Weekly report on viruses and intruders
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, February 11, 2005 - This week's report looks at four vulnerabilities
and a worm called Mydoom.AK.

First we will take a look at the main characteristics of the four security
problems, for which Microsoft has released patches. Users of affected
systems are advised to install the patches.

- Server Message Block -SMB- problem. This affects Windows 2000, Windows XP
and Windows Server 2003 and allows code to be executed. Ways of exploiting
it include creating special network packets and sending them to a vulnerable
computer, generating an email message with a link to a web page and using a
program that passes parameters to the vulnerable SMB component.

- License Logging vulnerability. This affects Windows NT Server 4.0 (SP6a
and Terminal Server Edition SP6), Windows 2000 Server SP4 and SP3 and
Windows Server 2003. It could permit remote execution of code and could be
exploited through a specially crafted network packet sent to the vulnerable
computer.

If a hacker successfully exploited this problem he could take control of the
computer with the same privileges as the user that started the session. If
the user had administrator rights, the hacker could take control of the
entire system (and therefore create, modify or delete files; install
programs; create new user accounts, etc.). In computers with Windows 2003
Server it could allow a denial of service attack (DoS).

- Security problem in the processing of PNG (Portable Network Graphic)
files. This affects applications such as Windows Media Player 9.0 (when run
on Windows 2000, Windows XP Service Pack 1 and Windows Server 2003),
Microsoft Windows Messenger version 5.0, Microsoft MSN Messenger 6.1 and
Microsoft MSN Messenger 6.2. It could be used by viruses to rapidly infect
computers via malformed real PNG images which, when processed by one of the
affected products, could cause the computer to crash.

- Vulnerability in Microsoft Office XP. This affects Office XP, Word 2002,
PowerPoint 2002, Project 2002, Visio 2002, Works 2002, Works 2003 and Works
2004. This could allow a buffer overflow, which if exploited by a hacker,
could give control over the computer with the same privileges as the user
that started the session.

Mydoom.AK, is a worm with variable characteristics that spreads via email.
The subject field sometimes includes messages referring to Valentine's Day,
such as "Happy Valentine's day".

Mydoom.AK terminates active processes belonging to certain antivirus
products, firewalls and other security programs. For this reason, this worm
can leave computers vulnerable to attack from other malware.

Mydoom.AK searches for email addresses in the affected computer in files
with the following extensions: ADB, ASP, DBX, DOC, EML, FPT, HTM, HTML, INB,
MBX, OFT, PAB, PHP, PL, PMR, SHT, TBB, TXT, UIN and XLS-. It then sends
itself out to them -other than those that contain certain text strings-,
using its own SMTP engine.

Should You Stop Using Internet Explorer?

When ever I go to an IT related event (which is quite frequently), it almost never fails that before the event is over with, I have someone arguing with me that the only way to secure your computer is to get rid of Internet Explorer and use a different Web browser (if not a completely different operating system) instead.

I certainly mean no disrespect to the people who prefer alternate browsers, but I wanted to put in my two cents worth on this issue. I fully admit that Internet Explorer is very prone to security breaches.

Microsoft is constantly releasing new security patches, but even so, Internet Explorer still seems to be extremely prone to spyware infections. Is this enough to warrant giving IE the boot though?

I don’t think so. If you prefer an alternate browser, that’s fine. I’m not going to try to convince you to give up your browser of choice in favor of Internet Explorer. At the same time though, I also believe that it is possible to make Internet Explorer secure enough that you don’t have to worry about switching to another browser. Read more...

Harry Potter Used In Spam Mailings

The spam community never seems to miss an opportunity to trick unsuspecting users into opening and clicking what most would deem as unwanted mail. One of the more popular ways to trick unsuspecting recipients is by using misleading subject lines.

There have been reported spam "attacks" which feature subject lines about natural disasters, popular entertainers, and of course, the ever present get-rich-quick schemes that permeate inboxes. Keeping with this theme, another group of spam mailings using the upcoming Harry Potter book to trick people into clicking has been discovered.

In other news, with voice over IP becoming a popular medium of communication, malicious code writers have another target for their exploits. Because of the potential threat, a number of security and telecommunications companies have formed a VoIP Security Alliance.

Speaking of security groups, while one is being formed, another seems to be on the verge of collapse. The anti-spyware consortium, COAST (Consortium of Anti-Spyware Technology Vendors), lost another member, further damaging the effectiveness of the group's explicit goal: curbing spyware.

According to Sophos.com, a number of spam emails that have appeared recently use the upcoming JK Rowling book to trick recipients into visiting a "make money fast" scheme. Sophos's global network of spam monitoring stations have sighted thousands of instances of an email claiming to be instructions on how to win a copy of the as-yet-unpublished next book by JK Rowling, "Harry Potter and the Half-Blood Prince."

The emails claim that recipients can get a free copy of the book by clicking on a link, but this in fact takes users to a website offering advice on "free money-making secrets", with no mention of the troubled teenage wizard…

Last week, Harry Potter author JK Rowling warned fans to beware internet fraudsters who were phishing for credit card details by pretending to offer electronic copies of the new book online.


Security Group For VoIP Forms

As voice over IP becomes more and more popular, virus writers and malicious coders have another target to concentrate on. As with most methods of modern communication (think mobile phones), viruses and other types of attacks are becoming legitimate threats to those who use these services.

Because of these threats, a number of telecommunications and security companies are joining forces to promote VoIP security, as well as the types of threats VoIP users can face.

As reported by PCWorld.com,