June 2006 – Donna's SecurityFlash

W32.Cuebot-K worm appears as Microsoft antipiracy program

The fake Windows Genuine Advantage Tool (wgavn.exe) has been named as W32.Cuebot-K worm by Sophos. Cuebot-K propagates by sending itself as a file named “wgavn.exe” to more people in the user’s “Buddy List” but without a message, Cluley said. More in http://www.infoworld.com/article/06/06/30/HNwormmsantipiracy_1.html I just viewed Sophos’ Threat analyses page – by name (letter C) but they don’t have the article for Cuebot-K yet (maybe later). At the time of this writing, they got articles for Cuebot-A to Cuebot-J only (at least, it has been detected now and let’s hope that all other security vendors that has malware detections for worms … Continue reading W32.Cuebot-K worm appears as Microsoft antipiracy program

WinPatrol v10 now monitors hidden files

By donna

The above-image is from our friend –> Bits from Bill and I find it not just a bit but a big bit because WinPatrol v10 now… Monitor Hidden Files files in critical system areas. A new list of Hidden Files is available to help you clean up your machine. Almost all new infiltrations and/or root kits will attempt hiding their files but Scotty can detect them in real-time before any serious danger can be done. While many hidden files are normal system files, the introduction of new hidden files should be questioned. Now it can be. The ability to delete hidden files will … Continue reading WinPatrol v10 now monitors hidden files

Microsoft Security @ Home Features Windows Genuine Advantage

By donna

To help Home Users in understanding the importance of Windows Genuine Advantage Program… Microsoft is now featuring it in the Security At Home website:If we will click on the featured program, we will be directed to a page where Microsoft explain some risk of not having a genuine copy of Windows:http://www.microsoft.com/genuine/AboutNotifications.mspx Screenshots are provided for the opt-in user experience [:P]

OpenOffice.org Security Bulletin 2006-06-29

By donna

OpenOffice.org 2.0.3 fixes three security vulnerabilites that have been found through internal security audits. Although there are currently no known exploits, we urge all users of 2.0.x prior to 2.0.2 to upgrade to the new version or install their vendor’s patches accordingly. Patches for users of OpenOffice.org 1.1.5 will be available shortly. The three vulnerabilities involve:Java Applets, CVE-2006-2199Macro, CVE-2006-2198; andFile Format, CVE-2006-3117 http://www.openoffice.org/security/bulletin-20060629.html

Apple OS X 10.4.7 .tiff "TIFFFetchAnyArray ()" DoS

By donna

Release Date: June 29th, 2006 Severity: Low Vendor: Apple Versions Affected: Apple OS X 10.4.7 and prior Overview:TIFF is a file format used mainly for storing images, including photographs and line art. Every TIFF file begins with a 2-byte field that indicates byte ordering: “II” for little endian and “MM” for big endian. The following two bytes contain the constant value 42. These values are followed by additional header fields and image data. Technical Details:When processing a malformed .tiff image file, the TIFFFetchAnyArray () function does not properly parse an invalid tag causing the application which it was opened with … Continue reading Apple OS X 10.4.7 .tiff "TIFFFetchAnyArray ()" DoS

iTunes Advanced Audio Coding File Handling Integer Overflow Vulnerability

By donna

Apple iTunes Advanced Audio Coding File Handling Integer Overflow Vulnerability About the security content of iTunes 6.0.5 CVE-ID: CVE-2006-1467 Available for: Mac OS X v10.2.8 or later, Windows XP / 2000 Impact: An integer overflow in iTunes could cause a denial of service or lead to the execution of arbitrary code Description: The AAC file parsing code in iTunes versions prior to 6.0.5 contains an integer overflow vulnerability. Parsing a maliciously-crafted AAC file could cause iTunes to terminate or potentially execute arbitrary code. iTunes 6.0.5 addresses this issue by improving the validation checks used when loading AAC files. iTunes 6.0.5 … Continue reading iTunes Advanced Audio Coding File Handling Integer Overflow Vulnerability

CastleCops responds to Leo Stoller

By donna

Read the response of CastleCops to that person – Leo Stoller (Stoller targets “CastleCops” trademark)

Stolen VA Computer Recovered; What’s the lesson?

By donna

The government said Thursday that it has recovered the stolen laptop computer containing sensitive information for up to 26.5 million veterans and military personnel. The FBI said a preliminary review found no evidence that anyone accessed Social Security numbers and other data on the equipment. More in http://www.cbsnews.com/stories/2006/06/29/national/main1763751.shtml What can we learn from this? First, CA 1386 provides exclusion for data that is encrypted. That should seem outright obvious to everyone. ENCRYPT IT! That was blogged by McAfee AVERT

Argh! 2nd instance of fake Windows Genuine Advantage Notification

By donna

One earlier and now there’s 2nd … it’s at Daniweb‘s forum (Thanks to Microsoft MVP Robear Dyer for the link). The bad file is faking Microsoft’s Windows Genuine Advantage Notification and Validation Tools. As you can see on earlier (the first report).. there is a service name called “Windows Genuine Advantage Validation Notification” and the offending filename is wgavn.exe. Again, there is no Windows services for the legitimate Windows Genuine Advantage (WGA) tool by Microsoft. Also, the names of the legitimate tools are: Windows Genuine Advantage Validation Tool Windows Genuine Advantage Notification Tool Note that the Validation Tool don’t have Notification … Continue reading Argh! 2nd instance of fake Windows Genuine Advantage Notification

20 Reasons Why Windows Vista Will Be Your Next OS

By donna

Security, power and performance, applied graphics and user interface improvements, wireless networking, desktop search, usability updates, new performance monitoring and diagnostics, and an upgraded bevy of onboard applications such as Internet Explorer 7+ and Windows Defender are some of the main areas where Microsoft has beefed up Vista. Enterprise features, such as expanded group policies, whole-drive encryption and hardware-agnostic Windows imaging, are especially welcome. More in Computerworld (Thanks to Microsoft MVP James Fisher for the link)