-commerce in the UK has launched a security section on its Web site, designed to help small business keep abreast of the latest Internet threats and how to combat them http://www.ukonlineforbusiness.gov.uk/cms/template/infor-security.jsp?id=212908
12th February 2003: Apparently published by Microsoft® on 5th February Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) Effects Microsoft® Windows® XP but systems that are not shared between users would not be at risk.
Old security bulletins are stored in our archive
If you have a security issue or are looking for Internet security services, contact us to see what we can do for you.
