Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
10 January 2005  
Untitled Document
Sections

Market
Management
Technology
Broadband
Technology Life

Columns

Between The Bytes

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Exp. Hotelier & Caterer
Exp. Travel & Tourism
feBusiness Traveller
Exp. Pharma Pulse
Exp. Healthcare Mgmt.
Exp. Textile
Group Sites
ExpressIndia
Indian Express
Financial Express
Home - Technology - Article

Update

A compilation of the latest information about Virus, Security and Patches which could be vital for your system

Christmas attacks on IE and PHP servers

Christmas day found some nasty packages in mailboxes. Old Internet Explorer bugs were exhumed, dusted off and probed. Fresh avatars of the Santy worm attacked Windows PCs and PHP servers.

The “Microsoft Internet Explorer Full Remote Compromise w/o User Intervention” exploit is based on old vulnerabilities in Windows XP Service Pack 2. Two targets in SP2 exist: the Help ActiveX control related topics zone security bypass vulnerability and the Help ActiveX control related topics cross site scripting vulnerability. The attack results in a file being placed in the startup folder from where it executes when the system is rebooted. This attack can be used by spyware to compromise a PC.

Santy.A worm attacks are on the wane. Santy.B attacks phpBB-based servers by searching for “viewtopic.php” and using AOL.com or Yahoo! to come up with a list of potential targets. Santy.B exploits the same server-side vulnerability as its predecessor—the PHPBB Remote URLDecode Input Validation Vulnerability. It overwrites all .htm, .php, .asp, .shtm, .jsp, and .phtm files by defacing.

Administrators are urged to upgrade to phpBB Version 2.0.11 that fixes the vulnerability although some say that Version 2.0.11 is also affected.

The new Santy worms are touted to be deadlier than Santy.A. Santy.B installs a backdoor server and a remote control IRC tool on infected machines. The exploit may also be used to attack other PHP sites with a general script-injection technique.

Cabir worm gets nastier

The Cabir cellular phone virus is turning into a bigger threat. Former versions of the Symbian worm that uses Bluetooth to proliferate were relatively harmless. F-Secure has issued alerts for Cabir.H, Cabir.I, and Cabir.J. These variants fix a flaw that was slowing down Cabir’s dissemination. Cabir originally spread to one new phone per reboot (while) Cabir.H and Cabir.I can spread to an unlimited number of phones per reboot.

As the new variants seem to be recompiled versions of the original Cabir source code F-Secure says that “the Cabir source code is floating around in the underground.” Symbian users can protect themselves by turning off a smartphone’s ‘discoverable’ mode. The malicious software affects only phones running Nokia’s Series 60 user interface as per Symbian.

Trojan attacks Windows XP

The Phel Trojan that infects Windows XP PCs and installs programs to remote control a compromised system. The program’s name is an anagram of ‘Help’ and it infects visitors to a hacker’s Web site using Internet Explorer’s Help controls. It exploits a vulnerability that was reported in October 2004. The vulnerability lies in how Internet Explorer and Windows XP Service Pack 2 handle help files that are invoked from a Web page. Microsoft is working to analyse the malicious code in Phel.

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Bombay) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Bombay) Limited. Site managed by BPD.