Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
31 January 2005  
Untitled Document
Sections

Market
Management
E-governance
Technology
Technology Life

Columns

Between The Bytes

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Exp. Hotelier & Caterer
Exp. Travel & Tourism
feBusiness Traveller
Exp. Pharma Pulse
Exp. Healthcare Mgmt.
Exp. Textile
Group Sites
ExpressIndia
Indian Express
Financial Express
Home - Technology - Article

Updates

A compilation of the latest information about Virus, Security and Patches which could be vital for your system

Worm targets Microsoft security bulletin vulnerabilities

Worm_Agobot.AEK is a new worm that exploits vulnerabilities discussed in Microsoft security bulletins. The worm spreads itself through shared folders on the network by dropping copies of itself as sagate.exe in the Windows system folder. It uses the account of the current user and a list of user names and passwords to gain access to shared folders. The worm is capable of acting as a program controlled by an Internet Relay Chat bot which can then be used for performing 'backdoor' activities. Finally, the worm is also capable of modifying the HOSTS file in such a manner that the user can no longer access known anti-virus and security websites. For removing the worm, start by typing NET STOP Sagate Security Firewall at the command prompt. The next step is to locate and remove registry entries containing the value, sagate.exe. After that you need to delete the entries made in the HOSTS file by the worm that prevent users from accessing anti-virus sites. Finally, you need to apply patches for the vulnerabilities discussed in the Microsoft security bulletins.

Buffer overflow vulnerability in SAP DB

Security firm, iDEFENSE has reported a buffer overflow vulnerability in MaxDB by MySQL. This database is a rebranded version of SAP's open source database, SAP DB. A stack-based buffer overflow vulnerability lets attackers execute code with system privileges. As the vulnerability has been found in the web administration service, security firms advise configuring the service to disable connections from untrusted hosts. Additionally, IT managers need to deploy firewalls and access control lists to limit access to administrative services. This vulnerability has been addressed in MaxDB. Patch information is available at www.sapdb.org/webpts?wptsdetail=yes& ErrorType=0&ErrorID=1131190

SMTP worm

A mass e-mailing worm, W32.Mugly.D@mm has been reported by security firm, Symantec. The worm uses its own SMTP engine and spreads by sending itself as an e-mail attachment to addresses gathered from the compromised computer. It sends e-mail messages with subjects such as 'Happy New Year' and 'Merry Christmas from our family'. Most security vendors have released patches for removing this worm.

Tricking Windows DRM

Anti-virus firm, Panda Software has reported two Trojans that trick Windows Media Player to install viruses, spyware and adware. The Trojans (Trj/WmvDownloader.A and Trj/WmvDownloader.B) take advantage of the new DRM (digital rights management) technology incorporated in Windows Media Player 10 which is designed to protect the copyrights of audio-visual content. Typically, when a user plays a protected Windows media file, the DRM technology demands a valid license. If the license is not stored on the local computer, the application starts looking for it on the Internet so that the user can buy the file. As the Trojans look like normal video files present on peer-to-peer file sharing networks, users can be tricked into downloading these files. The user is directed to web addresses from where the Trojan starts downloading viruses, Trojans, spyware and adware.

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Bombay) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Bombay) Limited. Site managed by BPD.