Malicious program aims for Pocket PCs - News - ZDNet:
"A malicious Trojan horse program has emerged for Pocket PCs, antivirus companies said Thursday, but they characterized the threat as relatively low.
The program, known alternately as Backdoor.Bardor.A and WinCE.Brador.a, lets an attacker gain full control of the handheld and is the first such 'backdoor Trojan' program to emerge for Pocket PCs. However, such backdoor programs are not capable of propagating on their own and instead must be sent as e-mail attachments or through similar means, making them less dangerous.
Symantec rated the bug a '1,' the lowest on its five-point scale. In a statement, the company offered the standard warning not to open or execute files from unknown sources.… "
Last month, researchers identified the first Windows CE virus, which researchers said was mostly a "proof-of-concept" bug, or one designed to demonstrate its own feasibility.
"We were certain that a viable malicious program for PDAs would appear soon after the first proof-of-concept viruses emerged for mobile phones and Windows Mobile," Eugene Kaspersky, head of Anti-Virus Research at Kaspersky Labs, said in a statement. "WinCE.Brador.a is a full-scale malicious program ready to go: unlike proof-of-concept malware (malicious software), Brador has a complete set of destructive functions typical for back doors.…"
http://zdnet.com.com/2100-1105_2-5298781.html?tag=adnews
Friday, August 06, 2004
Flaws in Graphics Library Could Bring Attacks
Flaws in Graphics Library Could Bring Attacks:
"A researcher performing a source-code audit on a popular graphics library has found multiple security vulnerabilities in it that could be used to crash programs or execute attack code.
The PNG library (libpng) is a collection of graphics routines to manipulate PNG (portable network graphics) files. PNG (Portable Networks Graphic) is a graphics format that was designed many years ago as an alternative to the still more popular GIF format. "
…full story
http://www.extremetech.com/article2/0,1558,1632761,00.asp
"A researcher performing a source-code audit on a popular graphics library has found multiple security vulnerabilities in it that could be used to crash programs or execute attack code.
The PNG library (libpng) is a collection of graphics routines to manipulate PNG (portable network graphics) files. PNG (Portable Networks Graphic) is a graphics format that was designed many years ago as an alternative to the still more popular GIF format. "
…full story
http://www.extremetech.com/article2/0,1558,1632761,00.asp
Mozilla, Opera Plug Security Holes
Mozilla, Opera Plug Security Holes:
"The Mozilla Foundation and Opera Software ASA have released updates to their Web browsers to fix a series of security vulnerabilities.
Mozilla on Wednesday posted new versions of its Firefox browser, Thunderbird e-mail client and Mozilla suite that provide fixes to three issues. They include a newly reported critical vulnerability affecting multiple vendors' software that uses the library for the Portable Networks Graphic (PNG) image format. "
The other two issues, as previously reported, were related to the handling of security certificates in the Mozilla browsers that, among other things, could allow an attacker to lull users into a false sense of security on a site. …full story
http://www.extremetech.com/article2/0,1558,1632752,00.asp
"The Mozilla Foundation and Opera Software ASA have released updates to their Web browsers to fix a series of security vulnerabilities.
Mozilla on Wednesday posted new versions of its Firefox browser, Thunderbird e-mail client and Mozilla suite that provide fixes to three issues. They include a newly reported critical vulnerability affecting multiple vendors' software that uses the library for the Portable Networks Graphic (PNG) image format. "
The other two issues, as previously reported, were related to the handling of security certificates in the Mozilla browsers that, among other things, could allow an attacker to lull users into a false sense of security on a site. …full story
http://www.extremetech.com/article2/0,1558,1632752,00.asp
Wednesday, August 04, 2004
New MyDoom Variant Uses Yahoo People Search
New MyDoom Variant Uses Yahoo People Search:
Another new version of MyDoom is worming its way through the Internet, and this variant—like the last one—uses Yahoo as part of its infection routine.
MyDoom.P is similar to most of the other MyDoom variants in that it arrives via e-mail, with a spoofed sending address and a subject line designed to make it look like the message is related to one that the recipient sent. Among the subject lines in the e-mails are "SN: New secure mail," "Secure delivery," "Re: Extended mail," "Delivery Status (Secure)," "Re: Server Reply" and "SN: Server Status."
The body of the e-mail contains any of a number of sentences, some of which refer to the included Zip file. Many of the messages reference security or refer to the attached file as a "secure Zip file."
Once opened, the executable file copies itself to the Windows system directory as "winlibs.exe." The executable contains a list of dozens of common first and surnames that it puts through Yahoo's People Search in an attempt to find more e-mail addresses to mail itself to, according to a preliminary analysis of the worm done by the staff of the Internet Storm Center at The SANS Institute in Bethesda, Md.…
http://www.eweek.com/article2/0,1759,1630965,00.asp?kc=ewnws080404dtx1k0000599
Another new version of MyDoom is worming its way through the Internet, and this variant—like the last one—uses Yahoo as part of its infection routine.
MyDoom.P is similar to most of the other MyDoom variants in that it arrives via e-mail, with a spoofed sending address and a subject line designed to make it look like the message is related to one that the recipient sent. Among the subject lines in the e-mails are "SN: New secure mail," "Secure delivery," "Re: Extended mail," "Delivery Status (Secure)," "Re: Server Reply" and "SN: Server Status."
The body of the e-mail contains any of a number of sentences, some of which refer to the included Zip file. Many of the messages reference security or refer to the attached file as a "secure Zip file."
Once opened, the executable file copies itself to the Windows system directory as "winlibs.exe." The executable contains a list of dozens of common first and surnames that it puts through Yahoo's People Search in an attempt to find more e-mail addresses to mail itself to, according to a preliminary analysis of the worm done by the staff of the Internet Storm Center at The SANS Institute in Bethesda, Md.…
http://www.eweek.com/article2/0,1759,1630965,00.asp?kc=ewnws080404dtx1k0000599
Free .NET and Native Windows Dev Tools
Free .NET and Native Windows Dev Tools:
"Everyone likes having something for free, and Microsoft has some software development tools that you can have for nothing more than the cost of the download."
VC++ Toolkit
http://www.microsoft.com/downloads/details.aspx?FamilyID=272be09d-40bb-49fd-9cb0-4bfa122fa91b&displaylang=en
.NET SDK
http://www.microsoft.com/downloads/details.aspx?FamilyId=9B3A2CA6-3647-4070-9F41-A333C6B9181D&displaylang=en
Platform SDK
http://www.microsoft.com/msdownload/platformsdk/sdkupdate/
May Community edition of Visual Studio .NET 2005
http://lab.msdn.microsoft.com/vs2005/get/default.aspx
Express version of Visual C++
http://lab.msdn.microsoft.com/express/visualc/default.aspx
http://www.ddj.com/documents/s=9204/ddj040801dnn/
"Everyone likes having something for free, and Microsoft has some software development tools that you can have for nothing more than the cost of the download."
VC++ Toolkit
http://www.microsoft.com/downloads/details.aspx?FamilyID=272be09d-40bb-49fd-9cb0-4bfa122fa91b&displaylang=en
.NET SDK
http://www.microsoft.com/downloads/details.aspx?FamilyId=9B3A2CA6-3647-4070-9F41-A333C6B9181D&displaylang=en
Platform SDK
http://www.microsoft.com/msdownload/platformsdk/sdkupdate/
May Community edition of Visual Studio .NET 2005
http://lab.msdn.microsoft.com/vs2005/get/default.aspx
Express version of Visual C++
http://lab.msdn.microsoft.com/express/visualc/default.aspx
http://www.ddj.com/documents/s=9204/ddj040801dnn/
Tuesday, August 03, 2004
Build Your Own ASP.NET Website Using C# and VB.NET. Pt. 4. - WebReference.com-
Build Your Own ASP.NET Website Using C# and VB.NET. Pt. 4. - WebReference.com-:
"Web Forms and Web Controls"
At the heart of ASP.NET is its ability to create dynamic form content. Whether you’re creating a complex shopping cart application, or a simple page to collect user information and send the results out via email, Web Forms have a solution. They allow you to use HTML controls and Web controls to create dynamic pages with which users can interact. In this chapter, you will learn how Web Forms, HTML controls, and Web controls, in conjunction with VB.NET and C# code, should change the way you look at, and develop for, the Web.
http://www.webreference.com/programming/asp_net4/
"Web Forms and Web Controls"
At the heart of ASP.NET is its ability to create dynamic form content. Whether you’re creating a complex shopping cart application, or a simple page to collect user information and send the results out via email, Web Forms have a solution. They allow you to use HTML controls and Web controls to create dynamic pages with which users can interact. In this chapter, you will learn how Web Forms, HTML controls, and Web controls, in conjunction with VB.NET and C# code, should change the way you look at, and develop for, the Web.
http://www.webreference.com/programming/asp_net4/
Sasser (A-F) Worm Removal Tool (KB841720)
Download details: Sasser (A-F) Worm Removal Tool (KB841720):
"This tool will help to remove the Sasser (A-F) worm from infected systems.… it automatically checks for infection and removes any of the targeted worms that are found."
After running, the tool displays a message describing the outcome of the detection and removal process. The tool can be safely deleted after it has run. Also, the tool creates a log file named sasscln.log in the %WINDIR%\debug folder.…
http://www.microsoft.com/downloads/details.aspx?FamilyId=76C6DE7E-1B6B-4FC3-90D4-9FA42D14CC17&displaylang=en
"This tool will help to remove the Sasser (A-F) worm from infected systems.… it automatically checks for infection and removes any of the targeted worms that are found."
After running, the tool displays a message describing the outcome of the detection and removal process. The tool can be safely deleted after it has run. Also, the tool creates a log file named sasscln.log in the %WINDIR%\debug folder.…
http://www.microsoft.com/downloads/details.aspx?FamilyId=76C6DE7E-1B6B-4FC3-90D4-9FA42D14CC17&displaylang=en
What You Should Know About the Mydoom and Doomjuice Worms
What You Should Know About the Mydoom and Doomjuice Worms:
"The Mydoom worm leaves a program, known as a back door, that could potentially allow an attacker to gain access to infected computers. Several variants of the worm are currently circulating, and malicious programs related to Mydoom have been released under the names Doomjuice and Zindos. Microsoft urges you to take action to remove these worms and help keep your computer safe from malicious intrusions."
Download and install the tool from the Download Center.
http://www.microsoft.com/downloads/details.aspx?familyid=c14bfbe4-3d50-464d-a26c-9c287f8a08c5&displaylang
http://www.microsoft.com/security/incident/mydoom.mspx
"The Mydoom worm leaves a program, known as a back door, that could potentially allow an attacker to gain access to infected computers. Several variants of the worm are currently circulating, and malicious programs related to Mydoom have been released under the names Doomjuice and Zindos. Microsoft urges you to take action to remove these worms and help keep your computer safe from malicious intrusions."
Download and install the tool from the Download Center.
http://www.microsoft.com/downloads/details.aspx?familyid=c14bfbe4-3d50-464d-a26c-9c287f8a08c5&displaylang
http://www.microsoft.com/security/incident/mydoom.mspx
Monday, August 02, 2004
The Search Engine Report - Number 93
Threats to Windows, IIS, and Outlook Express
Threats to Windows, IIS, and Outlook Express:
"Get the details on Microsoft Security Bulletins MS04-018, MS04-019, MS04-020, MS04-021, MS04-024. "
MS04-018, “Cumulative Security Update for Outlook Express,” is caused by a failure of Outlook express to properly handle some specifically malformed e-mail headers. This is a DoS threat and Microsoft reports having seen published exploits but hasn't received any reports from customers that have been compromised by the exploit. This threat is covered by CAN-2004-0215
MS04-019, “Vulnerability in Utility Manager Could Allow Code Execution,” is a local elevation of privilege threat that can’t be exploited remotely. MSBA will report if your system needs this update and Systems Management Server (SMS) can help deploy it.
MS04-020, “Vulnerability in POSIX Could Allow Code Execution,” is an unchecked buffer vulnerability in the Portable Operating System Interface for UNIX. MSBA will report if your system needs this update and SMS can help deploy it. This threat is covered by CAN-2004-0210.
MS04-021, “Security Update for IIS 4.0,” is a buffer overrun vulnerability in the redirect function that can allow remote execution. MSBA will report if your system needs this update and SMS can help deploy it. This threat is covered by CAN-2004-0205.
MS04-024, “Vulnerability in Windows Shell Could Allow Remote Code Execution,” replaces MS03-027 for Windows XP (but not for the other affected operating systems). This threat is covered by CAN-2004-0420.
…
http://www.microsoft.com/technet/security/bulletin/ms04-018.mspx
http://www.microsoft.com/technet/security/bulletin/ms04-019.mspx
http://www.microsoft.com/technet/security/bulletin/ms04-020.mspx
http://www.microsoft.com/technet/security/bulletin/ms04-024.mspx
http://www.microsoft.com/technet/security/bulletin/ms04-027.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0215
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0210
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0205
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0420
http://techrepublic.com.com/5102-6264-5284223.html
"Get the details on Microsoft Security Bulletins MS04-018, MS04-019, MS04-020, MS04-021, MS04-024. "
MS04-018, “Cumulative Security Update for Outlook Express,” is caused by a failure of Outlook express to properly handle some specifically malformed e-mail headers. This is a DoS threat and Microsoft reports having seen published exploits but hasn't received any reports from customers that have been compromised by the exploit. This threat is covered by CAN-2004-0215
MS04-019, “Vulnerability in Utility Manager Could Allow Code Execution,” is a local elevation of privilege threat that can’t be exploited remotely. MSBA will report if your system needs this update and Systems Management Server (SMS) can help deploy it.
MS04-020, “Vulnerability in POSIX Could Allow Code Execution,” is an unchecked buffer vulnerability in the Portable Operating System Interface for UNIX. MSBA will report if your system needs this update and SMS can help deploy it. This threat is covered by CAN-2004-0210.
MS04-021, “Security Update for IIS 4.0,” is a buffer overrun vulnerability in the redirect function that can allow remote execution. MSBA will report if your system needs this update and SMS can help deploy it. This threat is covered by CAN-2004-0205.
MS04-024, “Vulnerability in Windows Shell Could Allow Remote Code Execution,” replaces MS03-027 for Windows XP (but not for the other affected operating systems). This threat is covered by CAN-2004-0420.
…
http://www.microsoft.com/technet/security/bulletin/ms04-018.mspx
http://www.microsoft.com/technet/security/bulletin/ms04-019.mspx
http://www.microsoft.com/technet/security/bulletin/ms04-020.mspx
http://www.microsoft.com/technet/security/bulletin/ms04-024.mspx
http://www.microsoft.com/technet/security/bulletin/ms04-027.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0215
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0210
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0205
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0420
http://techrepublic.com.com/5102-6264-5284223.html
Subscribe to:
Posts (Atom)
Posts
