LabMice.net - The Windows 2000\XP\.NET Resource Index
Home | About Us | Search

Last Updated December 10, 2003

 

AntiVirus
  Where to Start
  AntiVirus Vendors
  Encyclopedias
  Hoaxes & Virus Myths
  Macro Viruses
  Prevention
  Recent Outbreaks
  Virus Zoos


Security

  Anti-Virus
  Articles
  Books on Security
  Cryptography
  Disaster Recovery
  FAQ's & Tutorials
  Firewalls
  Hacking
  Intrusion Detection
  Kerberos
  Legal Resources
  Online Seminars
  Password Security
  Security Links
  Securing Networks
  Vulnerabilities

Recent Outbreaks

The problem with virus scanners that are based on a database of known viruses is that the approach is reactive. If the virus isn't in the database and doesn't mimic the pattern of a known virus, it may continue to spread across your network undetected. So keeping up with new threats and updating your virus definitions is critical to protecting your infrastructure. The following are articles and advisories about the latest viruses that have been identifies to be live and 'in the wild"
Latest Advisories...

KB 823980 Scanning Tool
If you're still trying to secure your workstations and servers against W32.Blaster and variants that exploit the RPC vulnerability, Microsoft has released a free tool that network administrators can use to identify host computers on their network that do not have the 823980 security patch (MS03-026) installed. The KB823980scan.exe tool can scan remote host computers without requiring authentication (that is, you do not have to supply valid credentials on the remote host computer). Use of the KB823980scan.exe tool does not affect the stability of the target operating system that is scanned. You can use the KB823980scan.exe tool from a Windows Server 2003-based, Windows XP-based, or Windows 2000-based computer to scan your network. Source: Microsoft.com

W32.Blaster.Worm
If you're having problems with Windows NT/2000/XP/2003 computers shutting down every few minutes with the error "The RPC service terminated unexpectedly", chances are your systems have been infected with the W32.Blaster.Worm. Also known as "Mblast" this bug doesn't require any user interaction to infect host systems. It simply scans available networks for machines with an unpatched vulnerability in Microsoft's RPC service, installs itself, and repeats the process to infect new systems. In addition to causing instabilities that will repeatedly shut down the host system, the worm also launches a denial of service attack against the Microsoft Update website. Infected machines will also have the "Mblast.exe" file in the windows/system32 folder and the Mblast process will be visible in Task Manager.

Worm masquerades as note from IT staff
A new mass-mailing virus, which disguises itself as a file sent by a computer user's network administrator, begins infecting systems. Source: CNET (Aug 1, 2003)

Sobig spawns a recipe for secret spam
Now spreading worldwide, a new variant of the Sobig worm could allow spammers to use infected PCs to send bulk e-mail that can't be traced back to its source.
Source: ZDNet (June 25, 2003)

IE flaw could unearth worm
A vulnerability in Microsoft's Internet Explorer browser could result in the creation of a serious Internet worm, security experts warn.
Source: CNET (June 25, 2003)

Mystery Malware Comes to Light
Security experts finally have a handle on mystery malware that has recently generated loads of suspicious IP traffic. What researchers first thought was a new Trojan is actually a distributed network mapping tool that doubles as a listening agent. Source: eWeek (June 19, 2003)

Trojan Horse Picks Up Steam, Baffles Experts
Security experts still can't get a good handle on the behavior of a new Trojan, which is infecting machines at an increasing rate. Source: eWeek (June 18, 2003)

Bugbear.B gets 'high' threat ratings
Antivirus companies warn PC users that a variant of the Bugbear virus is spreading across the Net, installing tools on infected computers that let intruders control the systems.  Source: ZDNet (June 5, 2003)

Security experts warn of worm variant
Sobig.C is already spreading rapidly around the world, and experts are warning that it may be succeeded in a few days by another upgrade. Source: CNET (June 2, 2003)

Palyh Worm Continues Its Assault
The Palyh worm continued to spread rapidly Monday, with some users seeing as many as a dozen copies an hour. Source: eWeek (May 20, 2003)

New Palyh-A worm disguises itself as an email from Microsoft
A new email-aware worm is spreading, disguised as an email appearing to come from Microsoft's technical support department. Source: Sophos (May 19, 2003)

Fizzer worm spreads across the Internet
An especially nasty worm is spreading rapidly. It can attack from e-mail or Kazaa, it's self-updating and can even set up its own IM accounts. Source: ZDNet (May 12, 2003)

Virus Alert: Worm Sends Anti-War Email
A worm using Microsoft Outlook's Messaging Application Programming Interface (MAPI) sends out an anti-war email message with itself as an attachment to addresses listed in the user's Outlook address book. Source: eSecurityPlanet (March 18, 2003)

New Worm Targets Microsoft Messenger Programs 
A new worm, distributed as a Windows .EXE file attachment to a mass email, is one of the first to involve Microsoft's instant messenging programs in its exploit. Reports are somewhat in conflict on exactly what it does, but prevention and containment appear to be easy. Source: ZiffDavis (March 12, 2003)

Code Red II Variant on the Prowl
However, worm so far has infected only a few machines and is unlikely to spread extensively, experts say. Source: eWeek (March 11, 2003)

Deloder worm threatens DDos attack
A new worm that leaves behind two Trojan horse programs has begun spreading over the Internet, and may be paving the way for a crippling distributed denial of service (DDoS) attack. Source: ZDNet (March 10, 2003)

LoveGate worm's got a hold on PCs
The mass-mailing computer program installs a backdoor Trojan horse on infected systems, allowing a remote attacker access to a victim's PC. Source: CNET (Feb 24, 2003)

Behind the Scenes of the SQL Slammer Worm Virus
Learn how the Slammer worm exploited the vulnerability of unpatched systems. Source: Windows & .NET Magazine

 

Pinky, Are You Pondering What I'm Pondering?
I think so Brain, but how do we get the Spice Girls into the paella.
- Pinky and the Brain in "My Feldmans, my friends"

Entire contents
© 1999-2003 LabMice.net and TechTarget
All rights reserved

This site and its contents are Copyright 1999-2003 by LabMice.net. Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with LabMice.net. The products referenced in this site are provided by parties other than LabMice.net. LabMice.net makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.