Virus Warnings from September 2000
______________________________________________________________
[Jump to Amiga] [Jump to Windows] [Jump to Mac]
[Jump to Linux] [Jump to Misc]
______________________________________________________________
Amiga
No virus warnings or alerts
Top of Page
Windows
Date: September 21, 2000 * Re-released from 15-sep-2000
Platform: MS Windows 2000
Patch Available: Telnet Client NTLM Authentication Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Bulletin re-released to advise of availability
of new patch.
* Release Note: Microsoft has released a patch that eliminates
a security vulnerability in the telnet client that ships
with Microsoft Windows 2000. The vulnerability could, under
certain circumstances, allow a malicious user to obtain
cryptographically protected logon credentials from another
user.
* Click here for MS Security Bulletin MS00-067
Date: September 20, 2000
Platform: Windows PC
Warning About: W97M/Passbox.q Macro Virus
Report From: NAI
* Release Note: This Word 97 macro virus contains a module
named Kesseler, which infects the global Normal.dot template
on machines which do not have SP1 installed. Read the complete
report for removal instructions and AVERT recommendations.
* Click here for NAI Report Number k=98835
Date: September 21, 2000
Platform: CiscoSecure ACS for Windows NT Server
Warning About: Cisco CiscoSecure ACS Vulnerability
Report From: CIAC
* Release Note: Multiple vulnerabilities exist in the
CiscoSecure ACS software for Windows NT Server. The potential
vulnerabilities can allow denial of service, loss of data,
and compromise of a server. Read the complete bulletin for
software versions and fixes
* Click here for CIAC Bulletin K-071
Date: September 21, 2000
Platform: Windows PC
Warning About: VBS/LoveLetter.bi VBScript Worm
Aliases: IRC/LoveLetter.bi, VBS/Party
Report From: NAI
* Release Note: This is a VBScript Internet worm that travels
via Outlook and mIRC. This worm may arrive by email. Read
the complete report for Avert's recommendations, and removal
instructions.
* Click here for NAI Report Number k=98833
Date: September 21, 2000
Platform: Windows PC
Warning About: W97M/Crono.a Macro Virus
Report From: NAI
* Release Note: This virus is detected by current engine and DAT
files as W97M/Univ.gen. This is a class module macro virus for
Word97/2000 documents and templates. It does not have a damaging
payload. It lowers the macro warning options in Word. Read
the complete report for Avert's recommendations, and removal
instructions.
* Click here for NAI Report Number k=98834
Date: September 21, 2000
Platform: Windows PC
Updated SDAT: Sdat 4096 Upgrade Available
Report From: NAI
* Release Note: PC Virus Definition And Scan Engine. Upgrade
(sdat) version 4096 is now available for PC VirusScan. Visit
Network Associates for all versions.
Click here for NAI Sdat 4096 Upgrade Available
Date: September 20, 2000 * Updated from 16-Sep-2000
Platform: Windows PC
Warning About: VBS/Netlog.worm.g VBScript Worm Virus
Aliases: VBS/A24.worm
Report From: NAI
* Release Note: This VBScript is designed to delete files, if
present, which are created by VBS/Netlog.worm. Read the
complete report for Avert's recommendations, and removal
instructions.
* Click here for NAI Report on VBS/Netlog.worm.g
Date: September 20, 2000
Platform: Windows PC
Warning About: VBS/Funny.b Internet Worm
Aliases: VBS/FunnyStory
Report From: NAI
* Release Note: This is a VBScript worm with virus qualities.
This worm will arrive in an email message. If the user runs
the attachment the worm runs using the Windows Scripting Host
program. Read the complete report for Avert's recommendations,
and removal instructions.
* Click here for NAI Report on VBS/Funny.b
Date: September 20, 2000 * Updated from 17-Sep-2000
Platform: Win32 Systems
Warning About: MTX Worm, Virus and Backdoor
Report From: F-Secure
* Release Note: The virus has an unusual structure. It consists
of three different components that are run as standalone
programs (Virus, email Worm and Backdoor). The virus is main
component, it keeps worm and backdoor programs in its code in
compressed form. While infecting the system it extracts and
spawns them. It spreads under Win32 systems - virus component
infects Win32 executable files, attempts to send email messages
with infected attachments, as well as installs backdoor
component to download and spawn "plugins" on an affected system.
* Click here for F-Secure Report on MTX Worm, Virus and Backdoor
Date: September 20, 2000
Platform: PC
Warning About: Funny, Funny.A Worm
Aliases: I-WORM.Funny, VBS/Funny
Report From: F-Secure
* Release Note: Funny worm spreads in a similar way as
LoveLetter. All three known variants of this worm drop, run
and delete a binary file Startx.exe that is a password stealing
trojan detected by F-Secure Anti-Virus as 'Trojan.PSW.Hooker.24.e'.
This trojan is run if the virus found a UBS banking software
installed on the victims machine. Otherwise it replicates as a
worm.
* Click here for F-Secure Report on Funny, Funny.A Worm
Date: September 18, 2000
Platform: Windows 95/98/NT 4.0/NT 2000
Warning About: Alt-N MDaemon 3.1.1 DoS Vulnerability
Report From: Security Focus
* Release Note: Alt-N MDaemon 3.1.1 is subject to a denial of
service. If a remote user requests a specially crafted URL
to the web services within MDaemon the service will crash.
A restart of the service is required in order to gain normal
functionality.
* Click here for SF Report on Alt-N MDaemon DoS Vulnerability
Date: September 17, 2000
Platform: Win32 Systems
Warning About: MTX Worm, Virus and Backdoor
Report From: F-Secure
* Release Note: The virus has an unusual structure. It consists
of three different components that are run as standalone
programs (Virus, email Worm and Backdoor). The virus is main
component, it keeps worm and backdoor programs in its code in
compressed form. While infecting the system it extracts and
spawns them. It spreads under Win32 systems - virus component
infects Win32 executable files, attempts to send email messages
with infected attachments, as well as installs backdoor
component to download and spawn "plugins" on an affected system.
* Click here for F-Secure Report on MTX Worm, Virus and Backdoor
Date: September 16, 2000
Platform: Windows 95/98/NT
Warning About: Sambar Server (BETA) Search CGI Vulnerability
Report From: Security Focus
* Release Note: Certain beta versions of this software ship
with a vulnerability in the search.dll which allows remote
attackers to view the contents of the SAMBAR Server, such
as mail folders etc.
* Click here for SF Report on Sambar Server CGI Vulnerability
Date: September 16, 2000
Platform: Windows 95/98/NT
Warning About: CamShot Remote Buffer Overflow Vulnerability
Report From: Security Focus
* Release Note: CamShot works with Video For Windows compatible
video equipment. Certain trial versions of this software
contain a possibly exploitable remote buffer overflow by way
of a overly long user supplied Authorization password.
* Click here for SF Report on CamShot Remote Buffer Overflow
Date: September 16, 2000
Platform: Windows PC
Warning About: VBS/A24.worm VBScript Worm
Report From: NAI
* Release Note: This VBScript is designed to delete some files,
if present, which were created by VBS/Netlog.worm. Read the
complete bulletin for info and removal instructions.
* Click here for NAI Report on VBS/A24.worm
Date: September 16, 2000
Platform: Windows PC
Warning About: W97M/Fool.k * Update of W97M/Init Virus
Report From: NAI
* Release Note: This is a Word 97 polymorphic macro virus with
a Windows Scripting Host component. Infected documents contain
a module named "Init". Opening this file drops two files on
your hard disk. Read the complete bulletin for removal
instructions and Avert's recommended updates.
* Click here for NAI Report on W97M/Fool.k
Date: September 16, 2000
Platform: Windows PC
Warning About: I-Worm.Funny Virus
Report From: Kaspersky Lab
* Release Note: Kaspersky Lab, an international anti-virus
software vendor reports the detection of another Internet-worm
"I-Wormunny". The virus has been reported to be "in-the-wild"
in Swiss. This is an Internet worm written in the scripting
language Visual Basic Script (VBS). The worm uses MS Oulook to
spead its copies by email.
* Click here for KLab's Report on I-Worm.Funny Virus
Date: September 15, 2000
Platform: Windows PC
Warning About: W97M/Init Virus
Report From: NAI
* Release Note: This is a Word 97 polymorphic macro virus with
a Windows Scripting Host component. Infected documents contain
a module named "Init". Opening this file drops two files on
your hard disk. Visit NAI for method of infection, and removal
instructions.
* Click here for NAI Report on W97M/Init Virus
Date: September 15, 2000
Platform: Windows PC
Warning About: VBS/Quatro.a Virus
Report From: NAI
* Release Note: This is a destructive virus written in VBScript.
It plays on social engineering in an effort to get executed.
It requires Windows Scripting Host in order to execute. It
arrives via Outlook as an attachment named UPDATE.VBS. This
virus carries a file deletion payload which will remove all
files from all subfolders on all drives. Visit NAI for method
of infection, and removal instructions.
* Click here for NAI Report on VBS/Quatro.a Virus
Date: September 15, 2000
Platform: Windows 2000 Professional Server or Advanced Server
Warning About: SSL Upgrade May Block Accessing Secure Web Pages
Report From: MSNBC Bug of the Day
* Release Note: BugNet says If you upgrade a 40-bit SSL
certificate to a 128-bit SSL certificate from VeriSign on a
Windows 2000 Professional, Server, or Advanced Server computer,
you may not be able to use a 40-bit Netscape browser to connect
to secure web pages.
* Click here for MSNBC Article on SSL Upgrade
Date: September 15, 2000
Platform: MS Windows 2000
Patch Available: Telnet Client NTLM Authentication Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates
a security vulnerability in the telnet client that ships
with Microsoft Windows 2000. The vulnerability could, under
certain circumstances, allow a malicious user to obtain
cryptographically protected logon credentials from another
user.
* Click here for MS Security Bulletin MS00-067
Date: September 14, 2000
Platform: MS Windows
Warning About: W32/ExploreZip.worm.f Worm
Report From: NAI
* Release Note: This variant was found September 13, 2000.
Current .DAT files detect this version of the Internet worm
as a variant, thus removal requires 4096. This worm attempts
to invoke the MAPI aware email applications as in MS Outlook,
MS Outlook Express and MS Exchange.
* Click here for NAI Report on W32/ExploreZip.worm.f Worm
Date: September 14, 2000
Platform: Microsoft Outlook 98, Outlook 2000 and Outlook
Express that comes with Internet Explorer 5
Warning About: VBS/Bubbleboy Worm
Aliases: Seinfeld, BBV
Report From: F-Secure
* Release Note: VBS/Bubbleboy is the very first worm that is
able to spread via e-mail without opening an attacht. It
executes immediately after the user has opened the message
in Outlook. Even viewing the message in Outlook Express
"Preview Panel" causes the execution.
* Click here for F-Secure Report on VBS/Bubbleboy Worm
Date: September 14, 2000
Platform: Windows 95/98
Warning About: Kak Worm
Report From: F-Secure
* Release Note: Kak is a worm that embeds itself without any
attachment to every e-mail sent from the infected system.
Kak is written in JavaScript and it works on both English and
French versions of Windows 95/98 if Outlook Express 5.0 is
installed. The worm uses a known security vulnerability that
is in Outlook Express.
* Click here for F-Secure Report on Kak Worm
Date: September 14, 2000 *Updated from 18-Aug-2000
Platform: Windows System
Warning About: VBS/LoveLetter VBScript Worm
Report From: F-Secure
* Release Note: VBS/LoveLetter is a VBScript worm. It spreads
through e-mail as a chain letter. You can protect yourself
against VBScript worms by uninstalling the Windows Script Host.
* Click here for F-Secure Report on VBS/LoveLetter Worm
Date: September 14, 2000
Reported: September 12, 2000
Platform: Windows 2000 Viruses
Warning About: Alternate Data Streams of the NTFS File System
Report From: Kaspersky Lab
* Release Note: On Sept 4th, KLab released a warning about the
appearance of the W2K.Stream virus, the first known malicious
code, which uses the alternate data streams (ADS) of the NTFS
file system. Unfortunately, many anti-virus companies worldwide
did not recognise this as a serious problem and mislead their
users by classifying the threat as a low. KL emphasises once
more, that viruses in ADS are a serious threat, and should not
be underestimated. KL states, "Taking this into account, we
have already added the anti-virus support for NTFS alternative
streams to Kaspersky Anti-Virus 3.5 (AVP), which will be
released this week."
* Click here for Kaspersky Lab News Updates
Date: September 14, 2000
Reported: September 11, 2000
Platform: MS Windows 2000
Warning About: Windows 2000 Service Pack 1 Installation
Report From: MSNBC Bug of The Day
* Release Note: Windows 2000 SP1 installation order matters a
lot. BugNet says if you are installing Windows 2000 Service
Pack 1, and you are using Windows 2000 Terminal Services,
the order in which you do things is important. Read how to
properly install this package.
* Click here for MSNBC Report on Installing Service Pack 1
Date: September 14, 2000
Reported: September 7, 2000
Platform: Microsoft's Internet Explorer 5.5
Warning About: IE 5.5 Exploit Evades Security Feature
Report From: ZDNet News
* Release Note: The latest in a long line of bugs to hit MSIE,
will allow unauthorised access to files on a victim's computer,
according to respected Bulgarian bug-hunter, Georgi Guninski.
The "IE 5.5 Cross Frame security vulnerability" uses JavaScript,
a Web page scripting language, to bypass security features built
into Internet Explorer. It allows the contents of a file to be
sent back to Web server when a page containing the mischievous
JavaScript is visited.
* Click here for ZDNet Report on IE 5.5 Security
Date: September 14, 2000
Reported: September 11, 2000
Platform: Windows System
Warning About: Scrambler Worm-Virus, W32/Scrambler.worm.e
Aliases: IWorm_Scrambler, I-Worm.Scrambler
Warning About: Variant Scrambler.A
Aliases: Scooter, I-Worm.Scooter, MP3 virus
Report From: F-Secure and NAI
* Release Note: Scrambler spreads itself in e-mail attachments,
sends its copies to IRC channels, and infects Windows EXE
files on the local machine. The worm itself is a Windows PE
executable, about 70Kb long and it is written in MS Visual C++.
* Click here for F-Secure Report on Scrambler Worm-Virus
* Click here for NAI Report on W32/Scrambler.worm.e
Date: September 14, 2000
Reported: September 11, 2000
Platform: MS Windows 2000
Patch Available: Malformed RPC Packet Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates
a security vulnerability in Microsoft. Windows 2000. The
vulnerability could allow a malicious user to cause a Denial
of Service on a Windows 2000 computer.
* Click here for MS Security Bulletin MS00-066
Date: September 08, 2000
Platform: Windows System
Warning About: Nowobbler Worm
Variant: Nowobbler.A
Report From: F-Secure and NAI
* Release Note: Nowobbler is a mass mailing worm, written in
both JScript and VBScript. The worm spreads in Outlook
messages. When executed, the worm shows the Wobbler hoax
text. The Nowobbler Worm spreads the Wobbler Virus Hoax
message within itself. Visit the Nowobbler Worm warning
page, and the Wobbler Hoax page for more information.
* Click here for NAI Report on JS/Wobble.worm
* Click here for F-Secure Report on Nowobbler Worm
* Click here for F-Secure Report on Wobbler Virus Hoax
Date: September 08, 2000
Platform: Windows 9x Systems
Warning About: W95/Butano Trojan
Report From: NAI
* Release Note: This trojan consists of a large file and when
run, it drops two smaller files - one is a batch file and
the other is a system reboot program. Visit NAI for method
of infection, and removal instructions.
* Click here for NAI Report on W95/Butano Trojan
Date: September 08, 2000
Platform: Windows 9x Systems
Warning About: Backdoor-HD Trojan
Report From: NAI
* Release Note: This Windows 9x/NT Internet Backdoor trojan,
when running, allows anyone running the appropriate client
software to perform various functions on your PC. They could
log you off your machine, swap your left/right mouse buttons,
open/close your CD-ROM drive, and simulate a virus warning.
Visit NAI for method of infection, and removal instructions.
* Click here for NAI Report on Backdoor-HD Trojan
Date: September 08, 2000
Platform: MS Windows 2000
Patch Available: Still Image Service Privilege Escalation
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates
a security vulnerability in Microsoft Windows 2000. The
vulnerability could allow a user logged onto a Windows 2000
machine from the keyboard to become an administrator on the
machine. The Still Image Service is not installed by default,
but is automatically installed, via plug-n-play, when a user
attaches a still image device (i.e. digital camera, scanner,
etc.) to a Windows 2000 host.
* Click here for MS Security Bulletin MS00-065
Date: September 07, 2000
Platform: PC
Warning About: Stream Virus
Aliases: Win2k_Stream, Win2K.Stream
Report From: F-Secure
* Release Note: The Win2k.Stream virus was not found in the
wild at the moment of creation of this description.
The Win2k.Stream is the first known Windows virus using
"stream companion" infection method. That method is based on
NTFS feature that allows to create multiple data streams
associated with a file.
* Click here for F-Secure Report on Stream Virus
Date: September 07, 2000
Platform: PC
Warning About: Donald Duck Trojan
Aliases: Erap
Report From: F-Secure
* Release Note: Since September 5th there has been information
in the media about a trojan called Donald Duck, which is said
to spread with a variant of the Love Letter worm. F-Secure is
not aware of such a variant of Love Letter. Instead there has
been a hacker attack against an ISP in the Philippines. The
hackers are spreading two known trojans called "donald.exe"
and "erap.exe" as attachments These files are detected by
F-Secure Anti-Virus as SubSeven.backdoor.v213 and
Trojan.PSW.Barok.c.
* Click here for F-Secure Report on Donald Duck Trojan
Date: September 06, 2000
Platform: PC
Warning About: W95/Heathen.b Virus
Aliases: W97M/Heathen.b
Report From: NAI
* Release Note: This virus was discovered by Virus Patrol
Sept 5, 2000 posted to newsgroups as the file FORM.DOC.
This is a variant to W95/Heathen family. This virus will
infect PE files and also run as a process to infect Word
documents and templates. Read the complete warning, for
removal instructions and AVERT's recommended updates.
* Click here for NAI Report on W95/Heathen.b Virus
Date: September 06, 2000
Platform: MS Windows Media Services
Patch Available: Unicast Service Race Condition Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates
a security vulnerability in Microsoft. Windows Media Services.
The vulnerability could allow a malicious user to prevent an
affected server from providing useful service.
* Click here for MS Security Bulletin MS00-064
Date: September 05, 2000
Platform: MS Internet Information Server (IIS)
Patch Available: Invalid URL Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates
a security vulnerability in Microsoft Internet Information
Server (IIS). The vulnerability could enable alicious user
to prevent an affected web server from providing useful
service.
* Click here for MS Security Bulletin MS00-063
Date: September 05, 2000
Platform: PC
Warning About: Footer Word Macro Virus
Report From: F-Secure
* Release Note: Footer.S is a minor variant of Footer.A
that is functionally identical with it. While spreading,
Footer.A creates two files. The virus activates by
overwriting the footer area in opened documents.
* Click here for F-Secure Report on Footer Macro Virus
Date: September 04, 2000
Platform: MS Windows 2000
Warning About: W2K.Stream WNT/Stream, Win2K.Stream Virus
Report From: Kaspersky Lab and NAI
* Release Note: Kaspersky Lab has report on a new generation
of Windows 2000 viruses, streaming towards PC users. They
announced today, the discovery of W2K.Stream virus, which
represents a new generation of malicious programs for Windows
2000. This virus uses a new breakthrough technology based on
the "Stream Companion" method for self-embedding into the
NTFS file system. The virus originates from the Czech Republic
and was created at the end of August by the hackers going by
the pseudonyms of Benny and Ratter. Read the complete article.
NAI has removal instructions and AVERTs recommended updates.
* Click here for Kaspersky Report on W2K.Stream Virus
* Click here for NAI Report on WNT/Stream Virus
Date: September 04, 2000
Platform: MS Windows
Warning About: W32/Apology Executable File Virus
Report From: Sophos
* Release Note: W32/Apology is a file infecting virus with
email-aware worm and backdoor characteristics. The virus
replaces wsock32.dll with a modified version which monitors
network traffic, among other things. This was detected by
Sophos Anti-Virus version 3.38 or later. Read complete report.
* Click here for Sophos Report on W32/Apology File Virus
Date: September 04, 2000
Platform: MS Windows
Warning About: WM97/Verlor-I Word 97 Macro Virus
Report From: Sophos
* Release Note: WM97/Verlor-I is a reworking of WM97/Verlor-A.
It is a Word macro virus which uses a number of "stealth"
techniques to try and hide itself. This was detected by
Sophos Anti-Virus version 3.38 or later. Read complete report.
* Click here for Sophos Report on WM97/Verlor-I Virus
Date: September 03, 2000
Reported: August 31, 2000
Platform: MS Windows 9x
Warning About: BackDoor-HA Internet Backdoor Trojan
Report From: NAI
* Release Note: This is a Windows 9x Internet Backdoor trojan.
The Visual Basic 6.0 Runtime Module is required to execute
this file. When running it gives access to the system over
the Internet to anyone running the appropriate client
software. The NAI report, contains the removal instructions
and recommended updates.
* Click here for NAI Report on BackDoor-HA
Date: September 03, 2000
Reported: August 28, 2000 * Updated aliases
Platform: MS Windows 9x
Warning About: BackDoor-GZ Internet Backdoor Trojan
Aliases: BackDoor-GZ.svr, W32/NewsTick
Report From: NAI
* Release Note: This is a Windows 9x Internet Backdoor trojan.
When running it gives full access to the system over the
Internet to anyone running the appropriate client software.
The application hides itself from the Win9x task manager.
Visit the NAI link, for removal instructions.
* Click here for NAI Report on BackDoor-GZ
Date: September 01, 2000
Platform: Microsoft Word Documents
Warning About: MS Word Vulnerable to Electronic Spy Web Bugs
MS Word Documents, Among Others, Can Be Bugged
Report From: Hacker Whacker Remote Computer Network Security
* Release Note: There are a couple of article links on the
Hacker Whacker site, that invloves Microsoft Word Documents.
* Click here for Hacker Whacker Sept 1 Articles
Top of Page
Macintosh
No virus warnings or alerts
Top of Page
Linux
Date: September 26, 2000
Platform: Red Hat Linux
Warning About: Red Hat Security Update To glint
Report From: Linux Daily News
* Release Note: Red Hat has issued a security update to glint
which fixes a symlink vulnerability in that package. Glint is
only present on 5.x versions of the distribution.
* Click here for LWN Red Hat Security Update To glint
Date: September 25, 2000
Platform: Caldera Linux
Warning About: Caldera Security Update To LPRng
Report From: Linux Daily News
* Release Note: Caldera Systems has issued a security update to
the LPRng print system which fixes a format string vulnerability.
This problem is potentially exploitable remotely, so an upgrade
is highly recommended.
* Click here for LWN Caldera Security Update To LPRng
Date: September 25, 2000
Platform: Linux-Mandrake
Warning About: Linux-Mandrake Security Update To sysklogd
Report From: Linux Daily News
* Release Note: MandrakeSoft has issued a new security update to
sysklogd which supersedes the original, September 18 update.
This version includes an additional fix that is worth having.
* Click here for LWN Linux-Mandrake Security Update To sysklogd
Date: September 19, 2000
Platform: Caldera Linux
Warning About: Caldera Security Update To syslog
Report From: Linux Daily News
* Release Note: It's Caldera's turn to put out a security
update to syslog fixing the format string problem.
* Click here for LWN Caldera Security Update To syslog
Date: September 19, 2000
Platform: Debian Linux
Warning About: Debian Security Update To syslog
Report From: Linux Daily News
* Release Note: Here is the Debian Project's security update to
syslog fixing the format string vulnerability.
* Click here for LWN Debian Security Update To syslog
Date: September 19, 2000
Platform: Red Hat Linux
Warning About: Red Hat Security Update To syslog
Report From: Linux Daily News
* Release Note: Here is Red Hat's security update to syslog
fixing the nasty format string vulnerability in that package.
An upgrade is strongly recommended. Linux Weekly News, has
a thankyou to Seth Vidal.
* Click here for LWN Red Hat Security Update To syslog
Date: September 19, 2000
Platform: Slackware and MandrakeSoft Linux
Warning About: Syslog Security Updates From Slackware
and MandrakeSoft
Report From: Linux Daily News
* Release Note: Fixes for the unpleasant syslog format string
vulnerability have wandered in from Slackware and MandrakeSoft.
Again, this is a good fix to apply sooner rather than later.
* Click here for LWN Syslog Security Updates From Slackware
* Click here for LWN Syslog Security Updates From MandrakeSoft
Date: September 19, 2000
Platform: FreeBSD Linux
Warning About: Security Update For mailman and pine
Report From: Linux Daily News
* Release Note: FreeBSD issued advisories with updates for
mailman and pine4. Note that the packages referenced in these
advisories have been available for a couple of months - the
advisories are more than a bit late coming out.
* Click here for LWN Security Update For mailman
* Click here for LWN Security Update For pine
Date: September 19, 2000
Platform: FreeBSD Linux
Warning About: Security Advisory For eject
Report From: Linux Daily News
* Release Note: FreeBSD has issued a security advisory for
eject after an internal audit found ways that this setuid
root program can be used locally to gain root privileges.
They've provided updates packages for FreeBSD. This problem
is not limited to FreeBSD, so advisories from other BSD
and Linux distributors can be expected to follow.
* Click here for LWN FreeBSD Security Advisory For eject
Date: September 19, 2000
Platform: FreeBSD Linux
Warning About: Updated listmanager Packages
Report From: Linux Daily News
* Release Note: FreeBSD also put out updated listmanager
packages. Listmanager is not Open Source software, but is
freely distributable. The author has reported locally
exploitable buffer overflow vulnerabilities in versions
previous to 2.105.1.
* Click here for LWN FreeBSD Updated listmanager Packages
Date: September 19, 2000
Platform: FreeBSD Linux
Warning About: Security Update For xchat
Report From: Linux Daily News
* Release Note: FreeBSD has issued updated xchat packages to
fix the vulnerability in xchat prior to 1.4.3.
* Click here for LWN FreeBSD Security Update For xchat
Date: September 19, 2000
Platform: FreeBSD Linux
Warning About: Security Update For screen
Report From: Linux Daily News
* Release Note: FreeBSD issued a security advisory for screen
with information on getting and installing the updated
screen packages they made available on September 1st.
* Click here for LWN FreeBSD Security Update For screen
Date: September 19, 2000
Platform: Immunix Linux
Warning About: Security Update for klogd/sysklogd
Report From: Linux Daily News
* Release Note: Immunix has put out updated sysklogd packages.
This is a potentially remotely exploitable vulnerability, so an
immediate upgrade is strong recommended.
* Click here for LWN Immunix Security Update for klogd/sysklogd
Date: September 19, 2000
Platform: Immunix Linux
Warning About: Security Update for glibc
Report From: Linux Daily News
* Release Note: Updates for glibc are now available for Immunix
as well. Immunix is a Linux distribution, based on Red Hat 6.2,
in which all the applications have been compiled with StackGuard
to protect against buffer overflows.
* Click here for LWN Immunix Security Update for glibc
Date: September 19, 2000
Platform: SuSE Linux
Warning About: SuSE Security Update To syslog
Report From: Linux Daily News
* Release Note: Here is SuSE's security update to syslog fixing
the format string vulnerability in that package.
* Click here for LWN SuSE Security Update To syslog
Date: September 18, 2000
Platform: Linux
Warning About: Conectiva Security Update To sysklogd
Report From: Linux Daily News
* Release Note: Conectiva has issued an update to sysklogd which
fixes a couple of format string vulnerabilities in that package.
Syslog, of course, runs on almost every Linux system out there,
and this problem, apparently, has the potential to be remotely
exploitable. Thus an upgrade is best done sooner rather than later.
* Click here for LWN Security Update To sysklogd
Date: September 17, 2000
Platform: Linux
Warning About: Stable kernel prepatch 2.2.18pre9
Report From: Linux Daily News
* Release Note: Stable kernel prepatch 2.2.18pre9 has been
released. This one contains a bunch of new USB updates and
the long-awaited NFS updates.
* Click here for LWN Stable kernel prepatch 2.2.18pre9
Date: September 16, 2000
Platform: Linux
Warning About: Stable kernel prepatch 2.2.18pre8
Report From: Linux Daily News
* Release Note: Stable kernel prepatch 2.2.18pre8 has been
released. This one, among other things, fixes the compile
problems that some people experienced with -pre7.
* Click here for LWN Stable kernel prepatch 2.2.18pre8
Date: September 16, 2000
Platform: Red Hat Linux
Warning About: Security Update To Screen
Report From: Linux Daily News
* Release Note: Red Hat has issued a security update to screen
which fixes a format string vulnerability in that package.
The problem only affects 5.2 and earlier releases.
* Click here for LWN Security Update To Screen
Date: September 16, 2000
Platform: Debian Linux
Warning About: Phase Out Security Support For 2.1
Report From: Linux Daily News
* Release Note: The Debian Project has announced its intent to
phase out security support for the 2.1 (slink) distribution.
Their expectation is that most users have already upgraded
to 2.2. They are looking for feedback on the idea, so now is
the time to scream if this idea bothers you.
* Click here for LWN Phase Out Security Support For 2.1
Date: September 14, 2000
Platform: Slackware Linux
Warning About: Security Update To xchat
Report From: Linux Weekly News
* Release Note: An input validation bug was found to affect
Slackware Linux 7.0, 7.1, and current. Slackware's security
update to xchat fixes the vulnerability in that package.
* Click here for LWN Security Update To xchat Report
Date: September 14, 2000
Platform: Linux Red Hat
Warning About: Security Update To xpdf
Report From: Linux Weekly News
* Release Note: Red Hat's security update to xpdf fixes the
problems with temporary file and malicious URLs.
* Click here for LWN Security Update To xpdf Report
Date: September 14, 2000
Platform: Linux Mandrake
Warning About: Security Update To mod_php3
Report From: Linux Weekly News
* Release Note: MandakeSoft has issued a security update to
the Apache PHP3 module. There is not, however, a problem with
PHP itself; instead, many scripts which process file uploads
have a bug which can allow them to be subverted. The update
provides a new function which makes it easier to write secure
PHP code. Anybody using PHP for file uploads should have a
look at this advisory.
* Click here for LWN Security Update To mod_php3 Report
Date: September 14, 2000
Reported: September 12, 2000
Platform: Linux Mandrake
Warning About: Bug in PAM modules: pam_smb and pam_ntdom
Report From: Security Focus
* Release Note: Both PAM modules are pluggable authentication
modules that allow authentication of usernames and passwords
in PAM-compatible environments against Windows and Samba.
Both modules contain remotely exploitable stack buffer
overflows. This bug allows an attacker to execute arbitary
code as root.
* Click here for SF Advisory MDKSA-2000:047
Date: September 14, 2000
Reported: September 11, 2000
Platform: Linux Mandrake
Warning About: Linux Mandrake mod_perl update
Report From: Security Focus
* Release Note: The configuration file, mod_perl.conf,
contained an Options directive that was not entirely secure
and allowed people to browse the perl directory.
* Click here for SF Advisory MDKSA-2000:046
Date: September 14, 2000
Reported: September 11, 2000
Platform: Linux
Warning About: Stable kernel prepatch 2.2.18pre5 Available
Report From: Linux Weekly News
* Release Note: Stable kernel prepatch 2.2.18pre5 has been
released. It contains a fair number of new updates, and a
backport of the MSR/CPUID driver from the development kernel.
* Click here for LWN prepatch 2.2.18pre5 Report
Date: September 14, 2000
Reported: September 11, 2000
Platform: Apache as shipped with SuSE 6.0 through SuSE 7.0
Warning About: SuSE Security Update To Apache
Report From: Linux Weekly News
* Release Note: SuSE issued an advisory reporting configuration-
based security problems with Apache, as shipped with SuSE 6.0
through SuSE 7.0. The misconfigurations could allow CGI source
code to be made visible and allow files on the webserver to be
modified, if WebDAV has been installed.
* Click here for LWN SuSE Security Update To Apache
Date: September 14, 2000
Reported: September 11, 2000
Platform: Linux-Mandrake
Warning About: Security Update for mod_perl
Report From: Linux Weekly News
* Release Note: Linux-Mandrake has issued a security advisory
and updated packages to fix a configuration-based security
problem in mod_perl.
* Click here for LWN Linux-Mandrake Update for mod_perl
Date: September 14, 2000
Reported: September 11, 2000
Platform: Linux
Warning About: Security Update for pam_smb
Report From: Linux Weekly News
* Release Note: Conectiva has put out an advisory reporting a
buffer overflow in pam_smb that could be used to gain root
privileges. This affects pam_smb 1.1.5 and earlier. Updated
packages for pam_smb 1.1.6 have been provided.
* Click here for LWN Security Update for pam_smb
Date: September 14, 2000
Reported: September 11, 2000
Platform: SuSE Linux
Warning About: Security Update For Screen
Report From: Linux Weekly News
* Release Note: Here is SuSE's advisory and updates to screen
3.9.5 in response to last week's report of a format string
vulnerability that could be used by a local user to gain
root privileges.
* Click here for SuSE Advisory at SecurityFocus
Date: September 14, 2000
Reported: September 11, 2000
Platform: SuSE Linux
Warning About: SuSE Issues glibc Security Update
Report From: Linux Weekly News
* Release Note: SuSE issued their glibc advisory on Wednesday,
September 6th, with fixes for both the ld.so environment
variable vulnerability and the locale format string
vulnerability. Unfortunately, the suse-security-announce
mailing list appears to be having problems. We picked this
up on BugTraq rather than receiving it directly from SuSE.
* Click here for LWN glibc Security Update
Date: September 14, 2000
Reported: September 10, 2000
Platform: Debian GNU/Linux 2.2
Warning About: Security Updates to horde and imp
Report From: Linux Weekly News
* Release Note: imp as distributed in Debian GNU/Linux 2.2,
suffered from insufficient checking of user supplied data.
* Click here for LWN Security Updates to horde and imp
Date: September 14, 2000
Reported: September 10, 2000
Platform: Debian GNU/Linux 2.2
Warning About: Security Update to xpdf
Report From: Linux Weekly News
* Release Note: xpdf as distributed in Debian GNU/Linux 2.2,
suffered from two problems. Both problems have been fixed in
version 0.90-7, and we recommend you upgrade your xpdf package
immediately.
* Click here for LWN Security Update to xpdf
Date: September 14, 2000
Reported: September 8, 2000
Platform: Apache Web server in SuSE Linux
Warning About: SuSE Linux Apache Vulnerabilities Identified
Report From: Linux Weekly News
* Release Note: LWN reported on Sept 8th, that two SuSE Linux
Apache Vulnerabilities Identified. ZDNet reports on two security
problems with SuSE's version of Apache. Both are difficulties
with the default configuration. "One vulnerability allows a
malicious user to read passwords and discern network structure,
while the other allows a malicious user to create or browse file
directories on a Web server."
* Click here for ZDNet Report on SuSE Apache Vulnerabilities
Date: September 14, 2000
Reported: September 11, 2000
Platform: OpenLinux Desktop 2.3, eServer 2.3, eBuilder
and eDesktop 2.4
Warning About: Security problems in xpdf
Report From: Caldera Systems
* Release Note: There are two security problems in xpdf,
the PDF file viewer. The first is that temporary files
were created insecurely. The second problem is that xpdf
was not cautious enough when the user clicked on a URL.
* Click here for Caldera Advisory CSSA-2000-031.0
Date: September 07, 2000
Platform: Internet-connected host computers, all of them running
the Linux operating system.
Warning About: Denial-Of-Service Tool On Network Hosts
Report From: SANS and NewsBytes
* Release Note: Steven Bonisteel of Newsbytes, syas in part,
"A computer-security company is warning network administrators
to watch out for new rogue software capable of playing the role
of foot soldier in denial-of-service attacks against Internet
servers. X-Force, the research-and-development arm of
Atlanta-based Internet Security Systems Inc., reported today
that the software, being called "Trinity v3," has so far been
found secreted on 400 Internet-connected host computers, all
of them running the Linux operating system." To read the
complete story, visit either of these links
* Click here for SANS link on DDoS Attack Targets Chat
* Click here for NewsBytes Sept 5th Article
Top of Page
Miscellaneous
Date: September 22, 2000
Platform: Palm PDA Operating System
Warning About: Phage Virus
PalmOS/Phage.963 Virus NAI report below
Aliases: PalmOS/Phage, Palm virus
Report From: F-Secure and NAI
* Release Note: PalmOS/Phage is the first real virus for the
Palm PDA operating system. It works by overwriting the
beginning of Palm executables. The host files are destroyed
in the process. Once one infected PRC file is transferred to
Palm, the virus keeps spreading to other Palm programs until
they are all infected (and destroyed). This very simple virus
does nothing else.
* Click for F-Secure Report on Phage Virus
Date: September 22, 2000
Platform: Palm OS Operating System
Warning About: Vapor Trojan
Aliases: PalmOS/Vapor
Report From: F-Secure
* Release Note: The is a trojan written for Palm OS operating
system. When activated, the trojan hides the installed
applications, but it does not destroy the applications
themselves. Read the complete report for removal instructions.
* Click for F-Secure Report on Vapor Trojan
Date: September 22, 2000 * Updated from 04-Sep-2000
Platform: 3COM Palm platform
Warning About: Liberty (Palm) Trojan
Aliases: Palm trojan, PALM/Liberty, Liberty Crack,
PalmOS/Liberty, Warez.prc, Crack 1.1
Report From: F-Secure
* Release Note: The LIBERTY.A is a simple trojan written for
the 3COM Palm platform, when activated the trojan deletes
all application files on the device. To remove the trojan
from PC, you can use F-Secure Anti-Virus. FSAV detects the
trojan with the updates since August 30, 2000. Read the
complete report for removal instructions.
* Click for F-Secure Report on Liberty (Palm) Update
Date: September 21, 2000
Platform: PalmOS PDA Device
Warning About: PalmOS/Phage.963 Virus
Aliases: Phage 1.0
Report From: NAI
* Release Note: When an infected application is run, the
screen is filled in dark gray box and then the program
terminates. This virus will infect all third party
applications on the PDA device. This virus overwrites the
1st section in the host .PRC file. Read the complete report
for removal instructions.
* Click here for NAI Report Number k=98836
Date: September 21, 2000
Platform: PalmOS PDA Device
Warning About: PalmOS/Vapor.741 Trojan
Aliases: Vapor 666
Report From: NAI
* Release Note: This is a Trojan designed for PalmOS. When
this Trojan is first run, all third party application
icons will disappear as if deleted. The files still exist
however their icon is now missing from the available
applications icons. Read the complete report for removal
* Click here for NAI Report Number k=98837
Date: September 21, 2000
Platform: Varied
Warning About: Various Vulnerabilities
Report From: Security Focus
* Release Note: September 21 saw a few reports on vaious
vunabilities. These being,
NetcPlus BrowseGate 2.80 DoS Vulnerability
Extent RBS ISP Directory Traversal Vulnerability
CiscoSecure ACS for Windows NT Buffer Overflow Vulnerability
CiscoSecure ACS for Windows NT Oversized TACACS+ Packet DoS Vulnerability
SuSE Installed Package Disclosure Vulnerability
* Click here for SF Reports for Sept 21st, 2000
Date: September 20, 2000
Platform: Digital (Compaq) TRU64/DIGITAL UNIX 5.0, 4.0f,
4.0e and 4.0d
Warning About: Compaq Tru64 kdebugd Remote Arbitrary File
Write Vulnerability
Report From: Security Focus
* Release Note: Compaq's Tru64 (formerly known as 'Digital Unix')
ships with a daemon that is vulnerable to a serious remote
attack. This can lead to a complete remote compromise of the
system if appropriate files are written to properly. This
vulnerability can also be used to read any file on the
filesystem.
* Click here for SF Report on Compaq Tru64 kdebugd Vulnerability
Date: September 16, 2000
Platform: The scans target the following services:
* sunrpc (e.g., portmap) on ports 111/udp and 111/tcp
* ftp on port 21/tcp
Warning About: Widespread Exploitation of rcp.statd
and wu-ftpd Vulnerabilities
Report From: CERT/CC Incident Notes
* Release Note: Recent reports involving intruder exploitation
of two vulnerabilities have involved very similar intruder
activity. The level of activity and the scope of the attacks
suggests that intruders are using scripts and toolkits to
automate attacks.
* Click here for CERT Incident Note IN-2000-10
Date: September 16, 2000
Platform: University of Washington Pine, S.u.S.E. Linux 6.1
Warning About: Pine Malformed Header DoS Vulnerability
Report From: Security Focus
* Release Note: If a message within a mailbox accessed by pine
has a malformed X-Keywords line, the client will crash without
visible reason when attempting to parse the mailbox file. This
is due to a bug in the c-client library, which is used for
parsing the mailbox files. The result of this being exploited
is a denial of service to the recipient of the email until the
malicious malformed message is removed.
* Click here for SF Report on Pine Malformed Header DoS
Date: September 16, 2000
Platform: FreeBSD
Warning About: Eject Buffer Overflow Vulnerability
Report From: Security Focus
* Release Note: Eject is a utility for ejecting the media from
a CD or optical disk. drive.eject contains several explotable
buffers which, upon overflow, can confer root privelege to
local users.
* Click here for SF Report on Eject Buffer Overflow
Date: September 15, 2000 * Revised with SGI patch information
Platform: Irix 6.2 - 6.5.8 and patched versions of the
telnet daemon in Irix 5.2 - 6.1
Warning About: IRIX telnetd Vulnerability
Report From: CIAC
* Release Note: A vulnerability exists in the telnet daemon
which can give an attacker remote root access. A remote
attacker could gain root privileges. SGI has released patches
for most of the affected platforms. Apply the patches or
fixes as outlined in the k-066a bulletin.
* Click here for CIAC Bulletin K-066a
Date: September 14, 2000
Platform: WebTV for Windows
Warning About: MS WebTV DoS Vulnerability
Report From: Security Focus
* Release Note: If a remote user sends a UDP packet to any
port in the 22701 - 22705 range, to a system running WebTV
for Windows, the system may crash entirely or at the least
the program will stop responding.
* Click here for SF Advisory on WebTV DoS Vulnerability
Date: September 14, 2000
Platform: Mobile Devices
Warning About: Tests Uncover Bluetooth Security Flaw
Report From: ZDNet IT Week
* Release Note: Security flaw allows eavesdroppers to listen
in on the digital exchange of data and determine the ID of
the user. Bluetooth, the short-range wireless networking
technology that will enable mobile devices to communicate
with each other, has a security flaw, according to
researchers at Lucent Technologies' Bell Labs in the US.
* Click for ZDNet Report on Bluetooth Security Flaw
Date: September 14, 2000
Platform: Customer of the Swedish furniture firm, IKEA
Warning About: IKEA In Another Security Blunder
Report From: ZDNet News
* Release Note: IKEA experienced a security blunder at its
online store this week, exposing the private details of
hundreds of customers online. A Web server configuration
error left a database file containing the customer
information temporarily unprotected an accessible to any
visitor to IKEA's Web site.
* Click for ZDNet Report on IKEA Security Blunder
Date: September 08, 2000
Platform: Hotmail Users
Warning About: Hotmail Flaw Puts E-Mail At Risk
Report From: MSNBC
* Release Note: A recently discovered security bug in Hotmail
may serve as a wakeup call to all Internet Explorer 4.x and
5.0 users. BugNet has verified a security vulnerability that
would allow a malicious user to usurp control of someone
elses Hotmail account, allowing the hacker to read and to
send e-mail from that account. Since Microsoft has issued
Service Packs and Upgrades for the Unauthorized Cookie Access
bug, this leaves the rest of the blame with Hotmail for their
lax security and authentication procedures. Read the complete
article for available fixes.
* Click for MSNBC Report on Hotmail Vulnerability
Date: September 04, 2000 * Updated from 30-Aug-2000
Platform: 3COM Palm platform
Warning About: Liberty (Palm), Warez.prc, Crack 1.1 Trojan
Report From: F-Secure
* Release Note: The LIBERTY.A is a simple trojan written for
the 3COM Palm platform, when activated the trojan deletes
all application files on the device. To remove the trojan
from PC, you can use F-Secure Anti-Virus. FSAV detects the
trojan with the updates since August 30, 2000.
* Click for F-Secure Report on Liberty (Palm) Update
Date: September 03, 2000
Platform: Miscellaneous
Warning About: Possible Hoax: Pokemon Pikachu worm/Trojan
Report From: Computer Virus Myths at Vmyths.com
* Release Note: On August 25, 2000, Vmyths.com reported
that the Pokemon Pikachu worm/Trojan, as reported by
Reuters reporter Richard Meares, who filed a newswire on
24 August about a deadly Pokemon worm, is a hoax. They
go on to say "The story sounded "new and urgent," yet the
facts indicate otherwise. It appears the press renamed a
months-old (and rarely seen) worm to increase its publicity
value." As of today, Sept 3rd, the warning still appears
to be legitament, and not a hoax, since it is still reported
as real, on sites like F-Secure. The best protection is to
keep your virus checking software up to date.
* Click here for Pokemon Virus Targets Kids Link
* Click here for Pokemon Pikachu worm/Trojan Hoax Link
Date: September 02, 2000
Platform: SGI IRIX systems
Warning About: Vulnerability in SGI IRIX telnetd
Report From: CERT
* Release Note: The CERT/CC is receiving occasional reports
of intruders root compromising SGI IRIX systems via a
vulnerability in the telnetd daemon. The CERT/CC has
published an Incident Note discussing the activity.
* Click here for CERT Incident Note IN-2000-09
Date: September 01, 2000
Platform: Uncertain at time of vht-can Posting
Warning About: DonaldD.trojan Philippines Trojan Horse
Report From: NIPC
* Release Note: NIPC Watch Office received notification that
a Trojan horse was reported in the wild. This Trojan horse
is spread as an e-mail attachment with the President of the
Philippines Joseph Estrada's nickname ("erap estrada") in
the subject line. Once the attachment is opened the
DonaldD.trojan is executed and can be exploited to collect
user names and passwords from the victim.
* Click here for NIPC Trojan Horse Press Release
Date: September 01, 2000
Platform: Miscellaneous
Warning About: Security gaffe gores Bull's servers
Multiple exploitable vulnerabilities at Intacct.com
Developer unleashes Palm Trojan horse program
Cuddly Pokemon Virus Targets Kids
Report From: Hacker Whacker Remote Computer Network Security
* Release Note: There are a few article links on the Hacker
Whacker site, that invloves various computer platforms.
* Click here for Hacker Whacker Sept 1 Articles
Back to the Virus Archives page