News Archives from 2001 (August 01 - August 31, 2001)
______________________________________________________________
[Jump to Amiga] [Jump to Windows] [Jump to Mac]
[Jump to Linux] [Jump to Misc]
______________________________________________________________
Amiga
30 August 2001 - Safe v16.5 Released
Zbigniew `Zeeball` Trzcionkowski released his latest freeware virus
dicovering system. Safe informs about attack and removes virus from
memory if possible. The archive is named Safe165.lha, and can be found
on the downloads page, by following the above link.
New in v16.5
- added possibility to change name of safe on installation.
It was necessary - new viruses like HH50 and SMEG2b refuse to infect
Safe file. This trend will surely remain, so now Safe gives the user
the easy way avoid that.
Big thanks for Antonio Noguera, who did this improvement!
This is piece of good work - even better I expected!
- removed some outdated info from html documentation
Note that the most useful information is here and in NewShit.guide.
Thanks to Michael Hendren for paying attention.
- removed SMEG2/PENETRATOR removals as xvs.library recognizes them now
- added analyze of HitchHiker5.00 the most advanced polymorphic bastard
in the Amiga universe
30 August 2001 - New Xvs.library v33.31 Released
Jan Erik Olausen (JEO), released a new XvsLibrary. The archive is named
xvslibrary3331.lha, and can be found on the downloads page, by following
the above link. For changes since last version, see the readme file.
23 August 2001 - Safe v16.4 Released
Zbigniew `Zeeball` Trzcionkowski released his latest freeware virus
dicovering system. Safe informs about attack and removes virus from
memory if possible. The archive is named Safe164.lha, and can be found
on the downloads page, by following the above link.
New in v16.4
- totally reworked VECS option, which now allows to see the most
interesting task fields!
- finally fixed all BUGS with 000 processors
HitchHiker 5.0 is on the wild! Please wait for more detailed information
and AV-software from Vht-Dk. Markus Schmall said he will take a look at
this one.
23 August 2001 - Hitch-Hiker 5.00 Virus Info Update
VHT-DK Announcement list says "It seems like this new Linkvirus "Hitch-
Hiker 5.00" virus is a bit smarter that we thought. It can change in
size, and look. And we has not aware of this, but we are working hard to
get the problem solved. As soon as we have solved the problem, a new
update of the xvs.library will be released. So stay tuned........"
19 August 2001 - VirusExecutor v2.20 Released
Jan Erik Olausen released a new version of his virus killer. The archive
is named VirusExecutor220.lha, and can be found on the downloads page, by
following the above link. For changes since last version, see the readme
file.
* VirusExecutor Homepage at Virus Help Team Canada
Has links to all files required and recommended to run VE2.20
19 August 2001 - New Xvs.library v33.30 Released
Jan Erik Olausen (JEO), released a new XvsLibrary. The archive is named
xvslibrary3330.lha, and can be found on the downloads page, by following
the above link. For changes since last version, see the readme file.
19 August 2001 - FREE Key File For VirusCheckerII
Alex van Niel has released a free keyfile for his anti-virus viruskiller
program VirusChecker II. Alex says "I feel that the time has come to make
VirusCheckerII free and available for every Amiga user in the world." He
ends with a special note to all of us that have been registered users
over the years - "You are to be thanked for your loyalty which I hereby
do: Thanks! :)"
19 August 2001 - VHT-DK Warning: Trojan in Aminet file Muahaha.lha
Virus Help Denmark says a new trojan has been found today. The trojan
will delete every file that has the "key" in the name of the file. This
trojan is just like the one that has found of the 15'th of August, named
MZ-Makey trojan. But this trojan was found on Aminet, but removed now.
The xvs.library package will be released very soon.
Follow the above link for viruswarning - file is named vht-dk109.lha.
* Click here for VHT-DK Virus Warning vht-dk109 Readme
* Subscribe online to the VHT Virus Warnings Announcement list.
18 August 2001 - VHT-DK Warning: Hitch-Hiker v5.00 For Third Time
Virus Help Denmark says here we go again, the 3rd installer of
Hitch-Hiker has been found this weekend. The archive was uploaded to
AmiNet, but it has been removed now. Again, there is "NO" cure for
this virus right now.
Follow the above link for viruswarning - file is named vht-dk108.lha.
* Click here for VHT-DK Virus Warning vht-dk108 Readme
* Subscribe online to the VHT Virus Warnings Announcement list.
17 August 2001 - VHT-DK Warning: Hitch-Hiker v5.00 UPDATE
Virus Help Denmark says there might just be more installers of the
'Hitch-Hiker 5.00' virus out there. The 'xvs.library' (external Virus
Scanner library) will be updated as soon as possible. In the mean time,
take care...
Follow the above link for viruswarning - file is named vht-dk107.lha.
* Click here for VHT-DK Virus Warning vht-dk107 Readme
* Subscribe online to the VHT Virus Warnings Announcement list.
17 August 2001 - VHT-DK Warning: Hitch-Hiker v5.00 Virus Found
Virus Help Denmark reports they have found the installer of the new
'Hitch-Hiker 5.00' linkvirus. There is NO cure for this virus right now
Follow the above link for viruswarning - file is named vht-dk106.lha.
* Click here for VHT-DK Virus Warning vht-dk106 Readme
* Subscribe online to the VHT-DK Virus Warnings Announcement list.
15 August 2001 - New Xvs.library v33.29 Released
Jan Erik Olausen (JEO), released a new XvsLibrary. The archive is named
xvslibrary3329.lha, and can be found on the downloads page, by following
the above link. JEO says xvs.library has changed it's name from: The
eXternal Virus Support Library, to: The eXternal Virus Scanner Library.
News for 33.29: Added MKG Trojan File virus.
15 August 2001 - VHT-DK Warning: New Trojan Found
Virus Help Denmark reports a new trojan has been found today. This trojan
says that it will make a key-file that will work with over 250 programs.
Well, I guess that there are someone that will fall for this kind of
program. The trojan will delete every file that has the "key" in the name
of the file, in your S:, Libs:, Devs: and L:.
Follow the above link for viruswarning - file is named vht-dk105.lha.
* Click here for VHT-DK Virus Warning vht-dk105 Readme
* Subscribe online to the VHT-DK Virus Warnings Announcement list.
13 August 2001 - VEPatchBrain v1.36 for VirusExecutor Available
Jan Erik Olausen has released a new PatchBrain for his viri checking
program VirusExecutor. This brain file can be used with any VE 2.xx
version. For changes since last version, read the readme file.
13 August 2001 - New Xvs.library v33.28 Released
Jan Erik Olausen (JEO), released a new XvsLibrary. The archive is named
xvslibrary3328.lha, and can be found on the downloads page, by following
the above link. JEO says there was a bug in the old xvs.library. It has
been removed from the archive section here on Virus Help Team Canada.
13 August 2001 - Announcements on Virus Help Denmark Site
VHT-DK posted a couple of interesting items.
* Amiga Virus Encyclopedia updated
* New member has joined Virus Help Denmark
Jan posted that Jan Erik Olausen (JEO - programmer of VirusExecutor and
xvs.library) has joined the VHT-DK team. Now we have 2 Amiga antivirus
members. :-)
07 August 2001 - New Xvs.library v33.27 Released
Jan Erik Olausen (JEO), released a new XvsLibrary. The archive is named
xvslibrary3327.lha, and can be found on the downloads page, by following
the above link. JEO says he decided to release a new version of xvs even
though the memory removal for Penetrator is not finished yet...
04 August 2001 - Safe v16.3 Released
Zbigniew `Zeeball` Trzcionkowski released his latest freeware virus
dicovering system. Safe informs about attack and removes virus from
memory if possible. The archive is named Safe163.lha, and can be found
on the downloads page, by following the above link.
New in v16.3
- fixed ReadArg() template in order to remove wrong message on machines
which users didn't noticed that TCPPATCH is dead!
- optimization
- small fix in xfd slave for new SMEGs
- added analyze of SMEG2 viri
01 August 2001 - VHT-DK Warning: Installer of SMEG 2 Virus Found
Virus Help Denmark reports the installer of the new linkvirus SMEG 2a &
SMEG 2b has been found. Follow the above link for viruswarning - file is
named vht-dk104.lha.
* Click here for VHT-DK Virus Warning vht-dk104 Readme
* Subscribe online to the VHT-DK Virus Warnings Announcement list.
Top of Page
Windows
17 August 2001 - DAT / SDAT 4154 McAfee Total Virus Defense Update
DAT File for weekly v4x 4154, and SuperDat File for v4x 4140/4154
are now available on Network Associates website.
Dr Solomon's VirusScan customers download here.
For more information on the use of the dat files, please see the
NAI's readme.txt. or download VirusScan v4.5 Admin Guide.
* Click here for VirusScan Emergency DATS
17 August 2001 - Updated .def Files Available for F-PROT
Frisk Software International has new Sign.def file available. Also there
is the Sign2.zip file which contains only the sign2.def without the
sign.def file and, as a result, it is quite a bit smaller than both def
files together.
The updates are available now at ftp://ftp.complex.is/pub/
* August 17 2001 releases
fp-def.zip 767Kb plus fp-def.asc
sign2.zip 131Kb
17 August 2001 - Latest Macro.def for F-PROT Released
Frisk Software International has a new Macro.def for F-PROT. This version
of Macro.def was last modified/changed on: August 17, 2001
* See ftp://ftp.complex.is/pub/ for:
macrdef2.zip 202Kb
17 August 2001 - F-PROT and F-PROT for Windows v3.10b Released
Frisk Software International has a new F-Prot Antivirus version 3.10b
available now. There is also a trial version online.
* Read more about FP-WIN Anti-virus Program here
* Get the Trial Version here
* See Download page for details on how to get your own copy of F-PROT
The update has been available since August 17th, 2001 at
ftp://ftp.complex.is/pub/
* August 17 2001 releases
a) FP-Win v3.10b
fp-310b.zip 1328Kb plus fp-310b.asc
b) FP-Win v3.10b Trial
fp-win_310b_trial.zip 5468Kb
17 August 2001 - Microsoft TechNet Security Bulletins
* MS01-045: ISA Server H.323 Gatekeeper Service Contains Memory Leak
This bulletin discusses three security vulnerabilities that are unrelated
except in the sense that both affect ISA Server 2000
* MS01-044: 15 August 2001 Cumulative Patch for IIS
This patch is a cumulative patch that includes the functionality of all
security patches released to date for IIS 5.0, and all patches released
for IIS 4.0 since Windows NT. 4.0 Service Pack 5. A complete listing of
the patches superseded by this patch, is provided in the bulletin
* MS01-043: NNTP Service in WinNT 4.0 and Win 2000 Contains Memory Leak
The NNTP (Network News Transport Protocol) service in Windows NT 4.0,
Windows 2000, and Exchange 2000 contains a memory leak in a routine that
processes news postings.
09 August 2001 - New Virus Travels In PDF Files
ZDNet says 'Peachy' shows that Adobe's PDF file format may not be as
immune to viruses as previously thought. Adobe's popular PDF file format
has generally been considered immune to viruses. But a new virus carried
by programs embedded in PDF files raises concerns that the format itself
could become susceptible. Fortunately, those who are simply viewing a PDF,
or Portable Document Format, file aren't vulnerable. The virus spreads
only by way of Adobe's Acrobat software -- the program used to create PDF
documents -- not through Acrobat Reader, the free program that is used to
view the files. Updated virus descriptions released by McAfee next week
will be able to detect Peachy, said Gullotto, senior director of McAfee's
Avert group.
08 August 2001 - DAT / SDAT 4153 McAfee Total Virus Defense Update
DAT File for weekly v4x 4153, and SuperDat File for v4x 4140/4153
are now available on Network Associates website.
Dr Solomon's VirusScan customers download here.
For more information on the use of the dat files, please see the
NAI's readme.txt. or download VirusScan v4.5 Admin Guide.
* Click here for VirusScan Emergency DATS
08 August 2001 - Latest Macro.def for F-PROT Released
Frisk Software International has a new Macro.def for F-PROT. This version
of Macro.def was last modified/changed on: August 7, 2001
* See ftp://ftp.complex.is/pub/ for:
macrdef2.zip 201Kb
08 August 2001 - Updated .def Files Available for F-PROT
Frisk Software International announced new Sign.def and Sign2.def files
are availble. Also there is the Sign2.zip file which contains only the
file sign2.def without the sign.def file and, as a result, it is quite a
bit smaller than both def files together. Note that this sign2.def file
includes advanced generic detection capabilities which should hopefully
enable F-Prot to find most future variants of the VBS/LoveLetter worm.
The updates are available now at ftp://ftp.complex.is/pub/
* August 7 2001 releases
fp-def.zip 765Kb plus fp-def.asc
sign2.zip 131Kb
08 August 2001 - F-PROT and F-PROT for Windows v3.10a Released
Frisk Software International has a new v3.10a of F-PROT and F-PROT for
Windows. Read more about FP-WIN Anti-virus Program here.
See Download for details on how to get your own copy of F-PROT.
The update has been available since August 7th, 2001 at
ftp://ftp.complex.is/pub/
* August 7 2001 releases
a) FP-Win v3.10a
fp-310a.zip 1328Kb plus fp-310.asc
b) FP-Win v3.10a Trial
fp-win_310a_trial.zip 5479Kb
06 August 2001 - NIPC Advisory 01-017: "Code Red II"
CodeRed II is a rewritten version of the original Code Red worm. It uses
the same IIS hole to gain access on the web server and the continues to
find new vulnerable systems. The NIPC considers Code Red II to be a
serious threat because it spreads rapidly and installs a backdoor that
can be accessed by anyone familiar with the exploit. Any intruder can use
the backdoor compromise to make other system modifications at will.
* NAI: Click here for Report on W32/CodeRed.c.worm
To detect and remove the trojan, update to the 4152 DATs. If the trojan
is detected it will be deleted, and the registry keys which allow a
remote attacker to have access to the C: and D: drives, via a web
browser, will be deleted as well.
Virus Help Team Canada: There is a link to the updated 4152 DAT's on
the news page.
* F-Secure: Click here for Report on Code Red / Code Red II
* Symantec: Click here for Report on CodeRed.v3
Symantec is offering a free tool, Symantec Security Check, that you can
use to determine if your computer is at risk. The tool is available in
two forms, both of which are free. The first is an online scan and the
second you can download the tool onto your computer.
06 August 2001 - DAT / SDAT 4152 McAfee Total Virus Defense Update
This update will detect and remove the Code Red II trojan.
DAT File for weekly v4x 4151, and SuperDat File for v4x 4140/4152
are now available on Network Associates website.
Dr Solomon's VirusScan customers download here.
For more information on the use of the dat files, please see the
NAI's readme.txt. or download VirusScan v4.5 Admin Guide.
* Click here for VirusScan Emergency DATS
04 August 2001 - DAT / SDAT 4151 McAfee Total Virus Defense Update
DAT File for weekly v4x 4151, and SuperDat File for v4x 4140/4151
are now available on Network Associates website.
Dr Solomon's VirusScan customers download here.
For more information on the use of the dat files, please see the
NAI's readme.txt. or download VirusScan v4.5 Admin Guide.
* Click here for VirusScan Emergency DATS
04 August 2001 - Trend Micro Sircam Virus Vulnerability
Trend Micro InterScan VirusWall is unable to filter or clean the
TROJ_SIRCAM.A virus from attachments in electronic mail format (.eml).
This vulnerability is due to a problem with InterScan's ability to
decode certain attachment types.
04 August 2001 - SirCam worm settles in for the long haul
ZDNet says experts say the worm is likely to keep sending out recipes,
confidential government documents and CVs for the forseeable future.
Updated news stories and links on SirCam
* Report: Worm nabs secret Ukrainian files
Web site receives secret documents from Ukrainian president
* SirCam tops virus charts for July
Code Red may have grabbed the media attention, but the SirCam email worm
has continued to top the charts
04 August 2001 - FAQ: The Code Red threat
ZDNet UK answers common questions about the Code Red worm.
04 August 2001 - F-Secure warns: Code Red is not dead
F-Secure Media Release reminds us the worm has been programmed to spread
only during the first 20 days of every month. As the widespread July
infections started on the 19th of the month, the worm stopped spreading
by itself almost as soon as it had become widespread. This time it won't.
It will continue to spread for almost three weeks and might spread much
more widely than in July, when it infected around 300,000 servers.
Updated stories and links on this Code Red Worm
* Train crash could be to blame for Internet derailment
A train crash in the US cut Internet cables serving seven major ISPs.
Was it this, and not Code Red, that derailed the Internet on 18 July?
* Code Red not by any means dead
Its impact so far having been contained mostly to the US, Code Red could
well be spreading to the rest of the world
* FBI accused over Code Red virus confusion
* Microsoft takes heat for Code Red
* Code Red worm stays cool
01 August 2001 - Possible Internet Slowdown Due to Code Red Worm
CNN has been updating the news for the Code Red worm almost hourly. They
have said the slowdown may not show up for a day or two, or there may not
even be any noticeable difference. The fact remains, that users of the
affected Micorsoft products, still have the responsibility to download and
install the appropriate patch on their systems. The security personel that
were highlighted on CNN on July 30th, said persons that do not even run a
server may still have the server software installed on their systems when
they installed their MS Operating System software. As such, they are also
possibly vunerable, and to take the necessary precautions.
Who Must Act?
Every organization or person who has Windows NT or Windows 2000 systems
AND the IIS web server software may be vulnerable. IIS is installed
automatically for many applications. If you are using Windows 95,
Windows 98, or Windows Me, there is no action that you need to take in
response to this alert.
What To Do If You Are Vunerable?
a. To rid your machine of the current worm, reboot your computer.
b. To protect your system from re-infection: Install the patch as
specified in the instructions.
The security bulletin that describes the patch and the vulnerability
it addresses is posted at:
http://www.microsoft.com/technet/security/bulletin/MS01-033.asp
Because of the importance of this threat, this alert is being made
jointly by: Microsoft, The National Infrastructure Protection Center
(NIPC), Federal Computer Incident Response Center (FedCIRC), Information
Technology Association of America (ITAA), CERT Coordination Center, SANS
Institute, Internet Security Systems and Internet Security Alliance.
Virus Help Team Canada Fast Links for Info on Code Red Worm
* NAI Press release of online scan service
* NAI/PGP OnLine Scan for Code Red Worm
!! Read the directions carefully before requesting the scan !!
* Patch: Windows NT 4.0 computers running Index Server 2.0
* Patch: Windows 2000 computers running Internet Information Service 5.0
* MS TechNet Security Tools including security and config checklists
Top of Page
Macintosh
04 August 2001 - Virex Update To Virus DAT For Scan Engine Available
Networks Associates Technology, Inc. has the current Macintosh anti-virus
software Virex Scan Engine Version: 4131, which includes this updated
Virus Definition file: 4148. Further information in Virex Release Notes
for this Virus Update.
* Virex FTP Site at ftp://ftp.nai.com/pub/antivirus/datfiles/mac/virex
Top of Page
Linux
17 August 2001 - Latest Linux Weekly News Released
The LWN.net Weekly Edition for August 16, 2001 has been published. This
issue covers: Linux distributors branch out, Full disclosure costs, and
LWN @ OSCON.
17 August 2001 - Latest Embedded Linux Newsletter Released
LWN.net says this weeks Embedded Linux Newsletter includes a review of
John Lombardo's "Embedded Linux", a study of how Linux is being used in
industrial controls, and a look at IBM's TechMobile.
09 August 2001 - Latest Linux Weekly News Released
LWN.net Weekly Edition for August 9th, 2001 has been published. Security
issues published in this edition, includes Silly (McAfee) patents, flawed
802.11, and executables in PDFs.
09 August 2001 - LinuxDevices.com Embedded Linux Newsletter
LWN.net says the LinuxDevices.com Embedded Linux Newsletter for Aug 9
is out, with the usual roundup of information from the embedded arena.
08 August 2001 - F-Prot Antivirus v3.10a For Linux Now Available
Frisk Software International has a new v3.10a of F-PROT Linux x86. Read
more about F-Prot Linux Anti-virus Program here.
* Click here to download Linux version for FREE
The update has been available since August 8th, 2001 at
ftp://ftp.complex.is/pub/
* August 8 2001 releases
GNU Compr. Tar fp-linux_3.10a_beta_x86.tar.gz 1340Kb
04 August 2001 - Latest Linux Weekly News Released
LWN.net weekly edition for August 2, 2001 has been published.
Top of Page
Miscellaneous
09 August 2001 - Hotmail Attacked By Code Red II
ZDNet says attack on Microsoft's own server software causes problems for
free email service. Microsoft released a patch to protect servers from
the Code Red virus six weeks ago, but its free email service was caught
out by the more virulent successor to the worm, usually referred to as
Code Red II, earlier this week.
Microsoft has now released a patch to block the vulnerability that Code
Red II exploits, and network administrators must remove the back door
from their systems and reformat and reinstall all software.
04 August 2001 - Added FAQ: The Code Red threat To Links Page
The Links Page now has ZDNets FAQ addition to the Virus Alerts and
Security Links section.
Top of Page
Back to the News Archives page