The folks over at The Sans Institute (Incidents.org) are reporting on a possible zero-day ( 0-day ) exploit against Microsoft Internet Explorer. (A zero day exploit is the name given to an exploit of a previously unknown vulnerability.) Their analysis essentially had the machine they were using go to 100% cpu and it did not give the claimed behavior. They’re thinking this may just be an exploit of one of the other vulnerabilities disclosed Tuesday (MS05-038)
Category: Computers
-
Viral turf war
I remember very well the competing worms that came out in early 2004, Netsky and Bagel (Beagle) and to a degree Mydoom as well. One would try to uninstall the other as they fought for control of a pc. They were done by competing gangs and were literally waging a turf war with home (and business computers.) The same seems to be happening with the latest round of plug ‘n play (worms) viruses (bots).
-
Qemu Windows XP install
Well, I alluded yesterday to a struggle with installing Windows XP under Qemu. Here are some details on the long and (still winding) road. At this point I have a working XP install running under Qemu but, I’ve run out of disk space (2G) and need more space before I can upgrade it to SP2. Note that I have not installed any third party software, just the base OS. Well…. I did have a long way around to get there….
-
Esbot and Zotob updates….
Wednesday afternoon and Esbot is up to revision .B, Zotob is up to G according to Sarc (Symantec antivirus research). They have appropriate removal tools and details on affected systems there. Meanwhile the Sans institute (incidents.org) has a rundown of the latest in todays handlers diary.
-
Good introductory article on linux
There is a Newsforge article talking about “Best Practices for the Linux home office”. They cover a lot of ground for the newcomer to linux. But some of their advice is excellent for computing in general. One is to treat your work machine like a production system (not development) the advice here is not to risk your main work machine on that game you’ve been dying to try out.
-
Adobe Acrobat vulnerabilities….
According to The Register among other sources, there is a vulnerability in all Acrobat and Reader software prior to the following safe release numbers: Windows and Mac Reader users please install 7.0.3 or 6.0.4 to be fixed (all other 7 series and 6 series versions are vulnerable). Acrobat users on Windows or Mac should update to either 7.0.3, 6.0.4 or 5.0.10 (again, any other 7.x 6.x or 5.x version is vulnerable.) Linux and Solaris reader users should upgrade to 7.0.1 to be secure.
-
Microsoft’s quick response to network worms….
This is an ironic title because frankly, Microsoft has seemed to be slow in solutions for the recent zotob worm. Of course, they announced the vulnerability and accompanying update to solve the issue to begin with, but after the virus started propagating what do we see from Microsoft? They have a page titled What you should know about Zotob
-
Phishing scheme aimed at educating users
A number of New York state employees and a number of cadets at West Point were targetted in a recent phishing scheme. This one was perpetrated by the good guys though to wake them up to how realistic a phishing attempt could look. The employees that bit were “given a gentle slap on the wrist”.
-
Esbot and Zotob removal tool
Just a quick note to mention that Symantec has posted a removal tool for Esbot(.A). They previously had manual instructions only. They also have updated their Zotob Removal Tool to cover all current variants .A .B .C@mm .D .E and .F (.E was the big newsmaker yesterday.)
-
Esbot.a
Symantec’s site is also reporting another virus (technically a worm) targetting the MS05-039 vulnerability. This one is called w32.esbot.a and is also rated at level 3 on their 5 level threat assessment scale.