 | |
 |
| Virus Warnings / Patches | Risk | Virus Name | Date Discoverd |
|
| From The Forum: SecurityWatch | |
| |
MessageLabs has issued a warning to Internet users informing them not to click on the “opt-out” link in spam emails. They had discovered a number of messages turning PC’s into a spam distribution point.
Being dubbed the “drag-and-drop javascript exploit”, MessageLabs said the scam uses an Internet Explorer flaw to "download an EXE file when the mouse is scrolled across the malicious domain page, allowing the machine to be turned into an open proxy that spammers can control".
“Users should already know that it is never a good idea to press the 'click here to remove' link on spam emails as it confirms to spammers that the email address is real", said senior antivirus technologist for MessageLabs, Alex Shipp.
"This latest spam attack, however, presents a double whammy: it not only opens up the floodgates to endless amounts of spam as the address is sold to other spammers, but it allows a compromised machine to be used to host their next spam run while spammers are busy in the background stealing confidential data," he said.
Flaw Found In Older Office Versions. A flaw has been discovered that could allow a denial-of-service attack to be executed on systems running older versions of Microsoft Office.
Secunia has said that the vulnerability is the result of an error in the way Microsoft Word manages input when parsing document files. The flaw could be exploited by using a custom made document.
In an email a Microsoft representative said "We have not been made aware of any active exploits of the reported vulnerabilities or customer impact at this time, but we are aggressively investigating the public reports".
"Microsoft is concerned that this new report of a vulnerability in Word was not disclosed responsibly, potentially putting computer users at risk," the representative said. "We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests, by helping to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities with no exposure to malicious attackers while the patch is being developed."
It’s been suggested that Microsoft users not open un-trusted Word documents.
Security Patches Released For Apple. A security update has been issued that fixes several flaws in the Mac OS X operating system.
The update, Security Update 2004-09-30, sheds some light on the DNS vulnerabilities in the AFP server and CUPS printing module and a flaw in QuickTime.
Apple has issued fixes for both Mac OS X 10.2 and 10.3. Some of the flaws affect both versions of Mac OS X.
Firewalls Are Failing. According to a Microsoft security expert, firewalls aren’t doing a good job protecting corporate networks.
"We are all bloody lucky that something hasn't obliterated IT on earth," said Microsoft security technology architect Fred Baumhardt, Monday at a technical briefing on the need for next generation firewalls in London. "Firewalls are like retarded routers. They just look at the ports, sources and destinations they like. If a train comes from Gare du Nord [Paris] to Waterloo [London] via Eurostar you allow it to enter the country because you trust it. That's what firewalls currently do. They don't check to see if al-Quaeda is riding inside."
Baumhardt gave an example on how many hackers actually use port 80 to enter a network because it is treated as trusted traffic. He also added that it’s important to protect your network internally, instead of just at the outskirts.
"I don't care which vendor you get it from," he said. "I just want to see [next generation firewall] technology in front of your network."
Security Concerns For MSN Messenger Beta. The beta testing of the newest version of Microsoft’s MSN Messenger has been suspended due to security problems, a company spokeswoman said yesterday.
The potential hazard is located in a new MSN feature called “winks” which allows users to send each other sound animations. The new feature can be over-used to overwhelm a users system.
It is unclear how many people downloaded the potentially vulnerable version of MSN Messenger.
Enjoy!
Jeremy Muncy + The SecurityProNews Team
| |
|
 About SecurityProNews
SecurityProNews is updated in real time with vital internet security alerts, news and in-depth articles for IT Managers. SecurityProNews understands that IT Management Begins With Security. |
|
SecurityProNews is brought to you by:
|
|  |
|
|
|
|
|
, Inc. 880 Corporate Drive, Lexington, KY 40503
