Virus Warnings from November 2001
______________________________________________________________
[Jump to Amiga] [Jump to Windows] [Jump to Mac]
[Jump to Linux] [Jump to Misc]
______________________________________________________________
Amiga
18 November 2001 - MUI Security Bug-Fix (update)
Since the time of the original release of Jörg Strohmayer, having come
up with a fix for all MUI programs, there has been a few public posts
by other interested parties. David 'zapek' Gerber, of Vapor, has quite
a few comments that are well worth reading by any Amiga MUI user. Either
finger zapek@vapor.com or visit http://v3.vapor.com/?finger=zapek by
following the above link. My personal decision after reading Zapek's
comments, was to remove the newly installed muilowlevel.library done
by Jörg Strohmayer.
10 November 2001 - Major Escape Sequence Exploit In MUI
The Internet News section of Amiga.org has this posted by Wayne Martin:
Warning: A major exploit in MUI internet software has been found, The
exploit would allow commands to be executed on your machine. Everything
from STRICQ to YAM is effected, although a fix for YAM is coming soon.
So far Vapor has confirmed its applications such as AmIRC etc are not
succeptable to this exploit. To help prevent the use of this exploit on
your system, make sure PIPE: and similar PIPE devices are not mounted
on your system. You may also wish to rename or password protect your
important system commands such as delete, format and so forth.
* abraxis Security Advisory 2001-08-11 Escape Sequence Exploit
Top of Page
Windows
26 November 2001 - Virus alert: F-Secure Warns Of Email Worm BadTrans
F-Secure Corporation is alerting computer users worldwide of an email
worm called BadTrans.B. According to F-Secure, this worm is spreading
fast through email messages and installs a spying Trojan component to
steal information from infected systems.
* Alert at F-Prot: A new variant called W95/Badtrans.B
22 November 2001 - Microsoft Security Bulletin MS01-056
Microsoft TechNet Security's latest bulletin outlines "Windows Media
Player .ASF Processor Contains Unchecked Buffer". One of the streaming
media formats supported b Windows Media Player is Advanced Streaming
Format (ASF). A security vulnerability occurs in Windows Media Player
6.4 because the code that processes ASF files contains an unchecked
buffer. Maximum Severity Rating: Critical, amd customers running
affected products should apply the patch immediately.
22 November 2001 - Microsoft Security Bulletin MS01-055
Microsoft TechNet Security's latest bulletin outlines "13 November 2001
Cumulative Patch for IE". In addition to eliminating all previously
discussed vulnerabilities affecting IE 5.5 Service Pack 2 and IE 6, the
patch also eliminates three newly discovered ones.
18 November 2001 - F-Prot *NOT* infected with W32.Nimda.enc(dr)
Frisk Software International news, says Symantec's Antivirus software,
Norton Antivirus, has been reporting F-Prot Antivirus for Windows as
being infected with W32.Nimda.enc(dr) following the November 9th
release of Symantec's virus definitions. This is a false positive due
to what appears to be a lack of quality assurance on their part.
* More info on this false positive can be acquired from Symantec link
14 November 2001 - F-Prot antivirus NOT infected with Nimda virus
This just in from Virus Help Denmark on Nov 13th. Symantec's Antivirus
software, Norton Antivirus, has been reporting F-Prot Antivirus for
Windows as being infected with W32.Nimda.enc(dr) following the November
9th release of Symantec's virus definitions. This is a false positive
due to what appears to be a lack of quality assurance on their part.
* Click here for InstallShield's alert to their customers
01 November 2001 - Latest Virus Descriptions
Warning About: Elkern
* Click here for F-Secure Virus Report
* Click here for NAI Virus Report
Aliases: W95/Elkern, W32.ElKern.3326
Release Note: This is a polymorphic and parasitic file-infecting virus
capable of spreading under Windows 98 and Windows Me only. It hits
32-bit applications of PE type only.
Warning About: Klez
* Click here for F-Secure Virus Report
* Click here for NAI Virus Report
Aliases: ElKern, Klaz, Kletz, I-Worm.Klez, W32/Klez.a@MM
W32/Klez.b@MM, W32/Klez@MM, W32\Klez (Panda)
Release Note: Klez is a mass-mailer worm which drops a polymporphic EXE
virus called ElKern. This worm makes use of the Incorrect MIME Header
can cause IE to execute E-mail attachment vulnerability in Microsoft
Internet Explorer (ver 5.01 or 5.5 without SP2)
Top of Page
Macintosh
No warnings for November 2001
Top of Page
Linux
No warnings for November 2001
Top of Page
Miscellaneous
08 November 2001 - CERT Incident Note IN-2001-12
Exploitation of vulnerability in SSH1 CRC-32 compensation attack detector
The CERT Coordination Center has received multiple reports of systems
being compromised via the CRC-32 compensation attack detector
vulnerability described in VU#945216. They are also receiving reports of
increased scanning activity for the SSH service (22/tcp).
Top of Page
Back to the Virus Archives page