News Item: Breaking Virus/Security News
In the virus world, things are finally slowing down: since the previous update, a relatively few new threats—just over 50—have been identified and signatures created. Of these, only 1 is rated at Category 2, and none is rated higher than that. This is the W32.HLLW.Maax@mm worm, aka Worm.P2P.Axam, which affects Windows 95, 98, Me, NT, 2000, and XP. It uses various file-sharing programs and MS Outlook to spread; other common symptoms include a subject from a predefined list, and an attachment named Tca.exe. For more details, visit Symantec’s “Virus Definitions Added” (http://www.symantec.com/avcenter/defs.added.html).
At Microsoft, things are also reasonably active: three new security bulletins have been posted since the last newsletter. Only two refer to actual threats; Bulletin MS03-004 simply announces the availability of a new cumulative patch for Internet Explorer (for versions 5.01, 5.5, and 6.0).
- For the current list of security bulletins and updates, seehttp://www.microsoft.com/technet/security/default.asp
- For information about the IE cumulative patch, see http://www.microsoft.com/technet/security/bulletin/ms03-004.asp
The CERT site at www.cert.org includes ongoing coverage of the Slammer worm, initially reported in the previous newsletter. This worm continues to propagate and to affect vulnerable machines despite frequent news reports and warnings about the vulnerability, and the well-documented availability of patches and repair utilities. For more information on the current situation and additional recommendations, please see
http://www.cert.org/advisories/CA-2003-04.html . Also, CERT reports significant scanning activity that targets NetBIOS services (particularly ports 137/tcp and 445/tcp) in apparent attempts to access unprotected Windows shares. Here again, although these risks are well documented, such vulnerabilities remain far too common.