Microsoft urges patch application to fight latest server threat

There is still uncertainty over how widespread the problem is Microsoft Corp. is telling systems administrators to make sure they have installed a previously announced patch to guard against security problems currently affecting Web sites using the company’s Internet Information Services (IIS) 5.0 server. According to an advisory released by Microsoft, companies that haven’t yet installed Update 835732 detailed in Microsoft Security Bulletin MS04-011 appear to be at risk from the ongoing attack. http://www.computerworld.com/securitytopics/security/holes/story/0,10801,94125,00.html

Web site virus attack blunted

Web surfers are no longer playing Russian roulette each time they visit a Web site, security researchers say, now that a far-reaching Internet attack has been disarmed. The attack, which had turned some Web sites into points of digital infection, was nipped in the bud Friday, when Internet engineers managed to shut down a Russian server that had been the source of malicious code. Compromised Web sites are still attempting to infect Web surfers’ PCs by referring them to the server in Russia, but that computer can no longer be reached. Still, Web surfers should take precautions, as the Internet … Continue reading Web site virus attack blunted

Off-topic: CoUs’ Lucky 7’s Contest :-)

Lucky 7’s Contest!To all our members and guests:We are proud to announce a special contest!The founders of *Calendar of Updates are proud that so many of you have registered and visit our site on a regular basis. From our very humble beginnings (we laughed at the prospect of attracting 50 members!) we have grown quickly to over 700 members!To encourage greater membership we are having a special giveaway. We will offer a free license for software from one or more of the publishers that are found on our calendar (we are currently in the process of acquiring licenses, please see … Continue reading Off-topic: CoUs’ Lucky 7’s Contest 🙂

W32.Korgo.R – Category 2

W32.Korgo.R is a variant of W32.Korgo.M. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on TCP port 113 and other random ports between 2000 and 8192. Note: Symantec Security Response has developed a removal tool to clean the infections of W32.Korgo.R. Variants: W32.Korgo.M Type: Worm Infection Length: 11,391 bytes Systems Affected: Windows 2000, Windows XP Systems Not Affected: DOS, EPOC, Linux, Macintosh, Macintosh OS X, Novell Netware, OS/2, UNIX, Windows 64-bit (AMD64), Windows 64-bit (IA64), Windows 95, Windows 98, Windows Me, … Continue reading W32.Korgo.R – Category 2

What You Should Know About Download.Ject

Microsoft teams are investigating a report of a security issue affecting customers using Microsoft Internet Information Services 5.0 (IIS) and Microsoft Internet Explorer, components of Windows. Important  Customers who have deployed Windows XP Service Pack 2 RC2 are not at risk. Reports indicate that Web servers running Windows 2000 Server and IIS that have not applied update 835732, which was addressed by Microsoft Security Bulletin MS04-011, are possibly being compromised and being used to attempt to infect users of Internet Explorer with malicious code. How to Tell If You Are Affected To determine if the malicious code is on your computer: … Continue reading What You Should Know About Download.Ject

W32.Randex.ATS – Category 2

W32.Randex.ATS is a network-aware worm that attempts to connect to a predetermined IRC server. Also Known As:  Backdoor.IRCBot.gen [KAV], Backdoor:Win32/IRCBot [GeCAD] Type:  Worm Infection Length:  44,032 Systems Affected:  Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP Systems Not Affected:  DOS, EPOC, Linux, Macintosh, Macintosh OS X, Microsoft IIS, Novell Netware, OS/2, UNIX, Windows 3.x, Windows 64-bit (AMD64), Windows 64-bit (IA64)

W32.Korgo.Q – Category 2

W32.Korgo.QDiscovered on: June 24, 2004  Last Updated on: June 24, 2004 02:18:33 PM W32.Korgo.Q is a variant of W32.Korgo.I. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on random TCP ports between 256 and 8191 Type:  Worm Infection Length:  9534 Systems Affected:  Windows 2000, Windows XP Systems Not Affected:  DOS, EPOC, Linux, Macintosh, Novell Netware, OS/2, UNIX, Windows 95, Windows 98, Windows Me

Spammers use spyware to improve hit rates

Latest technique deploys malware to gather information from PCs Spammers are using spyware to launch more sophisticated and targeted attacks, according to email security specialist MessageLabs. The company claims to have discovered the new technique from analysis of the 50 million emails it scans every day. Paul Wood, MessageLab’s chief information analyst, told vnunet.com: “We began seeing patterns in the emails that seemed specifically targeted at some individuals using familiar names or even passwords and pets’ names. “We suspected something like this might happen, but not just yet. The spammers are always shifting the battle lines and this could be … Continue reading Spammers use spyware to improve hit rates

MSN Hotmail Joins Storage Race – 250MB

Microsoft on Thursday will make official its plans to join the Web-based e-mail storage wars by increasing storage for users of its MSN Hotmail service. Free MSN Hotmail users will be gaining 250 megabytes of storage, up from 2MB today, while premium users, for $19.95 a year, will be receiving 2 gigabytes of storage, MSN will announce. http://www.eweek.com/article2/0,1759,1616670,00.asp

Off-topic: Yahoo to Trillian: Talk to the hand

Yahoo on Wednesday began blocking Cerulean Studios’ Trillian software from communicating with its instant messaging service in its latest step to fence its popular client from third-party integrators. Beginning at about 6 p.m. Wednesday, Yahoo changed its instant messaging language to prevent third-party services, such as Trillian, from accessing its service. Like previous statements, the company said the block is meant as a pre-emptive measure against spammers from its Yahoo Messenger service. “Spammers are being aided by entities that are abusing our systems, where they effortlessly gain knowledge of pathways and back-alley access to send spam,” Yahoo spokeswoman Mary Osako … Continue reading Off-topic: Yahoo to Trillian: Talk to the hand