Virus Warnings from February 2001
______________________________________________________________
[Jump to Amiga] [Jump to Windows] [Jump to Mac]
[Jump to Linux] [Jump to Misc]
______________________________________________________________
Amiga
No virus warnings for February 2001
Top of Page
Windows
Date: February 27, 2001
Platform: Microsoft
Warning About: W97M.Shepmah.G Virus
Report From: Norton / Symantec Security Updates
* Release Note: This is a Microsoft Word macro virus that spreads by
infecting Microsoft Word documents and the global template, Normal.dot.
* Click here for Report on W97M.Shepmah.G Virus
Date: February 27, 2001
Platform: MS Windows
Warning About: VBS.Phram Virus
Report From: Norton / Symantec Security Updates
* Release Note: VBS.Phram is a script written in the Visual Basic
Scripting language. However, the script has been put into an HTML file,
and it spreads as a file named e-Gen.html. When executed, the virus
displays a message in the Web browser. VBS.Phram also contains a macro
virus. Norton AntiVirus detects the macro virus as W97M.Phram.
* Click here for Report on VBS.Phram Virus
Date: February 27, 2001
Platform: Microsoft
Warning About: W97M.Phram Virus
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Phram is a macro virus that infects Microsoft Word
documents. It can also infect the global template, Normal.dot.
* Click here for Report on W97M.Phram Virus
Date: February 27, 2001
Platform: Microsoft
Warning About: VCard Virus Exploit
Aliases: Malformed vCard Exploit, VCF Virus
Report From: Network Associates
* Release Note: This is not a virus. This is a published exploit, first
mentioned in a BugTraq forum posting.
* Click here for Report on VCard Virus Exploit
Date: February 27, 2001
Platform: PC
Warning About: QSD23 Trojan
Report From: Network Associates
* Release Note: This is a tool used by someone maliciously to create many
files on the local hard drive. When run, this trojan displays graphical
user interface with a window title that includes "(Windows Bomber)".
* Click here for Report on QSD23 Trojan
Date: February 27, 2001
Platform: MS Windows 2000
Patch Available: Windows 2000 Event Viewer Contains Unchecked Buffer
Report From: MicroSoft TechNet Security
* Release Note: The Windows 2000 event viewer snap-in has an unchecked
buffer in a section of the code that displays the detailed view of
event records.
* Click here for MS Security Bulletin MS01-013
Date: February 27, 2001
Released: February 26, 2001
Platform: Microsoft Outlook, Outlook Express
Warning About: Microsoft Outlook VCard Unchecked Buffer Vulnerability
Report From: CIAC Bulletins
* Release Note: An unchecked buffer in the Virtual business card
application (VCard) could enable an attacker to run the code of his
choice.
* Click here for Bulletin Number L-050
Date: February 27, 2001
Released: February 23, 2001
Platform: MS Win 2000 Server, Advanced Server and Datacenter Server
Warning About: Microsoft "Malformed Request to Domain Controller"
Report From: CIAC Bulletins
* Release Note: A core service running only on Windows 2000 domain
controllers has a software flaw. This flaw affects system handling
of invalid service requests.
* Click here for Bulletin Number L-049
Date: February 27, 2001
Platform: PC
Warning About: VBSWG.Q@mm Worm
Report From: F-Secure
* Release Note: At February 16th, a variant of VBS/Onthefly is spreading
within messages that has German content, and includes Attachment:
r4mac.vbs When the attached file is executed, the worm will mail
itself to the each recipient in every address book. After mass mailing,
a key is added to the registry.
* Click here for F-Secure Report on VBSWG.Q@mm Worm
Date: February 27, 2001
Platform: PC using Gnutella peer-to-peer file sharing system
Warning About: Mandragore Worm
Aliases: GnutellaMandragore, Gnutella worm
Report From: F-Secure
* Release Note: GnutellaMandragore is a worm which spreads through the
Gnutella peer-to-peer file sharing system (which is somewhat similar to
Napster). If you're not using Gnutella, you're not at risk. Popular
programs to access Gnutella include ToadNode and BearShare.
For more information, see: http://www.exocortex.org/gnutella/
* Click here for F-Secure Report on Mandragore Worm
Date: February 27, 2001
Released: February 23, 2001
Platform: MS Microsoft Outlook
Warning About: Carnival Worm
Aliases: VBS/Carnival.A@mm
Variant: Carnival.A@mm
Report From: F-Secure, Network Associates and Symantec Security
* Release Note: Carnival is a mass-mailer (worm) written in Visual Basic
Script. It includes Attachment: Brazilian_Carnival.JPG.vbs The worm
activates when a user click on the attached file. It spreads to all
recipients written in Outlook address book.
* Click here for F-Secure Report on Carnival Worm
* Click here for NAI Report on VBS/Carnival@mm Worm
* Click here for Symantec Report on VBS.Carnival@mm Worm
Date: February 23, 2001
Platform: MS Windows 9.x / NT 4.0 / NT 2000
Warning About: Working Resources BadBlue 1.2.7 Path Disclosure
Vulnerability
Report From: Security Focus
* Release Note: Requesting a specially crafted URL to a machine running
Working Resources BadBlue, will disclose the physical path to the root
directory.
* Click here for Advisory on BadBlue Path Disclosure Vulnerability
Date: February 23, 2001
Platform: MS Windows 9.x / NT 4.0 / NT 2000
Warning About: Working Resources BadBlue 1.2.7 DoS Vulnerability
Report From: Security Focus
* Release Note: It is possible for a remote user to cause a denial of
service condition in Working Resources BadBlue.
* Click here for Advisory on BadBlue DoS Vulnerability
Date: February 23, 2001
Platform: MS Windows NT 2000 Server, Win NT 2000 Datacenter and
Win NT 2000 Advanced Server
Warning About: Microsoft Windows 2000 Domain Controller DoS Vulnerability
Report From: Security Focus
* Release Note: A denial of service condition exists in Windows 2000
domain controllers. Submitting numerous invalid requests to a domain
controller could cause the system to stop responding.
* Click here for Advisory on MS Win 2000 DoS Vulnerability
Date: February 23, 2001
Platform: Microsoft
Warning About: VBS.Eyemagic@mm Worm
Report From: Norton / Symantec Security Updates
* Release Note: VBS.Eyemagic@mm is a worm that attempts to spread using
mIRC (a popular chat client) and Microsoft Outlook. The worm itself is
detected as VBS.Eyemagic@mm, and the Script.ini file used to spread
via IRC is detected as IRC.Eyemagic.
* Click here for Report on VBS.Eyemagic@mm Worm
Date: February 23, 2001
Platform: Microsoft
Warning About: W97M.Black.G Virus
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Black.G is a macro virus that infects Word documents
by adding a "BLACKCURSE" module. It changes the Author and Title of all
infected documents. On August 31 it also prints out a message.
* Click here for Report on W97M.Black.G Virus
Date: February 23, 2001
Platform: Microsoft
Warning About: W97M.KPMV Worm
Report From: Norton / Symantec Security Updates
* Release Note: W97M.KPMV is a polymorphic macro virus that infects Word
documents when they are opened.
* Click here for Report on W97M.KPMV Worm
Date: February 23, 2001
Platform: Microsoft
Warning About: W97M.Intruded.A Virus
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Intruded.A is a stealth Microsoft Word macro virus
that infects the Normal.dot template and the active document. The file
summary information is changed, and when you access macros or the
VBEditor, a very rude message is displayed.
* Click here for Report on W97M.Intruded.A Virus
Date: February 23, 2001
Platform: MS Outlook 97 / 2000, MS Outlook Express 5.01 / 5.5
Patch Available: Outlook and OE VCard Handler Contains Unchecked Buffer
Report From: MicroSoft TechNet Security
* Release Note: Outlook Express provides several components that are used
both by it and, if installed on the machine, Outlook.One such component,
used to process vCards, contains an unchecked buffer in the
functionality that processes VCards.
* Click here for MS Security Bulletin MS01-012
Date: February 23, 2001 * Updated
Platform: PC
Warning About: Onthefly Worm
Aliases: VBSWG, I-Worm.Lee.o, SST, VBS_Kalamar, Onthefly.A
Variant: VBSWG.J@mm
Report From: F-Secure
* Release Note: VBS/Onthefly is an encrypted Visual Basic Script worm
which spreads (mass mails) itself using Microsoft Outlook application.
On February 12th, 2001 this worm has spread rapidly in all over the
world in just a few hours.
* Click here for Report on Onthefly Worm
Date: February 23, 2001 * Updated
Platform: PC
Warning About: VBSWG.N@mm Worm
Report From: F-Secure
* Release Note: On February 20th, this variant of VBS/VBSWG has been
found from the field. This variant is not encrypted. When it is
executed, the worm alters the Internet Explorer start page to point to
an adult site. It also modifies the registry in such way that the worm
will be executed every time when the system is restarted.
* Click here for Report on VBSWG.N@mm Worm
Date: February 23, 2001 * Updated
Platform: PC
Warning About: VBSWG.M Worm
Report From: F-Secure
* Release Note: On February 19th, this variant of VBS/VBSWG was posted to
several newsgroups in an attached file called "Intervieuw with
OnTheFly.mp3.vbs". However, due a bug it does not replicate.
* Click here for Report on VBSWG.M Worm
Date: February 23, 2001
Platform: PC
Warning About: VBSWG.L Worm
Report From: F-Secure
* Release Note: On February 19th, this variant of VBS/VBSWG was posted to
several newsgroups in an attached file called "Intervieuw with
OnTheFly.mp3.vbs". However, due a bug it does not replicate.
* Click here for Report on VBSWG.L Worm
Date: February 23, 2001
Platform: PC
Warning About: VBSWG.K@mm Worm
Aliases: Onthefly.B
Report From: F-Secure
* Release Note: At February 16th, a variant of VBS/Onthefly is spreading
within messages that have German content. The variant also replicates
using mIRC and Pirch IRC clients.
* Click here for Report on VBSWG.K@mm Worm
Date: February 23, 2001
Platform: PC
Warning About: Totilix Worm
Aliases: I-Worm.Totilix
Report From: F-Secure
* Release Note: Totilix is a dangerous Internet virus-worm that spreads
itself with e-mail messages and overwrites all, except a couple, of EXE
files in the Windows directory with its copy.
* Click here for Report on Totilix Worm
Date: February 21, 2001
Platform: PC
Warning About: W97M.Black.F Macro Virus
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Black.F is a macro virus that infects Word documents
by adding a "BLACKCURSE" module. It changes the Author and Title of all
infected documents. On August 31 it also prints out a message.
* Click here for Report on W97M.Black.F Macro Virus
Date: February 21, 2001
Platform: PC
Warning About: W97M.Black.D Macro Virus
Also Known As: W97M/Bleck
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Black.D is a Microsoft Word macro virus that infects
active documents and the global template, Normal.dot. It also disables
access to the Macro Editor and the Visual Basic Editor. When the day is
August 31, the virus inserts a message in your documents.
* Click here for Report on W97M.Black.D Macro Virus
Date: February 21, 2001
Platform: PC
Warning About: BAT.Install.Trojan Trojan
Report From: Norton / Symantec Security Updates
* Release Note: BAT.Install.Trojan is a batch file Trojan horse that
creates many folders in the root of drive C. After creating the folders,
it copies itself to many locations, and in doing so, overwrites
necessary Windows files. The original file name is "Install.bat".
* Click here for Report on BAT.Install.Trojan Trojan
Date: February 21, 2001
Platform: PC
Warning About: PWSteal.Coced240b.Tro Trojan
Aliases: Trojan.PWS.Coced.240.b, PWS.gen, NAEBI.240B.Trojan
Report From: Norton / Symantec Security Updates
* Release Note: The password stealer appears as an attachment named
26705-i386-update.exe. It claims to be a vulnernability patch that is
mailed from support@microsoft.com. The Trojan sends confidential
password information to an email address. Microsoft has posted
information regarding bogus files.
* Click here for Report on PWSteal.Coced240b.Tro Trojan
Date: February 21, 2001
Platform: PC
Warning About: VBS.Trojan.Noob Trojan
Report From: Norton / Symantec Security Updates
* Release Note: VBS.Trojan.Noob uses animation to disguise its actions.
Once executed, this Trojan searches for mIRC, and if found, it will
attempt to modify mIRC settings to allow unauthorized access to the
infected computer.
* Click here for Report on VBS.Trojan.Noob Trojan
Date: February 21, 2001
Platform: PC
Warning About: VBS.Apulia.D@mm Worm
Report From: Norton / Symantec Security Updates
* Release Note: VBS.Apulia.D@mm is a simple VBS Script worm that attempts
to email a .zip file to every recipient in your Microsoft Outlook
address book. Due to bugs in the code, however, it does not
successfully send the file.
* Click here for Report on VBS.Apulia.D@mm Worm
Date: February 21, 2001
Platform: Windows 98 and Windows 2000
Warning About: JS.Fav Trojan
Report From: Norton / Symantec Security Updates
* Release Note: JS.Fav is a simple Trojan horse that creates three links
in the Favorites folder, which are then displayed on the Start Menu.
Two of the three sites are pornographic, and one a search engine. After
creating these links, the Trojan destroys itself.
* Click here for Report on JS.Fav Trojan
Date: February 21, 2001
Platform: PC
Warning About: Backdoor.Acropolis Trojan
Report From: Norton / Symantec Security Updates
* Release Note: This Trojan horse permits a remote operator to control an
infected system. The name of the Trojan horse is Acropolis 1.0, and it
is detected as Backdoor.Acropolis. When launched, the Trojan horse opens
a network connection on ports 32791 and 45673. This gives a remote
operator the capability to use your computer to send messages using
mIRC. These messages may contain attached files. It is possible, but
not confirmed, that the Trojan horse could also be used to control
email programs.
* Click here for Report on Backdoor.Acropolis Trojan
Date: February 21, 2001
Platform: MS Windows. 2000 Server, Advanced Server, Datacenter Server
Patch Available: Malformed Request to Domain Controller can Cause
Denial of Service Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: A core service running on all Windows 2000 domain
controllers (but not on any other machines) contains a flaw affecting
how it processes a certain type of invalid service request.
* Click here for MS Security Bulletin MS01-011
Date: February 21, 2001
Platform: PC
Hoax Alert: Bud Frogs HOAX
Aliases: Budfrogs, Budweiser Frogs, Budsaver
Report From: F-Secure Hoax Information
* Release Note: There is worm, VBS/VBSWG.N@mm, that spreads itself in an
attachement called "budweiser-commercial-spring2001.mpeg.vbs". This worm
has nothing to do with this hoax. Further information about the worm is
available at: http://www.F-Secure.com/v-descs/vbswg_n.shtml This
warning about a possible trojan horse circulates AOL and the Internet.
No antivirus lab has seen a sample of the original file, so this can be
considered a hoax.
* Click here for F-Secure hoax Info on Bud Frogs HOAX
* Click here for F-Secure virus Info on VBS/VBSWG.N@mm Worm
Date: February 21, 2001
Platform: PC
Warning About: VBSWG.O
Aliases: Onthefly.C
Report From: F-Secure
* Release Note: Information about the original VBS/Onthefly.A (also known
as I-Worm.Lee.o and VBS/VBSWG) is available at:
http://www.F-Secure.com/v-descs/onthefly.shtml This variant is not
encrypted. Otherwise it is similar to VBS/Onthefly.B, however, due a
bug it does not replicate.
* Click here for Report on VBSWG.O
Date: February 21, 2001
Platform: PC
Warning About: VBSWG.N@mm Worm
Report From: F-Secure
* Release Note: Information about the original VBS/Onthefly.A (also known
as I-Worm.Lee.o and VBS/VBSWG) is available at:
http://www.F-Secure.com/v-descs/onthefly.shtml On February 20th, this
variant of VBS/VBSWG has been found from the field. This variant is not
encrypted.
* Click here for Report on VBSWG.N@mm Worm
Date: February 21, 2001 * Updated
Platform: PC
Warning About: Onthefly Worm
Aliases: VBSWG, I-Worm.Lee.o, SST, VBS_Kalamar, Onthefly.A
Variant: VBSWG.J@mm
Report From: F-Secure
* Release Note: VBS/Onthefly is an encrypted Visual Basic Script worm
which spreads (mass mails) itself using Microsoft Outlook application.
* Click here for Report on Onthefly Worm Update
Date: February 21, 2001
Platform: PC
Warning About: VBSWG.M Worm
Report From: F-Secure
* Release Note: Information about the original VBS/Onthefly.A (also known
as I-Worm.Lee.o and VBS/VBSWG) is available at:
http://www.F-Secure.com/v-descs/onthefly.shtml
On February 19th, this variant of VBS/VBSWG was posted to several news-
groups in an attached file called "Intervieuw with OnTheFly.mp3.vbs".
However, due a bug it does not replicate.
* Click here for Report on VBSWG.M Worm
Date: February 18, 2001
Platform: Microsoft IIS 5.0 / Windows NT 2000 / Apache Group Apache 1.3.9
Warning About: Caucho Tech Resin 1.2 Directory Traversal Vulnerability
Report From: Security Focus
* Release Note: It is possible for a remote user to gain read access to
directories and files outside the root directory of a machine running
Resin.
* Click here for Advisory on Caucho Technology Vulnerability
Date: February 18, 2001
Platform: Microsoft Windows 9.x / NT 4.0 / NT 2000
Warning About: ITAfrica WEBactive 1.0 Directory Traversal Vulnerability
Report From: Security Focus
* Release Note: It is possible for a remote user to gain read access to
directories and files outside the root directory of ITAfrica WEBactive.
* Click here for Advisory on ITAfrica WEBactive Vulnerability
Date: February 18, 2001
Platform: Microsoft Windows 95 / NT 4.0
Warning About: John Roy Pi3Web 1.0.1 Buffer Overflow Vulnerability
Report From: Security Focus
* Release Note: A buffer overflow vulnerability has been reported in John
Roy Pi3Web web server. The ISAPI application within the server fails to
properly handle user supplied input. Requesting a specially crafted URL
will cause the buffer to overflow and possibly allow the execution of
arbitrary code.
* Click here for Advisory on John Roy Pi3Web Vulnerability
Date: February 17, 2001
Platform: PC
Warning About: VBS/VBSWG.k@MM Worm
Aliases: VBS.Vbswg.gen (NAV), I-Worm.Lee.o, VBS/SST@MM
Report From: Norton / Symantec Security Updates and
Network Associates
* Release Note: VBS.Vbswg.K is created using a worm generator tool, and
is detected as VBS.Vbswg.gen. This particular variant spreads by using
Microsoft Outlook, mIRC and pirch, and it uses the file name "Neue
Tarife.txt.vbs". The mIRC .ini script file is detected as VBS.Vbswg.K
(mIRC) and the Pirch .ini script file is detected as VBS.Vbswg.K
(pirch). When spreading by email, this worm presents itself as a
message from the German ISP t-online. The attachment is a price list.
* Click here for Symantec Report on VBS.Vbswg.K
* Click here for NAI Report on VBS/VBSWG.k@MM
Date: February 17, 2001
Platform: PC
Warning About: IRC/Abuser DDoS Trojan
Aliases: Trojan.MircAbuser (NAV)
Report From: Network Associates
* Release Note: This is a Distributed Denial of Service trojan which
arrives as a software installation package. When run, an installation
screen is displayed for, "CD-R Doubler". However, the user is not
presented with any installation options, the trojan proceeds to install
itself without user intervention. Read the complete report for Method
Of Infection and Removal Instructions
* Click here for Report on IRC/Abuser
Date: February 16, 2001
Platform: Microsoft
Warning About: O97M.Hopper.V Macro Virus
Aliases: Macro.Office.Hopper.n, X97M/Hopper.r
Report From: Norton / Symantec Security Updates
* Release Note: O97M.Hopper.V is a stealth macro virus that infects both
Microsoft Word documents and Microsoft Excel workbooks. Depending on
the day of the month, O97M.Hopper.V may modify data or settings in the
Word document or in the Excel workbook. Read the complete report for
Removal Instructions.
* Click here for Report on O97M.Hopper.V Macro Virus
Date: February 15, 2001
Platform: Microsoft Windows
Patch Available: Windows Media Player Skins File Download Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a security
vulnerability in Microsoft Windows Media Player 7. This vulnerability
could potentially enable a malicious user to cause a program of his
choice to run on another users computer.
* Click here for MS Security Bulletin MS01-010
* Click here for FAQ about vulnerability and the patch
Date: February 14, 2001
Platform: PC
Warning About: VBS.Delete.Trojan Trojan
Report From: Norton / Symantec Security Updates
* Release Note: VBS.Delete.Trojan is a Trojan horse that tries to remove
the Windows and Program Files folders, including their contents. It is
373 bytes long. After trying to remove these folders, it displays a
message box with the following text: http://www.Webtool.com
The message box has the title "ERROR."
* Click here for Report on VBS.Delete.Trojan Trojan
Date: February 14, 2001
Platform: PC
Warning About: W97M.Bablas.BR Macro Virus
Aliases: Macro.Word97.Bablas, W97M/Bablas.gen
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Bablas.BR is a Microsoft Word macro virus that
infects active documents and the global template, Normal.dot. It also
disables access to the Macro Editor and the Visual Basic Editor.
* Click here for Report on W97M.Bablas.BR Macro Virus
Date: February 14, 2001
Platform: PC
Warning About: W97M.Bablas.BS Macro Virus
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Bablas.BS is a Microsoft Word macro virus that
infects active documents and the global template, Normal.dot. It
also disables access to the Macro Editor and the Visual Basic Editor.
* Click here for Report on W97M.Bablas.BS Macro Virus
Date: February 14, 2001
Platform: PC
Warning About: X97M.Barisada.P
Report From: Norton / Symantec Security Updates
* Release Note: This Microsoft Excel macro virus replicates when an
infected spreadsheet window is closed. This virus has a payload similar
to X97M.Barisada.A, but the payload will never execute.
* Click here for Report on X97M.Barisada.P
Date: February 14, 2001
Platform: PC
Warning About: W97M.Candle.Gen
Report From: Norton / Symantec Security Updates
* Release Note: This is a Microsoft Word macro virus that spreads by
infecting Microsoft Word documents and the global template, Normal.dot.
* Click here for Report on W97M.Candle.Gen
Date: February 14, 2001
Platform: PC
Warning About: Trojan.MircAbuser
Report From: Norton / Symantec Security Updates
* Release Note: Trojan.MircAbuser.dr pretends to install a useful tool.
However, this file installs Mirc32 on the computer and creates hidden
files that allow a hacker to access the affected computer and use it
for a Denial of Service attack. These hidden files are detected as
Trojan.MircAbuser.
* Click here for Report on Trojan.MircAbuser
Date: February 14, 2001
Platform: PC
Warning About: W97M.Forget.A
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Forget.A infects the Microsoft Word Normal.dot
template and open Word documents. On the 8th day of every month,
W97M.Forget.A causes the Office Assistant to display the message:
Today is the day of my sister's birthday don't forget ...
* Click here for Report on W97M.Forget.A
Date: February 14, 2001
Platform: PC
Warning About: HardLock.618 Boot Trojan
Aliases: Trojan.Dood, Mutha Trojan
Report From: Norton / Symantec Security Updates
* Release Note: HardLock.618 is a boot Trojan. It does not infect or
delete files. This Trojan changes a byte in the Master Boot Record
(MBR) of the hard drive. The change prevents the computer from booting.
* Click here for Report on HardLock.618 Boot Trojan
Date: February 14, 2001
Platform: PC
Warning About: W97M.Thus.CN Macro Virus
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Thus.CN is a macro virus that spreads by infecting
the Normal.dot template and Microsoft Word documents as they are opened
and closed. This virus is a variant of W97M.Thus.A.
* Click here for Report on W97M.Thus.CN Macro Virus
Date: February 14, 2001
Platform: PC
Warning About: W97M.Bablas.BQ Macro Virus
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Bablas.BQ is a Microsoft Word macro virus that
infects active documents and the Normal.dot template. It also disables
access to the Macro Editor and the Visual Basic Editor.
* Click here for Report on W97M.Bablas.BQ Macro Virus
Date: February 14, 2001
Platform: PC
Warning About: W97M.Titch.H Macro Virus
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Titch.H is a very simple macro virus. The virus
replicates between the global template (Normal.dot) and Microsoft Word
documents as the documents are closed.
* Click here for Report on W97M.Titch.H Macro Virus
Date: February 14, 2001
Platform: PC
Warning About: VBS.Davinia.B Worm
Report From: Norton / Symantec Security Updates
* Release Note: VBS.Davinia.B is an email worm that mails a message
written in HTML to everyone in your Microsoft Outlook address book.
Read the complete report for Removal Instructions and how to Restore
Files.
* Click here for Report on VBS.Davinia.B Worm
Date: February 14, 2001
Released: February , 2001
Platform: PC
Warning About: DUNpws.es Trojan
Aliases: Trojan.PSW.Billy.b (AVP)
Report From: Network Associates
* Release Note: This is a Dial-Up Networking password stealing trojan. It
uses a WinZip like icon and when run, it displays a typical WinZip
corrupted file message. The trojan copies itself to the WINDOWS
directory and creates a run key value in the registry to load the
trojan at startup. Read the complete report for Method Of Infection
and Removal Instructions
* Click here for Report on DUNpws.es Trojan
Date: February 14, 2001
Platform: Microsoft Windows NT 4.0 Servers
Patch Available: Malformed PPTP Packet Stream Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a security
vulnerability in Microsoft. Windows NT. 4.0 servers that provide
secure remote sessions. The vulnerability could allow an attacker to
prevent an affected machine from providing useful service.
* Click here for MS Security Bulletin MS01-009
* Click here for FAQ about vulnerability and the patch
Date: February 14, 2001
Platform: PC
Warning About: VBS/Valentin@MM / Valentine Mass Mailing Worm
Variant: Valentine.A@mm
Aliases: Valentin.A (CA), Valentine (F-Prot), VBS.Valentin.A
Report From: F-Secure and / Network Associates
* Release Note: VBS/Valentine is a mass mailing worm written in Visual
Basic Script. The worm arrives in an infected message sent with MS
Outlook. When it is openend, it first drops "loveday14-b.hta" to the
Windows Startup directory in both Spanish and English versions of
Windows. The worm creates an infected "main.html" file to the Windows
System directory and sets the Internet Explorer start page to point to
a web page that contains another worm, VBS/San.A@m.
* Click here for Report on Valentine Worm
* Click here for Report From Network Associates
Date: February 14, 2001
Platform: PC
Warning About: VBS/San@M / San Worm
Aliases: San (F-Prot), San.A (CA), VBS.San.A
Variant: San.A@m
Report From: F-Secure and Network Associates
* Release Note: San is a worm written in Visual Basic Script. The worm
arrives in an infected message sent with Outlook Express. When it is
viewed, by opening it or via preview pane, it first drops
"loveday14-a.hta" to the Windows Startup directory in both Spanish and
English versions of Windows. One of the things this worm does is
replace the Internet Explorer start page point to a web page, that
contains another worm VBS/Valentine.A@mm. These two worms download each
other. If the system date is 8th, 14th, 23rd or 29th on each month,
then VBS/Sun.A will destroy the infected system. It will delete all
directories and their contents from the drive "C:".
* Click here for Report on San Worm
* Click here for Report From Network Associates
Date: February 14, 2001
Platform: Windows 2000 only. (does not affect NT)
Warning About: Microsoft Network DDE Agent Request Vulnerability
Report From: CIAC Bulletins
* Release Note: A flaw in the Network Dynamic Data Exchange (DDE) agent
could enable unprivileged users to run code and elevate privileges on
a local machine.
* Click here for Bulletin Number L-044
Date: February 14, 2001
Platform: Windows NT 4.0 Workstation and Server
Warning About: Microsoft NTLMSSP Privilege Elevation Vulnerability
Report From: CIAC Bulletins
* Release Note: A flaw in the NTLM Security Support Provider (NTLMSSP)
service allows a local user to initiate a specially formed request
that executes arbitrary code with LocalSystem security privileges.
* Click here for Bulletin Number L-043
Date: February 14, 2001
Reported: February 12, 2001
Platform: Users of Microsoft Outlook who have not applied previously
available security updates.
Warning About: The VBS.AnnaKournikova Worm
VBS/OnTheFly (Anna Kournikova) Malicious Code
Aliases: I-Worm.Lee.o, VBS/VBSWG.J@MM, SST, VBS_Kalamar
Anna Kournikova, AnnaKournikova, VBS.VBSWG.J (CA)
VBS/Anna, VBS/OnTheFly@mm (F-Secure), VBS/SST (VS)
VBS/SST-A (Sophos), VBS/SST.A (Panda), VBS/SST.Worm (CAI)
VBS/VBSWG.J (F-Prot), VBS_Kalamar.a (Trend)
Report From: CIAC Bulletins, CERT, F-Secure, Network Associates
* Release Note: A new worm named VBS.AnnaKournikova is spreading in the
wild. It runs under the windows scripting host and uses the Outlook
program to send itself as an attachment to everyone in your address
book. The e-mail message has the subject: "Here you have, ;o)" and
body: "Hi:", "Check This!". The attachment is named:
"AnnaKournikova.jpg.vbs" though the .vbs extension may be hidden.
Removal
Removing the worm requires a system reboot to kill the running worm,
removal of the e-mail message and its attachment, removal of the
AnnaKournikova.jpg.vbs file in the windows directory and removal of
the two registry keys:
HKCU\software\OnTheFly\Worm made with Vbswg 1.50b
HKCU\software\OnTheFly\mailed
The registry keys have no effect on your operating system and could be
left in place without causing any harm. The second registry key with a
value of 1 prevents a future infection with this worm from spreading.
* Click here for CIAC Bulletin Number L-046
* Click here for CERT Advisory CA-2001-03
* Click here for F-Secure Report
* Click here for Network Associates Report
Date: February 08, 2001
Released: February , 2001
Platform: PC
Warning About: VBS.LoveLetter.CD
Aliases: C'h una cartolina per te!, Cartolina.vbsVBS/Lovelet-CD (Sophos)
VBS/Lovelet-CD (Sophos), VBS_CARTOLINA.A (Trend)
Report From: Network Associates and Norton / Symantec Security Updates
* Release Note: NAI says this is a Visual Basic Script virus. It's only
purpose is to spread to other systems using built-in functions of
VBScript via Outlook messaging. Symantec says if your computer is
infected by this worm, it will use the Microsoft Outlook address book
to propagate itself.
* Click here for NAI Report on VBS/Loveletter.CD@MM
* Click here for Norton Report on VBS.LoveLetter.CD
Date: February 08, 2001
Released: February , 2001
Platform: Microsoft Windows NT 4.0
Patch Available: NTLMSSP Privilege Elevation Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a security
vulnerability in Microsoft Windows NT 4.0. The vulnerability could
allow a locally logged on user to grant herself administrator level
privileges.
* Click here for MS Security Bulletin MS01-008
* Click here for FAQ about vulnerability and the patch
Date: February 08, 2001
Platform: PC
Warning About: Cartolina Worm
Aliases: LoveLetter.CD, I-Worm.Jer
Report From: F-Secure
* Release Note: Cartolina is a simple variant of the LoveLetter e-mail
worm. This version has been written in Italy. It was found in the wild
in early February, 2001. It's unlikely to spread far outside Italy.
* Click here for Report on Cartolina Worm
Date: February 07, 2001
Platform: PC
Warning About: Backdoor.Netbus.444051 Trojan Horse
Report From: Norton / Symantec Security Updates
* Release Note: This is a variant of the well-known backdoor Trojan,
Netbus. This variant contains a registry file that modifies the Windows
registry. Read the complete report for Removal Instructions.
* Click here for Report on Backdoor.Netbus.444051 Trojan Horse
Date: February 07, 2001
Platform: MS Windows 2000
Patch Available: Network DDE Agent Request Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a security
vulnerability in Microsoft Windows 2000. The vulnerability could,
under certain conditions, allow an attacker to gain complete control
over an affected machine.
* Click here for MS Security Bulletin MS01-007
* Click here for FAQ about vulnerability and the patch
Date: February 07, 2001
Platform: MS Windows 2000 Post Service Pack 1 hotfixes issued prior
to December 19, 2000
Warning About: Microsoft Hotfix Packaging Anomalies
Report From: CIAC Information Bulletin
* Release Note: Post Service Pack 1 hotfix system catalogs were built
with same version numbers as older versions. Newer hotfixes could be
overwritten or otherwise replaced with older versions. Thus, systems
could be open to vulnerabilities considered patched.
* Click here for Bulletin Number L-041
Date: February 03, 2001 * Updated
Platform: PC
Warning About: W32/Joined Used for Heuristic Detection
Report From: Network Associates
* Release Note: There is a known false with 4118 DAT in some type of
packaged files. McAfee AVERT recommends updating to DAT files post 4118
to avoid false detection. The detection is only enabled when scanning
heuristically.
* Click here for Report on W32/Joined Program
Date: February 02, 2001
Platform: Microsoft Win 9x.
Warning About: W32/Rast.2060 Worm
Report From: Network Associates
* Release Note: This is an intended Internet worm originally posted to
a newsgroup (anonymously). This threat is not successful in its attempt
to spread with intent to send itself via Eudora mail. Read the complete
report for Method Of Infection and Removal Instructions.
* Click here for Report on W32/Rast.2060 Worm
Date: February 01, 2001
Platform: Microsoft Windows 2000 Terminal Servers
Patch Available: Invalid RDP Data Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a security
vulnerability affecting Microsoft Windows 2000 terminal servers. The
vulnerability could allow an attacker to cause an affected server to
fail.
* Click here for MS Security Bulletin MS01-006
* Click here for FAQ about vulnerability and the patch
Top of Page
Macintosh
No virus warnings for February 2001
Top of Page
Linux
Date: February 27, 2001
Platform: Slackware
Updates To: IMAP exploit
Report From: Linux Daily News
* Release Note: A short note in the slackware-current changelog points
out that all previous versions of imapd (which is installed by default
for Slackware distributions) has a remote exploit problem. All Slackware
users are urged to upgrade their version of imapd. (LWN says Thanks to
David Lang)
* Click here for LWN Security Update To IMAP exploit
Date: February 27, 2001
Platform: Immunix
Updates To: Advisories For php, dump and lpr
Report From: Linux Daily News
* Release Note: Immunix posted a slew of updates in a single advisory to
cover updates to php, dump and lpr, all of which had previous security
issues but for which Immunix had not yet released updates.
* Click here for LWN Advisories For php, dump and lpr
Date: February 27, 2001
Platform: Red Hat
Updates To: Zope Advisories
Report From: Linux Daily News
* Release Note: Red Hat has issued a security advisory for Zope.
* Click here for LWN Security Advisory To Zope
Date: February 27, 2001
Platform: Linux-Mandrake
Updates To: sudo and Zope Advisories
Report From: Linux Daily News
* Release Note: Linux-Mandrake has issued security advisories for sudo
and Zope, both of which may allow users advanced priviliges.
* Click here for LWN Security Advisory To sudo
* Click here for LWN Security Advisory To Zope
Date: February 27, 2001
Platform: Trustix
Updates To: sudo Advisories
Report From: Linux Daily News
* Release Note: Trustix have issued an advisories for the sudo buffer
overflow problems that may allow an attacker to gain higher privileges.
* Click here for LWN Security Update To sudo Advisories
Date: February 27, 2001
Platform: Conectiva
Updates To: sudo Advisories
Report From: Linux Daily News
* Release Note: Trustix have issued an advisories for the sudo buffer
overflow problems that may allow an attacker to gain higher privileges.
* Click here for LWN Security Update To sudo Advisories
Date: February 27, 2001
Platform: Digital Creations
Updates To: Zope
Report From: Linux Daily News
* Release Note: Digital Creations has released a security update to Zope
(all versions up to 2.3b1) fixing a security vulnerability in how
ZClasses are handled. An upgrade is recommended.
* Click here for LWN Security Update To Zope
Date: February 27, 2001
Platform: Slackware
Updates To: Advisory For sudo
Report From: Linux Daily News
* Release Note: Slackware has released an updated sudo package for their
7.1 and - current releases to address a buffer overflow issue.
* Click here for LWN Advisory Update To sudo
Date: February 27, 2001
Released: February 25, 2001
Platform: Red Hat
Updates To: Red Hat Analog updates are available
Report From: Linux Daily News
* Release Note: Updated analog packages are available for the Red Hat
Secure Web Server 2.0 - i386.
* Click here for LWN Security Update To Analog updates
Date: February 23, 2001
Platform: Turbolinux
Updates To: bind and sendmail
Report From: Linux Daily News
* Release Note: Turbolinux came out with a security update to bind fixing
the (severe) problems that were reported back at the end of January.
They also released a security update to sendmail fixing a local root
compromise problem with that package.
* Click here for LWN Security Update To bind
* Click here for LWN Security Update To sendmail
Date: February 23, 2001
Platform: Linux-Mandrake
Updates To: Security Advisory For CUPS
Report From: Linux Daily News
* Release Note: Linux-Mandrake has issues a security advisory for the
CUPS printing packages. An internal audit found buffer overflow and
temporary file creation problems. It is highly recommended that all
Linux-Mandrake users upgrade to this new version of CUPS.
* Click here for LWN Security Advisory For CUPS
Date: February 21, 2001
Platform: Immunix
Updates To: Advisory For vixie-cron
Report From: Linux Daily News
* Release Note: Immunix has posted their security advisory for the
recently reported vixie-cron vulnerability.
* Click here for Immunix Advisory For vixie-cron
Date: February 21, 2001
Platform: Red Hat Linux 5.2, 6.2, 7.0
Warning About: vixie-cron Buffer Overflow Username crontab
Report From: CIAC Bulletins
* Release Note: A buffer overflow flaw exists in the crontab file. The
crontab flaw could allow a local user to elevate their privileges,
leading to a possible root compromise. All users are advised to update
their RPM files, as outlined in the advisory.
* Click here for Bulletin Number L-048
Date: February 21, 2001
Platform: Red Hat Linux 6.2 and 7.0
Warning About: Ramen Worm
Aliases: Linux.Ramen, Linux/Ramen, Unix/Ramen
Variant: Ramen.A, Ramen.B
Report From: F-Secure
* Release Note: Ramen is an Internet worm, which propagates from a Linux
based server to another. It works in a similar way as the Morris Worm
that was widespread in 1989. It attempts to infect the system by
exploiting three know security vulnerabilities - found from wu-ftpd,
rpc.statd and lpd services.
* Click here for Report on Ramen Worm
Date: February 19, 2001
Platform: Red Hat
Updates To: vixie-cron Advisory and Updated Packages
Report From: Linux Daily News
* Release Note: Vixie-cron (a popular version of the cron package
available on many Linux distributions) has been found to have a buffer
overflow problem that could allow certain users to gain elevated
privileges. Red Hat has posted their advisory and updated packages for
this problem. Expect to see similar reports from other distributors
soon.
* Click here for LWN Security Update To vixie-cron
Date: February 18, 2001
Platform: Microsoft IIS 5.0 / Windows NT 2000 / Apache Group Apache 1.3.9
Warning About: Caucho Tech Resin 1.2 Directory Traversal Vulnerability
Report From: Security Focus
* Release Note: It is possible for a remote user to gain read access to
directories and files outside the root directory of a machine running
Resin.
* Click here for Advisory on Caucho Technology Vulnerability
Date: February 18, 2001
Platform: RedHat Linux 7.0 / Apache Group Apache 1.3.9
Warning About: Thinking Arts ES.One 1.0 Directory Traversal Vulnerability
Report From: Security Focus
* Release Note: It is possible for a remote user to gain read access to
directories and files outside the root directory of ES.One.
* Click here for Advisory on Thinking Arts ES.One Vulnerability
Date: February 17, 2001
Platform: SuSE
Updates To: SSH
Report From: Linux Daily News
* Release Note: SuSE has issued an advisory for the ssh package for
versions 6.0, 6.1, 6.2, 6.3, 6.4, 7.0, 7.1 of their Linux
distributions.
* Click here for LWN Security Update To SSH
Date: February 17, 2001
Platform: Turbolinux
Updates To: glibc
Report From: Linux Daily News
* Release Note: Turbolinux has issued a security update to glibc fixing
the LD_PRELOAD problem there. Turbolinux is slowly catching up - this
problem was reported on January 16, just one full month ago. It is
worth noting that Turbolinux still does not have a bind update
available.
* Click here for LWN Security Update To glibcglibc
Date: February 16, 2001
Platform: Linux kernel 2.0 / WatchGuard Firebox II 4.5
Warning About: Watchguard Firebox ll PPTP DoS Vulnerability
Report From: Security Focus
* Release Note: A remote attacker could cause a denial of service
condition in Firebox II. Submitting multiple maliciously crafted
packets to the PPTP services will cause the consumption of all
available system resources.
* Click here for Advisory on Watchguard Firebox Vulnerability
Date: February 14, 2001
Platform: Debian
Updates To: XFree86
Report From: Linux Daily News
* Release Note: The Debian Project has issued an update to XFree86 fixing
an impressively long list of security problems with that package. The
advisory is informative, and is worth a look even if you are not
running Debian. Expect advisories from other distributors before too
long.
* Click here for LWN Security Update To XFree86
Date: February 14, 2001
Platform: Debian
Updates To: ProFTPd
Report From: Linux Daily News
* Release Note: Here is Debian's security update to ProFTPd fixing the
denial of service problems in that package.
* Click here for LWN Security Update To ProFTPd
Date: February 14, 2001
Platform: LinuxPPC
Updates To: OpenSSH
Report From: Linux Daily News
* Release Note: Here is LinuxPPC's update to OpenSSH fixing the recent
vulnerabilities in that package.
* Click here for LWN Security Update To OpenSSH
Date: February 14, 2001
Platform: Red Hat Linux 6.x - alpha, i386, i586, i686, sparc,sparc64
Red Hat Linux 7.0 - alpha, i386, i586, i686
Warning About: Red Hat Linux 'sysctl, ptrace, & mxcsr P4 ' Vulnerability
Report From: CIAC Bulletins
* Release Note: Security vulnerabilities exist in the kernel routines
"sysctl, ptrace, and mxcsr P4" which allow privilege escalation and
the capability to affect system operation.
* Click here for Bulletin Number L-045
Date: February 09, 2001
Platform: Turbolinux
Updates To: Security Update To Netscape
Report From: Linux Daily News
* Release Note: Better late than never...Turbolinux has come out with
a security update to netscape fixing the buffer overflow problem that
was first reported in the November 9, 2000 LWN security page.
* Click here for LWN Security Update To Netscape
Date: February 09, 2001
Platform: Debian
Updates To: Security Update To man-db
Report From: Linux Daily News
* Release Note: The Debian Project has released a security update to the
man-db fixing a format string vulnerability in that package.
* Click here for LWN Security Update To man-db
Date: February 09, 2001
Platform: Linux-Mandrake
Updates To: Security Update To ProFTPd
Report From: Linux Daily News
* Release Note: MandrakeSoft has issued a security update to ProFTPd
fixing the denial of service problem there.
* Click here for LWN Security Update To ProFTPd
Date: February 09, 2001
Platform: Debian
Updates To: Security Update To OpenSSH
Report From: Linux Daily News
* Release Note: The Debian Project has issued a security update to
openssh which fixes a number of problems with that package. SSH users
really should upgrade...
* Click here for LWN Security Update To OpenSSH
Date: February 09, 2001
Platform: Red Hat
Updates To: Security Update To The kernel
Report From: Linux Daily News
* Release Note: Red Hat has issued a security update to the kernel fixing
the local root compromise problems there.
* Click here for LWN Security Update To The kernel
Date: February 09, 2001
Platform: Conectiva
Updates To: Security Update To ProFTPd
Report From: Linux Daily News
* Release Note: Conectiva has issued a security update to ProFTPd, fixing
some denial-of-service problems in that package.
* Click here for LWN Security Update To ProFTPd
Date: February 09, 2001
Platform: Turbolinux
Updates To: Security Update To slocate
Report From: Linux Daily News
* Release Note: Turbolinux has issued a security update to slocate which
fixes a heap overflow bug in that program. This is not a new bug; it
was first reported in the November 30, 2000 LWN security page.
* Click here for LWN Security Update To slocate
Date: February 09, 2001
Platform: Caldera
Updates To: Systems Kernel Security Update
Report From: Linux Daily News
* Release Note: Caldera Systems has issued a security update to the
kernel. It seems that there are two problems which show up in both
the 2.2 and 2.4 kernels. One allows (local) attackers to read kernel
memory that should not be available to them, and the other allows
attaching to a setuid process with ptrace. We (LWN) have not seen
discussion of these problems on the linux-kernel list. We'll keep an
eye out and pass on any interesting information that we find.
* Click here for LWN Security Update To systems kernel
Date: February 07, 2001
Platform: Red Hat
Updates To: xemacs
Report From: Linux Daily News
* Release Note: Red Hat has issued a security update to xemacs fixing
the gnuserv vulnerability in that package.
* Click here for LWN Security Update To xemacs
Date: February 07, 2001
Platform: Linux-Mandrake
Updates To: CUPS
Report From: Linux Daily News
* Release Note: Those of you who have not yet applied the CUPS security
update from MandrakeSoft, or who had difficulties in the process, will
want to have a look at the new, improved update which is said to work
better.
* Click here for LWN Security Update To CUPS
Date: February 07, 2001
Platform: Conectiva
Updates To: glibc
Report From: Linux Daily News
* Release Note: Conectiva has issued a security update to glibc fixing
the latest vulnerabilities in that package.
* Click here for LWN Security Update To glibc
Date: February 03, 2001
Platform: LinuxPPC
Updates To: bind
Report From: Linux Daily News
* Release Note: LinuxPPC has issued a security update to bind fixing
the buffer overflow problems in that package. Evidently the release
has been out for a while, but we just got word of it now.
* Click here for LWN Security Update To bind
Date: February 03, 2001
Platform: Linux-Mandrake
Updates To: CUPS
Report From: Linux Daily News
* Release Note: MandrakeSoft has issued a security update to the CUPS
printing system which fixes a number of buffer overflow problems.
* Click here for LWN Security Update To CUPS
Date: February 03, 2001
Platform: Redhat Linux 6.2 and 7.0
Warning About: The Ramen Worm
Report From: CIAC
* Release Note: A Linux worm named 'Ramen' has been detected in the wild.
CIAC has had reports of compromised systems and numerous scans. Ramen
automatically attacks all vulnerable systems it can find. Intruders can
gain root access to vulnerable systems.
* Click here for Bulletin Number L-040
Date: February 02, 2001
Platform: Linux-Mandrake
Updates To: xemacs
Report From: Linux Daily News
* Release Note: MandrakeSoft has issued a security update to xemacs fixing
a couple of problems in gnuserv that could allow arbitrary code to be
executed by an attacker.
* Click here for LWN Security Update To xemacs
Top of Page
Miscellaneous
Date: February 23, 2001
Platform: JRE and Solaris Developer Kit versions 1.2.2_005
and 1.2.1_003, and earlier releases, could be affected.
Security Alert: Java flaw exposed
Report From: VNUNet Security Publications
* Release Note: Sun Microsystems has warned of a security hole in Java
that could allow hackers to infiltrate Java environments and execute
unauthorised commands.
* Click here for report on Java flaw
Date: February 23, 2001
Platform: Lotus Systems
Security Alert: New flaw discovered in Lotus Domino
Report From: VNUNet Security Publications
* Release Note: Administrators were left with potentially insecure email
servers after a new exploit was discovered in Lotus Domino.
* Click here for report on New flaw discovered in Lotus Domino
Date: February 23, 2001
Platform: Multiple Platforms
Security Notice: Security Hole in Java may expose servers
Report From: Linux Daily News
* Release Note: Sun has issued a warning that a bug in Java Runtime
Environments for multiple platforms, including Linux, may allow an
attacker to run harmful programs on a server, though client systems
running browsers should be unaffected.
* Click here for CNet Article on Security Hole in Java
Date: February 21, 2001
Platform: Computers That Have PHP Interpreters
Warning About: PHP.io Virus
Aliases: VBS.io.intended, PHP.io.inc, VBS.Entice
Report From: Norton / Symantec Security Updates
* Release Note: PHP.io is a virus that is written in the PHP scripting
language. (PHP is a server-side scripting language that is used for
dynamic Web page generation.) This virus only executes on computers
that have PHP interpreters, it cannot be contracted simply by visiting
an infected Web page.
* Click here for Report on PHP.io Virus
Date: February 18, 2001
Platform: Misc Platforms - This hoax arrives as an email message.
Hoax Alert: The New Ice Age HOAX
Report From: Symantec Security and VMyths Virus Myths & Hoaxes
* Release Note: A struggling rock band in St. Louis concocted the New
Ice Age virus alert as a publicity stunt to promote their new CD. The
New Ice Age is not a virus. It is a hoax, and should be ignored. This
hoax arrives as an email message.
* Click here for Symantec HOAX Report on The New Ice Age HOAX
* Click here for Vmyths HOAX Report on New Ice Age Virus HOAX
Date: February 14, 2001
Platform: OpenSSH and SSH Communications
Warning About: SSH CRC-32 Compensation Attack Detector Vulnerability
Report From: Security Focus
* Release Note: SSH is an encrypted remote access protocol. SSH or code
based on SSH is used by many systems all over the world and in a wide
variety of commercial applications. An integer-overflow bug in the
CRC32 compensation attack detection code may allow remote attackers to
write values to arbitrary locations in memory.
* Click here for Advisory on SSH CRC-32 Vulnerability
Date: February 14, 2001
Platform: Those running FreeBSD 4.x, 4.2-STABLE versions that were
released prior to the correction dates.
Warning About: OpenSSH SSH1 Coding Error and Server Key Vulnerability
Report From: CIAC Bulletins
* Release Note: The SSH server could be root compromised. The encrypted
session could be decrypted.
* Click here for Bulletin Number L-047
Date: February 08, 2001
Platform: All operating systems running Compaq Web Management Software
for Compaq Intel, Alpha, and Storage Hardware platforms to
include: MS Win9x, NT and 2000, NetWare, SCO Open Server, SCO
UnixWare 7, RedHat 6.2 and 7.0, Tru64Unix and OpenVMS.
Warning About: Compaq Web-enabled Management Software Buffer Overflow
Report From: CIAC Bulletins
* Release Note: The web-enabled management software has a bounds checking
error in the authentication code, allowing certain buffer overflows to
occur.
* Click here for Bulletin Number L-042
Date: February 03, 2001 * Updated
Platform: Domain Name System (DNS) Servers, running various versions
of ISC BIND
Warning About: Multiple Vulnerabilities in BIND
Report From: CERT
* Release Note: Revision of advisory includes added revised IBM vendor
statement, modified exploitation comments, added reference Secure BIND
Template and added Frequently Asked Questions as Appendix B.
* Click here for CERT CA-2001-02
Date: February 02, 2001
Platform: Subscribers to America Online's (AOL's) email service
Warning About: Trojan Worm Strikes America Online
Report From: VNUNet Security Publications
* Release Note: Subscribers to America Online's (AOL's) email service are
being warned to watch out for a password-stealing computer virus that
is infecting users' machines worldwide.
* Click here for report on AOL's Trojan Worm
Date: February 02, 2001
Platform: FreeBSD 4.x and 3.x prior to the correction date. 2000-12-16
(FreeBSD 4.2-STABLE), 2000-12-18 (FreeBSD 3.5.1-STABLE)
Warning About: FreeBSD procfs Vulnerabilities
Report From: CIAC Bulletin
* Release Note: Several vulnerabilities have been discovered in FreeBSD's
implementation of the process filesystem (procfs).
* Click here for Bulletin Number L-036
Date: February 02, 2001
Platform: FreeBSD 4.1-STABLE after 2000-09-20, 4.1.1-RELEASE, and
4.1.1-STABLE prior to 2000-11-11. The problem was corrected
prior to the release of FreeBSD 4.2
Warning About: FreeBSD periodic Uses Insecure Temporary Files
Report From: CIAC Bulletin
* Release Note: A vulnerability has been found in periodic that causes
temporary files with insecure file names to be used in the system's
temporary directory.
* Click here for Bulletin Number L-037
Date: February 02, 2001
Platform: FreeBSD 3.x (all releases) and FressBSD 4.x (all releases)
Warning About: FreeBSD inetd ident Server Vulnerability
Report From: CIAC Bulletin
* Release Note: During internal auditing, the internal ident server in
identd was found to incorrectly set group privileges according to the
user. Due to ident using root's group permissions, users may read the
first 16 (excluding initial whitespace) bytes of wheel-accessible files.
* Click here for Bulletin Number L-038
Date: February 02, 2001
Platform: FreeBSD 3.x (all releases), FreeBSD 4.x (all releases prior
to 4.2), FreeBSD 3.5-STABLE prior to the correction date.
Warning About: FreeBSD sort Uses Insecure Temporary Files
Report From: CIAC Bulletin
* Release Note: During internal auditing, sort(1) was found to use easily
predictable temporary file names. It does create these temporary files
correctly such that they cannot be "subverted" by a symlink attack, but
the program will abort if the temporary filename chosen is already in
use.
* Click here for Bulletin Number L-039
Date: February 01, 2001
Platform: Cisco
Warning About: Cisco Works To Fix Switch Glitch
Report From: VNUNet Security Publications
* Release Note: Cisco has released a security advisory for its Arrowpoint
switch, revealing that non-privileged users can either fe a denial of
service (DoS) attack on the hardware or view files to which they do
not have access rights.
* Click here for report on Arrowpoint switch
Date: February 01, 2001
Platform: Sun Java Web Server (all versions)
Warning About: Sun Java Web Server Vulnerability
Report From: CIAC
* Release Note: It is possible to use the administration module to
invoke servlets on a Java Web Server. A vulnerability within the
administration module could allow execution of commands against the
web server by a malicious attacker.
* Click here for Bulletin Number L-033
Date: February 01, 2001
Platform: HP9000 Series 700 and 800 running HP-UX releases 11.00,
11.04, 10.20, 10.24, 10.10 and 10.01
Warning About: HP Security Vulnerability in man(1) Command
Report From: CIAC
* Release Note: A security vulnerability in the man(1) command could
allow a Denial of Service (DoS) by users.
* Click here for Bulletin Number L-034
Date: February 01, 2001
Platform: HP9000 Series 700 and 800 running HP-UX releases 11.11,
11.00, and 10.20
Warning About: HP-UX Support Tools Manager Vulnerability
Report From: CIAC
* Release Note: A vulnerability exists in the HP9000 series 700/800
Support Tools Manager (xstm, cstm, stm) that could result in a
Denial of Service (DoS).
* Click here for Bulletin Number L-035
Top of Page
Back to the Virus Archives page