Virus Warnings from July 2001

           [Jump to Amiga] [Jump to Windows] [Jump to Mac]
                   [Jump to Linux] [Jump to Misc]


   Date: July 01, 2001
   Platform: Amiga
   Update About:  Bobek2 Infected Archive Found
   Report From:   Virus Help Team Denmark (VHT-DK)
   * Release Note: Virus Help Denmark reports another archive that is
     infected with the 'Bobek2' linkvirus has been found. It was on Aminet
     for a short time, but is has been removed now. But there just might be
     a few more archives our there, so take care.. Use VirusExecutor, VirusZ
     & VirusChecker, with (and this is very important) the xvs.library
     v33.26 to remove the virused from Devoprefs file.
   * Click here for VHT-DK Virus Warning vht-dk103 Read Me
   * Subscribe online to the VHT-DK Virus Warnings Announcement list.

   Top of Page


    31 July 2001 - NAI/PGP OnLine Scan for Code Red Worm
   PGP Security & McAfee are offering their CyberCop Worm-Scan for online
   vulnerability assessment for the Code Red Worm. You will need javascript
   enabled in your browser, plus you will need to provide some personal info
   such as name, email address and a password. The passowrd is required in
   order to provide secure access to your CyberCop report that will be
   mailed to your email address.
   * Click here for NAI Press release of online scan service

    31 July 2001 - Code Red Worm Still Present Threat to the Internet
   Microsoft Corporate Summary: The Code Red Worm and mutations of the worm
   pose a continued and serious threat to Internet users. Immediate action
   is required to combat this threat. Users who have deployed software that
   is vulnerable to the worm (Microsoft IIS Versions 4.0 and 5.0) must
   install, if they have not done so already, a vital security patch.
   Who Must Act?
   Every organization or person who has Windows NT or Windows 2000 systems
   AND the IIS web server software may be vulnerable. IIS is installed
   automatically for many applications. If you are using Windows 95,
   Windows 98, or Windows Me, there is no action that you need to take in
   response to  this alert.
   What To Do If You Are Vunerable?
      a. To rid your machine of the current worm, reboot your computer.
      b. To protect your system from re-infection: Install the patch as
         specified in the instructions.
   The security bulletin that describes the patch and the vulnerability
   it addresses is posted at:
   Because of the importance of this threat, this alert is being made
   jointly by:  Microsoft, The National Infrastructure Protection Center
   (NIPC), Federal Computer Incident Response Center (FedCIRC), Information
   Technology Association of America (ITAA), CERT Coordination Center, SANS
   Institute, Internet Security Systems and Internet Security Alliance.
   Virus Help Team Canada Suggests the Following Links for fast info
   * Patch: Windows NT 4.0 computers running Index Server 2.0
   * Patch: Windows 2000 computers running Internet Information Service 5.0
   * MS TechNet Security Tools including security and config checklists

    31 July 2001 - Frisk Software International Code Red Summary
   Code Red is the first worm that doesn't reproduce itself by copying
   itself into files or by infecting files but runs in memory only and
   reproduces by streaming communications between systems. Antivirus
   software will not be of use to prevent infections or damage done by
   the worm. Users of the IIS web server are required to get an update of
   the server from Microsoft's website:

    26 July 2001 - F-Secure Warns of Sircam Worm
   F-Secure Corporation is alerting computer users worldwide about a new,
   rapidly spreading e-mail worm called Sircam. Sircam is a mass mailing
   e-mail worm with the ability to spread through Windows Network shares.
   F-Secure anti-virus detects and disinfects the worm. This is the first
   e-mail worm that is not Windows Outlook-specific. Instead, this worm
   makes use of any e-mail system. This makes it much more liable to spread.
   * Click here for Symantec Report on W32.Sircam.Worm@mm
   * Click here to obtain Symantec's W32.Sircam.Worm@mm removal tool

    21 July 2001 - Advisory 01-015: "Ida Code Red Worm"
   National Infrastructure Protection Center (NIPC) Advisory says Internet
   backbone providers have notified the NIPC they are witnessing large-scale
   victimized web servers scanning for Microsoft Internet Information Server
   (IIS) vulnerabilities.

   13 July 2001 - Viri Warnings and Alerts for Today
   VBS.Blank.A (Symantec)
   W32.HLLC.Abessive (Symantec) (Symantec)

   12 July 2001 - Viri Warnings and Alerts for Today
   Backdoor-QZ (NAI)
   Leave (Updated) (F-Secure)
   Marijuana (F-Secure)

   11 July 2001 - Viri Warnings and Alerts for Today
   Bogus Patch "leaves" Backdoor Open (Kaspersky Lab)
     An Internet Worm "Leave" Spreads in the Form of Security Patch to
     Windows Kaspersky Lab, an international data-security software
     development company, warns users of the discovery of a new version
     of the Internet worm...
     (more on Leave)            (F-Secure)
     (more on W32.Leave.B.Worm) (Symantec)
   HTML.Reality.B (Symantec)

   10 July 2001 - Viri Warnings and Alerts for Today
   Nymph (F-Secure)
   Linong (F-Secure)
   Backdoor-QV (NAI)
   Evem (NAI)
   VBS/PWStroy (NAI)
   W32.Leave.B.Worm (Symantec)
   W97M.Claud.Gen (Symantec)

   Date: July 08, 2001
   Platform: MS Windows 2000
   Patch Available: Authentication Error in SMTP Service Could
                    Allow Mail Relaying
   Report From:   MicroSoft TechNet Security
   * Release Note: Customers who need SMTP services should apply the patch.
     All others should disable the SMTP service.
   * Click here for MS Security Bulletin MS01-037

   Date: July 08, 2001
   Platform: MS Windows
   Report From:    Norton / Symantec Security Updates
   * Click here for Report on Backdoor.Bionet.40a
     Release Note: Backdoor.Bionet.40a is a malicious backdoor Trojan. Its
     actions are similar to SubSeven, Netbus, and BackOrifice in that it
     allows unauthorized access to an infected computer.
   * Click here for Report on W32.Lad.1916
     Release Note: W32.Lad.1916 is a direct infector, and it infects MS
     Portable Executable (PE) files. When executed, the virus does not go
     memory resident. Instead, the virus attempts to infect files in the
     Windows folders, and in the same folder as the virus. Its payload is
     executed on the 19th of every month, and it displays a short message.

   Date: July 08, 2001
   Platform: MS Windows
   Report From:    Network Associates
   * Click here for Report on Backdoor-QT
     Aliases:      Backdoor-QT.cfg, Backdoor-QT.cli, Backdoor-QT.svr,
                   BackDoor.Muska (AVP) and MuSka52
     Release Note: This is a remote access trojan written in Visual Basic 5.
     When run, it copies itself to the WINDOWS SYSTEM directory as UT3.EXE
     and creates a WIN.INI entry to load a program at startup
   * Click here for Report on W32/Funso@M
     Aliases:      AOL.PWSteal.86016 (NAV) and I-Worm.Menace (AVP)
     Release Note: This is an AOL password stealing trojan and email worm
     virus written in Visual Basic 6. When run, the program will display a
     message box plus various other things.
   * Click here for Report on VBS/Jolin@MM
     Aliases:      VBS.Jolin@mm (NAV) and VBS/Niloj-A (Sophos)
     Release Note: At the present time, this VBScript contains bugs which
     prevent it from functioning properly.

   Date: July 08, 2001
   Platform: MS Windows
   Warning About: Nymph Worm
   Aliases:       Roach, Roach.b, W32/Roach, I-Worm.Roach.b
   Report From:   F-Secure
   * Release Note: Nymph is a mass-mailer with backdoor capabilities created
     by ASM/iKX group. It is one of the first worms that uses search engine
     of a webserver to find victim's e-mail addresses.
   * Click here for Report on Nymph

   Date: July 08, 2001
   Platform: Microsoft Windows 2000
   Warning About: Microsoft Authentication Error in SMTP Service
   Report From:   CIAC Bulletins
   * Release Note: The vulnerability could allow an unauthorized user to
     successfully authenticate to the service using incorrect credentials.
     The unauthorized user could gain user-level privileges on the SMTP
     service. Solution: Apply the patch provided by Microsoft.
   * Click here for Bulletin Number L-107

   Date: July 08, 2001
   Platform: Microsoft Windows (all versions)
   Warning About: W32/Leaves: Exploitation of previously installed
                  SubSeven Trojan Horses
   Report From:   CERT
   * Release Note: The CERT/CC has received an increasing number of reports
     regarding the compromise of home user machines running MS Windows. Most
     of these reports surround the intruder tool SubSeven. SubSeven is often
     used as a Trojan horse, which allows an intruder to deliver and
     execute any custom payload and run arbitrary commands on the affected
   * Click here for CERT IN-2001-07

   Top of Page


   No warnings for July 2001

   Top of Page


   Date: July 08, 2001
   Platform: Any Linux or BSD system running Samba
   Warning About: Samba Security Vulnerability
   Report From:   CIAC Bulletins
   * Release Note: A remote attacker can use a netbios name containing
     unix path characters which will then be substituted into the %m macro
     wherever it occurs in smb.conf. This can be used to cause Samba to
     create a log file on top of an important system file, which in turn
     can be used to compromise security on the server. Solution: Change
     smb.conf configuration file, or update to most recent release of Samba.
   * Click here for Bulletin Number L-105

   Date: July 08, 2001
   Platform:  Linux-Mandrake
   Updates To:    fetchmail and xinetd
   Report From:   Linux Daily News
   * Release Note: Linux-Mandrake has issued two new security advisories.
     The first is for fetchmail to address the problem with long header
     fields. The second is for xinetd to address default umask issues with
   * Click here for LWN Security Update To fetchmail
   * Click here for LWN Security Update To xinetd

   Date: July 08, 2001
   Platform:  Immunix
   Updates To:    tetex
   Report From:   Linux Daily News
   * Release Note: Immunix has posted a security update for tetex to address
     temporary file handling problems that can lead to privilege elevation.
   * Click here for LWN Security Update To tetex

   Date: July 04, 2001
   Platform:  Caldera
   Updates To:    OpenSSH
   Report From:   Linux Daily News
   * Release Note: Caldera International has released a security update to
     OpenSSH fixing an interesting problem: an attacker can remove any file
     on the system, as long as it's called "cookies"...
   * Click here for LWN Security Update To OpenSSH

   Top of Page


   10 July 2001 - Viri Warnings and Alerts for Today
     If you receive this email, delete the it and DO NOT pass it on.

   Date: July 08, 2001
   Platform: All releases of Cisco IOS(R) software starting with
             release 11.3 and later.
   Warning About: Cisco IOS HTTP Authorization Vulnerability
   Report From:   CIAC Bulletins
   * Release Note: The user will be able to exercise complete control over
     the device. All commands will be executed with the highest privilege
     (level 15). Solution: Upgrade or apply the workaround given in the
     Cisco advisory.
   * Click here for Bulletin Number L-106

   Date: July 08, 2001
   Platform: Oracle 8i
   Warning About: Oracle 8i contains buffer overflow in TNS listener
   Report From:   CERT
   * Release Note: A vulnerability in Oracle 8i allows remote intruders to
     assume control of database servers running on victim machines. If the
     Oracle server is running on a Windows system, an intruder may also be
     able to gain contol of the underlying operating system.
   * Click here for CERT CA-2001-016

   Date: July 04, 2001
   Platform: Misc
   Hoax Alert:    MusicPanel (MP3) Virus HOAX
   Report From:   Symantec Security HOAX Updates
   * Release Note: The following message is a hoax. This "virus" does not
     Sample of hoax message:
        Music fans around the planet will receive a shocking surprise
        on their computers on American Independence Day,July 4, but only
        if they have downloaded unauthorised songs from Napster, Gnutella
        or other file swapping applications on the Internet.
     Please ignore any messages regarding this hoax and do not pass on
     messages. Passing on messages about the hoax only serves to further
     propagate it.
   * Click here for Symantec HOAX Report on MusicPanel
   * Click here for Vmyths HOAX Report on MusicPanel (MP3) virus
   * Click here for ZDNet HOAX Report on MusicPanel

   Date: July 04, 2001
   Platform: i386 Intel Platform
   Warning About: SuSE Linux, xinetd Buffer Overflow
   Report From:   CIAC Bulletins
   * Release Note: The buffer overflow vulnerability allows a remote
     attacker to execute arbitrary code at all privleges.
     Solution: Apply patches supplied by SuSE
   * Click here for Bulletin Number L-104

   Date: July 04, 2001
   Platform: Various version of SunOS
   Warning About: Sun ypbind Buffer Overflow Vulnerability
   Report From:   CIAC Bulletins
   * Release Note: This vulnerability may allow a local or remote user to
     gain root access and, therefore, complete control of the system.
     Solution: Apply the patches described below.
   * Click here for Bulletin Number L-103

   Top of Page

   Back to the Virus Archives page

[Home] - [About Us] - [News] - [Downloads] - [Warnings] - [Links]
[Archives] - [Non-Java Web Chat] - [PGP] - [Search Page] - [Feedback]

Virus Help Team Canada Site (c)2000-2012 by Charlene
VHT-CAN and our webhoster disclaimes any responsibility for software
obtained through this site. Contact VHT-Canada