|
Check this page frequently for the latest Information Security and Virus News If you receive an e-mail that claims to be distributing a Microsoft security patch, it is a hoax that may be distributing a virus. Microsoft does not distribute security patches via e-mail. You can learn more about Microsoft's software distribution policies here: http://www.microsoft.com/technet/security/topics/policy/swdist.mspx  Sassy Sasser worms on the moveMonday, May 3rd 2004 - The first automated exploits targeting a critical Microsoft vulnerability announced last month has taken the form of a family of self-executing worm called W32.Sasser. As of Sunday evening Sasser-A, Sasser-B and Sasser-C were all gaining traction, poised to infect systems around the world when business resumes Monday morning. Sasser-B is currently rated as a level four worm by Symantec on a scale of one to five. (Read More) Source: SearchSecurity.com 'Osama Captured' e-Mail is Malicious TrojanFriday, April 23rd 2004 - Those "Osama Bin Laden Captured" e-mails hammering your in-box today will attempt to download a Trojan if the embedded URL is clicked, anti-virus experts warned Friday. (Read More) Source: InternetNews.com Multiple Vulnerabilities in Microsoft Products *Critical*Wednesday, April 14th 2004 - Microsoft Corporation has released a series of security bulletins affecting most users of the Microsoft Windows operating system. Users of systems running Microsoft Windows are strongly encouraged to visit the "Windows Security Updates for April 2004" site at https://www.microsoft.com/security/security_bulletins/200404_windows.asp and take actions appropriate to their system configurations. (Read More) Source: US-Cert.gov Vulnerability in Internet Explorer ITS Protocol Handler Thursday, April 8th 2004 - A cross-domain scripting vulnerability in Microsoft Internet Explorer (IE) could allow an attacker to execute arbitrary code with the privileges of the user running IE. The attacker could also read and manipulate data on web sites in other domains or zones. (Read More) Source: US-Cert.gov New Phishing Technique Wednesday, March 31st, 2004 - A new phishing attack technique was discovered today in a Citibank scam targeting Citibank customers. In this technique "the Address bar on the browser is spoofed, using Javascript and frames, the real address bar is suppressed and despite the HTTPS callout in the Address bar, there is no SSL padlock present in the lower corner of the browser." (Read More) Source: AntiPhishing.org Witty WormMonday, March 22nd, 2004 - US-CERT is aware of a worm known as "Witty". Witty is a worm that exploits a vulnerability in ISS' ICQ Parser Protocol Analysis Module. (Read More) Source: US-CERT.gov Phatbot TrojanThursday, March 18th, 2004 - US-CERT is aware of a Trojan known as "Phatbot". Phatbot is an IRC bot with characteristics and functionality similar to Agobot. (Read More) Source: US-CERT.gov Many variants of W32/Beagle malicious codeThursday, March 18th, 2004 - US-CERT continues to receive reports of new variants of the W32/Beagle mass-mailing virus. The most recent variant is W32/Beagle.T (discovered on March 18th). W32/Beagle arrives as an attachment to an email message containing a From: address that is spoofed to hide the identity of the sender. (Read More) Source: US-CERT.gov Many variants of W32/Netsky malicious codeThursday, March 18th, 2004 - US-CERT continues to receive reports of new variants of the W32/Netsky mass-mailing virus. The most recent variant is W32/Netsky.M (discovered on March 10th). W32/Netsky arrives as an attachment to an email message containing a From: address that is spoofed to hide the identity of the sender (Read More) Source: US-CERT.gov Technical Cyber Security Alert TA04-041AMultiple Vulnerabilities in Microsoft ASN.1 Library Tuesday, February 10th, 2004 - Multiple integer overflow vulnerabilities in the Microsoft Windows ASN.1 parser library could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges. (Read More) Source: CERT.org Win32.Mydoom.aMonday, January 26th, 2004 - Win32.Mydoom.a is a mass-mailing worm which uses its own SMTP engine to spread. The worm also opens a backdoor on infected systems, performs a DoS (Denial of Service) attack and has an expiration date. (Read More) Source: eSafe.com Worm opens two backdoors, logs keystrokesMonday, January 26th, 2004 - A new version of the dangerous Dumaru worm surfaced this weekend, and enterprise administrators are warned that this version creates a Windows Hook that logs keystrokes and opens two backdoors that experts say could enable an attacker to gain remote control of an infected system. (Read More) Source: SearchSecurity.com Bagle-A worm moving quicklyMonday, January 19th, 2004 - You definitely don't want Bagle-A with your coffee this morning. Bagle is a new mass-mailing worm, and it came on strong on Sunday, prompting antivirus software companies to raise threat alerts. The worm also opens an unassigned port, where it tries to listen for commands from the writer. Finnish antivirus firm F-Secure Corp. has rated Bagle a level 1 threat, the company's highest rating, because of the worm's pervasiveness. (Read More) Source: SearchSecurity.com Trojan wrapped in phony XP service packFriday, January 9th, 2004 - You may have arrived at work this morning to find in your inbox a suspicious looking e-mail purporting to be a service pack for Windows XP. It is in fact a new Trojan called Xombe. (Read More) Source: SearchSecurity.com P2P threat is set to increaseFriday, January 9th, 2004 - According to security specialists, peer-to-peer (P2P) networks will prove a growing threat to firms during 2004, as malicious users increasingly employ them for malware attacks. (Read More) Source: vnunet.com Mimail-P promises prize, steals informationThursday, January 8th, 2004 - The 14th variant of the Mimail worm surfaced Wednesday afternoon, and this one carries much of the same poison as previous variants. Namely, it phishes for sensitive user information, like credit card and Social Security numbers. The new variant also uses a phony PayPal data entry form. (Read More) Source: SearchSecurity.com Sober-C worm speaks GermanMonday, December 22nd, 2003 - A new variant of the Sober worm emerged over the weekend and is spreading, primarily in German-speaking countries. Antivirus vendor McAfee and e-mail filtering outsourcer MessageLabs Inc. said that 80% of Sober-C infections are coming from Germany. The mass-mailing worm does not carry a destructive payload, and it can send messages in either English or German. (Read More) Source: SearchSecurity.com CERT® Advisory CA-2003-28 Buffer Overflow in Windows Workstation ServiceThursday, November 20th, 2003 - A buffer overflow vulnerability exists in Microsoft's Windows Workstation Service (WKSSVC.DLL). A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. (Read More) Source: Cert.org Microsoft Windows Security Bulletin Summary for October 2003Wednesday, October 29th, 2003 - Included in this advisory are updates for five newly discovered vulnerabilities in Microsoft Windows. These vulnerabilities, broken down by severity are: Sober-A worm pretends to be virus fixMonday, October 27th, 2003 - A new bilingual, mass-mailing worm is in the wild and plays off user fears about viruses. Sober-A is spreading via e-mail on Windows systems; it arrives with German and English subject lines and an attachment that purports to be a fix for a bogus new worm. When executed, the worm searches the infected system for e-mail addresses to mail itself to using its own Simple Mail Transfer Protocol (SMTP) engine. (Read More) Source: SearchSecurity.com CERT® Advisory CA-2003-27 Multiple Vulnerabilities in Microsoft Windows and ExchangeFriday, October 17th, 2003 - There are multiple vulnerabilities in Microsoft Windows and Microsoft Exchange, the most serious of which could allow remote attackers to execute arbitrary code. (Read More) Source: Cert.org
Microsoft Patches Internet Explorer VulnerabilitySaturday, October 4th, 2003 - During August Microsoft released a patch for Internet Explorer which was supposed to resolve an issue with Active Scripting and Internet Explorer. Since Microsoft released this broken patch there have been a number of Trojan websites that use this to infect visitors machines. (Read More) Source: Virus.org QHosts Trojan HorseThursday, October 2nd, 2003 - The CERT/CC has received reports of a new Trojan Horse program affecting Microsoft Windows systems. The QHosts or Qhosts-1 Trojan Horse has been reported to alter domain name service (DNS) settings on Windows systems and redirect users from legitimate web sites to those specified by the Trojan Horse program. (Read More) Source: Cert.org Use Care When Reading Email with AttachmentsMonday, September 29, 2003 - You probably receive lots of mail each day, much of it unsolicited and containing unfamiliar but plausible return addresses. Some of this mail uses social engineering to tell you of a contest that you may have won or the details of a product that you might like. The senders are trying to encourage you to open the letter, read its contents, and interact with them in some way that is financially beneficial - to them. Even today, many of us open letters to learn what we've won or what fantastic deal awaits us. Since there are few consequences, there's no harm in opening them. (Read More) Source: Cert.org Swen worm purports to be Microsoft alertFriday, September 19, 2003 - The Swen worm, also known as Gibe-F, sometimes travels as an attachment to an HTML e-mail purporting to be a patch alert from Microsoft. It can also arrive impersonating an e-mail delivery failure notice. If installed, the worm will try to shut off antivirus and other security software. It also tries to spread itself through network file shares and by e-mailing copies of itself. Source: SearchSecurity.com What You Should Know About Microsoft Security Bulletin MS03-039 (824146) - Severity Level: CriticalWednesday, September 10, 2003 - Buffer Overrun In RPCSS Service Could Allow Code Execution (824146). A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft® Windows® and gain complete control over it. You can help protect your computer by installing this update from Microsoft. Source: Microsoft.com CERT® Summary CS-2003-03Monday, September 08, 2003 - Each quarter, the CERT® Coordination Center (CERT/CC) issues the CERT Summary to draw attention to the types of attacks reported to our incident response team, as well as other noteworthy incident and vulnerability information. The summary includes pointers to sources of information for dealing with the problems. Since the last regularly scheduled CERT summary, issued in June 2003 (CS-2003-02), we have seen a large volume of reports related to a mass mailing worm, referred to as W32/Sobig.F, and have issued advisories on the exploitation of vulnerabilities in Microsoft's RPC implementation. The culmination of the RPC vulnerabilities resulted in the W32/Blaster Worm, which affected many Microsoft users. We have also reported on a vulnerability in the Cisco IOS interface as well as on multiple vulnerabilities in Microsoft Windows libraries and Internet Explorer. Source: Cert.org New Variant - W32/Sobig.f@MM (High Risk)Monday, September 08, 2003 - A new variant of W32/Sobig, W32/Sobig.f@MM is a High Risk mass-mailing worm. It arrives as an email attachment with a .pif or .scr extension. When run, it infects the host computer, then emails itself (using its own SMTP engine) to harvested email addresses from the victim's machine. In addition, when it propagates, the worm "spoofs" the "from: field", using one of the harvested email addresses. So exercise care when opening emails with attachments. An infected email can come from addresses you recognize. Because it sends so many emails, a worm like Sobig also saps bandwidth and slows network performance. Worse, it can also open up a user's computer port, making it vulnerable to hackers, who can plant dangerous Trojans. These malicious programs often let unauthorized users remotely take over a system, steal personal information or use the infected PC to send spam. Source: McAfee.com Win32.Neroma.aSunday, September 07, 2003 - Win32.Neroma.a is a relatively simple mass mailing worm masquerading as an image file. It uses Microsoft Outlook to send itself to all contacts in the Windows Address Book. Source: eSafe.com Win32.Neroma.bSunday, September 07, 2003 - A variant of Win32.Neroma.a, Win32.Neroma.b is also a relatively simple mass mailing worm masquerading as an image file. It uses Microsoft Outlook to send itself to all contacts in the Outlook Address Book. Source: eSafe.com Another Blaster Variant Author ArrestedThursday, September 04, 2003 - The author of the Blaster-F worm variant has been arrested by police in Romania. The suspect is a 24 year old from the Romanian city of Iasi. Source: Virus.org Spam sneeks to Exploit IE HoleWednesday, September 03, 2003 - There are several reports of a piece of SPAM circulating that is exploiting a hole in Internet Explorer to go and install some Nasty Malware. Source: Virus.org W32/Sobig.F WormMonday, August 25, 2003 - The CERT/CC continues to receive reports of an new variant of the Sobig worm, 'W32/Sobig.F'. Like its' predecessors, Sobig.F attempts to replicate itself by sending out infected email. In addition, it can download and execute arbitrary code on the target machine, which potentially permits the worm to compromise confidential information, or set up and run other services, such as open mail relays. The CERT/CC is not aware of any continued activity related to the "second phase" of the worm's operation as described in the Incident Note, but encourages users who are still compromised to take action to recover their systems. The CERT/CC strongly encourages users to install anti-virus software, and keep its virus signature files up-to-date. Source: Cert.org New critical holes in Windows detailedAugust 21, 2003 - With the Lovsan and Nachi worms still exploiting critical holes in Windows' Remote Procedure Call protocol, Microsoft announced three new critical vulnerabilities Wednesday that merit the immediate attention of IT administrators. Source: SearchSecurity.com CERT® Advisory CA-2003-16 Buffer Overflow in Microsoft RPCJuly 17, 2003 - A buffer overflow vulnerability exists in Microsoft's Remote Procedure Call (RPC) implementation. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. Source: Cert.org |
|
Print Friendly 
|
USF Home > USF Health Home
> Information Systems > Security > Information Security Alerts
|
USF Home > USF Health Home
> Information Systems > Security > Information Security Alerts
12901 Bruce B. Downs Blvd.
Tampa, Florida 33612
This page was last modified on 5/14/2007.
Top of Page
Tampa, Florida 33612
This page was last modified on 5/14/2007.
Top of Page