Windows Tune-Up Send an Email and schedule an appointment Windows Tune-Up

May 5th, 2008  last updated.

Microsoft issues patch for WMF vulnerability

TODAY'S TOP STORY
Microsoft recently released seven security bulletins as part of its monthly update, including a "critical" patch for a Windows Meta File (WMF) vulnerability in Internet Explorer. Five of the other bulletins were rated "important." If your organization relies on Windows, what steps have you taken to protect your systems from these vulnerabilities?

Related resources

• Microsoft warns of new Windows security issues
• Download: Master patch management of Windows systems with these best practices
• St. Bernard Software white paper: Manage Patches Remotely -- With or Without a Client Agent

Microsoft releases security bulletin early to patch critical IE flaw

News: The Chaotic World of Defining Spyware
Anti-spyware vendors each use different criteria for classifying spyware applications, leading to chaos, confusion and a drastic increase in legal threats. Take a closer look.

Spyware
 

SECURITY WATCH:

A Dangerous Mobile Phone Virus Calls In

The threats keep coming for Nokia phones. McAfee users need to be alert, too.
Plus: How to scan a file with 17 different antivirus programs

Virus Alert: Worms set Trojan horse trap

Virus Name: Win32.Kelvir.a, Win32.Serflog.a (aka Sumom)
Rank: Medium to high risk
Type: e-mail worms
What it does: Worm drops multiple copies of itself, regenerates on IM startup
Means of transmission: Win32.Kelvir.a spreads via a URL inserted in an Instant Message, modifies IM software registry entries and forwards itself to all IM contacts. Win32.Serflog.a presents itself as an IM attachment and copies itself into folders shared by peer-to-peer e-mail clients.
How to recognize: Win32.Kelvir.a presents itself in an IM that reads "omg this is funny." Win32.Serflog.a affects MSN Messenger users and includes the message "???? Omg click this."
Who is at risk: MSN Messenger users
Virus brief
Antivirus companies on Tuesday flagged a new worm targeting MSN Messenger and a variation of an existing threat. Security researchers discovered the appearance of Win32.Kelvir.a, a new twist on the previously identified Kelvir threat. Researchers also identified a new worm in the wild; caked Win32.Serflog.a or Sumom. Both worms are rated medium-to-high risks.

For details see Worms on the prowl, traveling via MSN Messenger.

Ready or Not, Here SP2 Comes

In a few weeks, Microsoft is going to start pushing SP2 to XP systems
with Automatic Update enabled whether you want it or not, so it's time
to get serious about checking about compatibility. And, anyone who tells
you that there are no serious compatibility problems is full of it.
http://ct.eletters.thechannelinsider.com/rd/cts?d=182-124-2-21-95403-10839-0-0-0-1

Virus Alert: Sober.j launches attack

Name: Sober.j (w32.sober.j@mm, alias sober.i)
Rank: 6 (out of 10) on CNET virus meter
Type: Trojan horse, worm
Impact of vulnerability: Sends e-mail and attempts to download files remotely
How it works: E-mail contains an exe or zip file attachment
Who is at risk: Windows users

Virus brief
The worm Sober.j is an e-mail virus spreading rapidly, mostly in Europe, that attempts to install a backdoor Trojan horse. Sober.j (w32.sober.j@mm.com, also known as Sober.i) arrives as an e-mail from someone you might know. The attached file is either an exe or zip-compressed file. The e-mail has various subject lines and body texts, so it's best to simply avoid opening attached files unless you are certain of its content. Sober.j does not affect users of Mac OS, Linux, or any other operating systems. Because Sober.j spreads via e-mail, this worm rates a 6 on the CNET/ZDNet Virus Meter. For details see Sober.j prevention and cure.

Get additional resources on viruses

• Stay Ahead of the Next Virus
• Reduce IT Risk with Intelligent Security Patch Management
• Bagle.az prevention and cure
• MyDoom seeks to destroy antivirus firms
• Bacros reminds us to remember virus trigger dates
• Virus Threat Center
• Windows XP SP2 Spotlight

Security downloads, books, and CDs

• Windows XP Security Management
• A Practical Guide to Virus Defense
• Article compilation: You've been hacked
• Network Administrator's Hacks Pack
• Intrusion Detection System checklist
• A firewall checklist
• How secure is your Windows XP network?
• IT Security Survival Guide, Second Edition

Viruses exploit Microsoft patch cycle

TODAY'S TOP STORY
Security experts suspect that the creators of the latest MyDoom variant may have timed the release of the viruses to throw Microsoft's monthly patch cycle into disarray. The two variants of the MyDoom virus were released earlier this week, leaving Microsoft without any option but to ignore the problem for now. Share your opinion on this topic. (On the go? Print this news story.)

Related resources

• Nasty IFRAME flaw in Internet Explorer rated "extremely critical"
• Downloadable chart: The anatomy of a virus
• Audiocast: Staying Ahead of the Next Virus
• Webcast: Reduce IT Risk with Intelligent Security Patch Management

Virus Alert: Copycat Netsky variant linked to South Korea

Name: W32.Netsky.AE@mm
Risk: High potential for distribution and damage
Type: Trojan horse, worm
Impact of vulnerability: Mass-mailing worm sends itself to addresses on infected computer
Who is at risk: Users running Windows 2000, Windows 95, Windows 98, Windows NT, Windows Server 2003, Windows XP

Virus brief:
W32.Netsky.AE@mm is believed to be a copycat Netsky virus distributed through e-mail attachments. This version of the worm is similar to earlier variants. W32.Netsky.AE@mm uses its own SMTP engine to send mass mailings to addresses on infected PCs. The subject line of e-mail is "Mail Delivery failure - %address@domain.com%" The attachment is named "message txt (random spaces) mcafee.com" Researchers believe this latest threat originated in South Korea. Read the details.

Top twenty virus list for September

 The Virus Threat Center highlights Kaspersky Labs' list of the top twenty viruses for the month of September.

Find out which viruses--and their variants--are high on the list.

• For more, visit Infrastructure Management at TechRepublic.com.

News: New Worm Attacks MSN Messenger As Service Falters
Another candidate in the growing list of exploits on instant messaging clients and servers arrived in the wild. Called W32.Funner, the worm on Monday circulated to attack on the Windows Messenger platform.

Get the details here.

Internet Security

News: Windows JPEG Exploit On the Prowl
The first example of a working program designed to exploit a bug in Microsoft's GDI+ library — which allows malicious code to be run simply by viewing a JPEG image — has been found in the wild.

 Are more sinister exploits on the way?

Securing Windows

Internet Security

News: Microsoft Graphics Bug Threatens Systems
Experts worry that this new JPEG bug can be exploited through an HTML e-mail, allowing the attacker to run any code allowed under the user's permissions. "Very serious," says one, pointing to the chance of copy-cat attacks.

 Get the details here.

Keeping Pace with Microsoft's Patches

News: Attack Pierces Fully Patched XP Machines
The Download.Ject attack is back with a vengeance, and it's now being used on the Internet. Even fully patched XP machines are at risk, though computers running XP SP2 are not.

Get the details on this attack and how you can avoid it.

News: First SP2 Exploit?
Microsoft offers a hotfix for loopback bug, while security researchers report a new vulnerability in SP2 that could allow a malicious Web site to deposit an attack program on a user's system. Find out how it works here.

Securing Windows.

Analysis: New MyDoom Piggybacks a Nastier Worm
MyDoom is back with W32/MyDoom.S-mm. This variation, also known as MyDoom.Q@mm, Worm_Ratos.A, and I-worm.Win32.Ratos, was discovered on August 15th, and jumped to a medium-level threat very quickly. While MyDoom.S doesn't really do much, it downloads a particularly nasty trojan called Backdoor.Ratos.A. Get the full scoop on this new threat.

E-mail Worms 2004.

News: Teen Pleads Guilty in Blaster Worm Attack
A Minnesota high school senior pleaded guilty Wednesday in federal court to unleashing a variant of the "Blaster" Internet worm, which crippled more than a million computers last summer.

Find out what charges he may be facing.

SECURITY ALERT: MyDoom.m prevention and cure

Name: MyDoom.m (w32.mydoom.m@mm, also known as MyDoom.l (Norman)); MyDoom.n (Computer Associates); and MyDoom.o (Sophos)
What it does: Opens port 2110 for remote access
Means of transmission: E-mail
How to recognize: E-mail appears to be from your e-mail domain provider warning of a possible virus infection or spam abuse
Who is at risk: Windows users
Rank: 6 out of 10

Virus brief

The latest version of the MyDoom virus uses social trickery to get users to infect themselves. MyDoom.m (w32.mydoom.m@mm, also known as MyDoom.l (Norman), MyDoom.n (Computer Associates), and MyDoom.o (Sophos), is packed with UPX, is approximately 28KB in size, and is a mass-mailing worm that uses its own SMTP engine to send out copies of itself to addresses harvested from the infected PC. It also spoofs the return address, making it hard to trace infected machines. MyDoom.m does not affect Linux, Mac, or UNIX systems. Because MyDoom.m spreads via e-mail, opens a remote access backdoor on infected PCs, and could damage system files, this worm rates a 6 on the CNET/ZDNet Virus Meter. Read the full report on MyDoom.m for details. Have you been affected (or infected) by MyDoom? Sound off in this related article discussion.

More on MyDoom

• How did MyDoom become the worst virus outbreak ever?

• Netsky, Bagle.B, and Mydoom.F pose triple threat to networks

News: New Bagle Variant is 'Worst of the Year'

The tenacious Bagle virus is at it again, and security experts report that this is the worst version yet.

Get the details on this new virus in case it appears in your inbox.
 

First known 64-bit virus threat found

TODAY'S TOP STORY
Symantec announced Thursday that it has analyzed what it believes to be the first known threat to 64-bit Windows systems, a virus labeled W64.Rugrat.3344. A so-called proof-of-concept virus, the worm only shows that vulnerabilities exist, and it isn't spreading in the wild. Also, the virus doesn't affect 32-bit Windows systems. Share your reaction to these

Microsoft patches new Windows flaw

TODAY'S TOP STORY
Microsoft announced Tuesday a new vulnerability in Windows XP and Windows Server 2003 that could allow an attacker to remotely execute malicious code. While the software giant classified the problem as "important," its second-highest rating, antivirus software maker Symantec characterized the flaw as "high risk." Tell us whether you've installed Microsoft's update to fix the new flaw.

Worm worries grow with release of Windows hacks

TODAY'S TOP STORY
Program files designed to exploit two major vulnerabilities in Microsoft software are targeting computers, but security experts worry that worse--an MSBlast-type worm--could be ahead. Symantec and the Internet Storm Center have both detected automated attacks on computers that have not had the recent security holes patched, for which Microsoft issued warnings April 13. Discuss whether you believe these fears are warranted.

New Worm Eschews Attachments

As the Bagle worm turns, it keeps evolving into something deadlier and deadlier. The newest version eschews attachments, using Explorer's Object Tag vulnerability to infect users running an un-patched version of IE instead. That's right, you can get infected just by reading an e-mail! What fresh torture is this -- and how can you protect yourself? Our story tries to shed some new light on the situation.

New worm disguised as Microsoft update

TODAY'S TOP STORY
Sober.D, the latest variant of the mass-mailing Sober worm, is currently infecting systems by masquerading as an official Microsoft patch for the MyDoom worm. According to Finnish antivirus company F-Secure, Sober.D spreads either as an executable attachment or inside a password-protected Zip archive attached to an e-mail.

VIRUS ALERT: Netsky, Bagle.B, and Mydoom.F pose triple threat to networks

Virus Meter Rating
Name: Netsky.d
Rating: 6
Current Status: On the rise
Damage: May damage files
Threat: May allow remote users to access your computer

Virus brief

The Netsky.d virus, discovered Monday, continues to roll through computer systems around the world, generating millions of infected e-mails and shutting down mail systems and servers. Netsky joins Bagle.B and Mydoom.F to create a trio of problems for Network Administrators.

The latest worm, Netsky.d is a variant of Netsky.c, which was discovered in late February. Netsky uses its own SMTP engine to send itself to the e-mail addresses it finds when scanning mapped drives and hard drives.

The Netsky.d variant is particularly difficult to root out because it uses a number of different subject lines and contains an attached PIF (Program Information File).

TechRepublic's John McCormick takes a look how the three viruses continue to pose a significant threat to network security.

Read the full report for details.

Today: AIM worm spreading, Windows Flaw Discovered, Domain Squatting for Dummies


There's a troika of security issues happening today, including a nasty worm attacking AOL's Instant Messenger, the return of Doomjuice, and a flaw in Internet Explorer. The most interesting development, though, might be Microsoft being hoisted by its own petard—potentially losing the Windows trademark in addition to losing its Lindows lawsuit. Read on for more details!
 

Nasty Flaw Exposes Millions of Windows Desktops to Harm

Here we go again! If you use Windows XP, 2000, or NT, you're at risk once again—from crackers exploiting a hole to run nastyware on your computer. Although the hole has yet to be taken advantage of, it's probably only a matter of time. So get patching! We've got facts on the scope of the problem and how to fix it. This one's pretty serious.
 

AOL Instant Messaging Worm Wreaks Havoc

AIM users were startled Thursday morning by a message exhorting them not to open messages about an "Osama bin Laden" game. The messages—a form of viral adware—come from a slimy company called Buddylinks. Our feature tells you how to spot (and avoid) it.
 

More Doomjuice Attacks Due Friday

New variants of the Doomjuice worm, which takes advantage of MyDoom-infected computers, are scheduled to unleash bitter attacks against Microsoft's Web site on Friday. It appears that MyDoom-infected PCs are being used for other nefarious purposes as well. Details on what these nasty worms do, and how widespread the infection might be, can be found in our story.

Windows Trademark at Risk

Imagine a world where Microsoft doesn't own the term "Windows." We could have products named Sun Windows, Open Windows, Java Windows, Linux Windows, and Apple Windows—all competing with Microsoft's OS. Well, that world is a lot close today. Find out why a court ruling for Lindows has put the whole Windows stranglehold at risk.
 

Doom times two

TODAY'S TOP STORY
A second version of the mass-mailing virus MyDoom hit the Web on Wednesday. MyDoom.B is targeting data attacks at Microsoft's Web site and obstructing an infected PC's ability to access downloadable security software updates. Despite the virus' relative infancy, security software and services company F-Secure declared MyDoom the fastest-spreading worm ever and "the worst e-mail worm incident in virus history."

New virus clogs the Net

TODAY'S TOP STORY
MyDoom continues to spread at a record pace, slowing networks as servers pick off copies of the nefarious ZIP file. The virus carries a payload that threatens to flood SCO's site from Feb. 1 - Feb. 12, 2004. SCO has offered $250,000 for information leading to the arrest and conviction of the person or group responsible for creating the virus.

Related resources

• Mydoom worm is besieging systems across the Internet
• Be ready to react when an e-mail virus strikes
• Download our basic virus PowerPoint presentation to educate your end users

New virus infects PCs, whacks SCO

TODAY'S TOP STORY
A mass-mailing virus that has quickly spread around the Internet is using victims' computers to launch a massive denial of service attack on the controversial SCO Group. Known as MyDoom, Novarg, and as a variant of the Mimail virus, it infects a Windows-running PC, priming the system to send data to SCO's Web server, beginning Feb. 1, 2004.

Related resources

• Quick Tip: Protect against DoS attacks in Win2K
• Handle security incidents in seven steps
• Beware of backdoor planted by Bagle/Beagle worm

New worm spreads over holiday weekend

TODAY'S TOP STORY
A new worm began spreading rapidly across Australian e-mail networks on Sunday. Some computer security experts have compared the worm--dubbed Bagle--to last year's infamous Sobig virus. The worm has spread rapidly, and many antivirus companies updated their warning status on Monday from lower settings to high risk levels.

New Virus Disguised to Do Damage

There's a nasty new Trojan horse-style worm in town--and it's cunningly wrapped in sheep's clothing. Known as either Xombe or Downloader, it comes cloaked as an e-mail from Microsoft, containing security patches that must be applied immediately. Instead of securing your system, however, it ends up installing another file—a Trojan horse. We've got details on what the e-mail looks like and how to avoid it. Once AV researchers have figured out to nullify it, we'll have a fix posted as well.
 

AS of December 12th 2003

IE bug lets fake sites look real

TODAY'S TOP STORY
Microsoft is investigating the dangers of a potential new IE bug that could let hackers craft malicious Web sites under the guise of legitimate and familiar Web addresses. The technique, known as "spoofing," could trick Web surfers into handing over critical data and financial information to imposter Web sites that appear under apparently safe URLs.

Flaw could unleash another Slammer

TODAY'S TOP STORY
Core Security Technologies announced Tuesday that hackers could take advantage of a recently patched Windows vulnerability to create a fast-moving worm similar to SQL Slammer. The company also said that hackers could exploit vulnerabilities in the Windows Messenger service, which allowed the MSBlast worm to spread this summer.

Related resources

• Use risk management to balance functionality and security
• New generation of attacks pose increasing security challenges
• Hacking the hacker: How a consultant shut down a malicious user on a client's FTP server

Worm hits Windows-based ATMs

TODAY'S TOP STORY
A computer virus infected automated teller machines running Microsoft Windows at two banks, Diebold, the maker of the ATMs announced Monday. In August, the Nachi virus helped shut down an unknown number of ATMs running Windows XP Embedded. The incident is probably the first case of a virus infecting a cash machine.

Related resources

• August 2003 sets the record for Internet security problems
• Pros and cons for admins on visiting hacker sites
• Who ARE these virus writers?

W32.Mimail.M@mm W32.HLLW.Epon@mm Backdoor.Freefors W32.Kwbot.S.Worm@mm JS.Pun.Trojan W32.Mimail.L@mm     View all virus threats View expanded threats

Microsoft Windows Workstation Service Remote Buffer Overflow Vulnerability Microsoft Internet Explorer Self Executing HTML Arbitrary Code Execution Vulnerability Atrium Software Mercur Mailserver POP3 AUTH Remote Buffer Overflow Vulnerability Microsoft Messenger Service Buffer Overrun Vulnerability Microsoft Exchange Server Buffer Overflow Vulnerability Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability View all security advisories

Virus PC Alerts

AS of October 2003

Son of MSBlast on the way?

TODAY'S TOP STORY
According to security experts, an MSBlast-scale worm is poised to wreak similar havoc on Windows-based systems if system administrators haven't kept up with Microsoft's most recent patches. The flaw, which exploits a publicized vulnerability in Windows Messenger, affects virtually every version of the Windows operating system, and analysts expect a virus exploiting this flaw to hit the Web in the very near future.

Related resources

• Be ready to react when an e-mail virus strikes
• Why did MSBlast fail to take down Microsoft?
• Many TechRepublic members were prepared for MSBlast and SoBig.F

Please type " Lompoc Direct " in subject line.

email me: TomSutor@hotmail.com

Please type " Lompoc Direct " in subject line.

Business Phone "Use First" 805-735-3532

Business Phone "Use Second" 805-455-4125

Telephone will be responded to within the day,

Please Leave contact Phone Number.

Please type " Lompoc Direct" in subject line.

e-mails will be responded to within 24 hours.

Lompoc Direct

P O Box 2343

Lompoc CA 93438