Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same.

Firefox updated for Debian

Debian has issued an update for Mozilla and Firefox. This fixes a vulnerability which can be exploited to spoof the contents of Web sites.

The operating systems that are affected are Debian GNU/Linux 3.1 and Debian GNU/Linux unstable alias sid. The vulnerability has been confirmed in Firefox 1.0.4 and Mozilla 1.7.8. Other versions may also be affected.

Red Hat kernel update

Red Hat has issued a kernel update. Multiple vulnerabilities have been reported in the Linux Kernel which can be exploited by local users to launch a DoS (Denial of Service) attack or gain knowledge of potentially sensitive information or gain privileges. The vulnerability has been reported in version 2.6.9. Other versions may also be affected.

Vulnerability reported in Symantec AntiVirus

A vulnerability has been reported in Symantec AntiVirus Corporate Edition and Symantec Client Security, which can be exploited to gain escalated privileges.

It is caused due to the GUI invoking the help functionality insecurely without dropping privileges, which can be exploited to gain SYSTEM privileges on a vulnerable system.

The vulnerability affects the Symantec AntiVirus Corporate Edition 9.0, 9.0.1, 9.0.2, and Symantec Client Security 2.0, 2.0.1 and 2.0.2 versions.

Sophos reports W32/Combra-D

W32/Combra-D is an e-mail worm with downloader Trojan capabilities. When run, it will attempt to display a Web site using Internet Explorer. W32/Combra-D harvests e-mail addresses from the Windows Address Book and sends an HTML e-mail message to the addresses found. The message contains links that appear to point to a legitimate Web site, but actually directs the user to a remote file.

IRCBot.KN detected

Panda anti-virus software has reported IRCBot.KN, a backdoor that connects to an IRC server in order to receive remote control commands. It can be instructed to search for computers to affect, launch DoS attacks, download files, etc. IRCBot.KN is difficult to recognise as it does not display any messages or warnings that indicates that it has infected the computer. It affects Windows 2003, XP, 2000, NT, ME, 98 and 95. Patches are available at the Microsoft Web site.

IM worm found

A new MSN Messenger worm dubbed Kelvir.HI tailors the language of its attack message to the compromised system. It can send messages in English, Dutch, French, German, Greek (English alphabet), Italian, Portuguese, Swedish, Spanish and Turkish. It checks which language the Windows client is configured to use and then sends a specific message. When it hits an English system, the worm sends out the following message: “haha i found your picture!” The message is sent to everybody on a user’s contacts list. The message includes a Web link that when clicked results in the download of a malicious software that installs a backdoor and furthers the spread of the worm. The worm is a variant of the Kelvir pest that first surfaced in February.