Latest Advisories

Live Virus Advisory Feeds
05-13-2004



*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

National Cyber Alert System (US-Cert)


Secunia

Secunia Highlights

Symantec Client Firewall Products Multiple Vulnerabilities

eEye Digital Security has discovered multiple vulnerabilities in various Symantec firewall products, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

Eudora URL Handling Buffer Overflow Vulnerability

Paul Szabo has reported a vulnerability in Eudora, which can be exploited by malicious people to compromise a user's system.

Latest Virus Alert

WALLON.A - MEDIUM RISK Virus Alert

Alert Sent:
2004-05-11 18:49 First Report About This Virus:
2004-05-11 17:28

Current Threat:
Currently Confirmed By:
7 vendors.

Latest Secunia Security Advisories
2004-05-13

- Linksys BEF Series Routers DHCP Vulnerability
- OpenBSD procfs Integer Overflow Vulnerability
- Zoneminder Query String Buffer Overflow Vulnerability
- Sweex Wireless Broadband Router Exposure of Configuration
- Opera Browser Telnet URI Handler File Manipulation Vulnerability
- Outpost Firewall Denial of Service Vulnerability
- Slackware update for apache
- Opera Browser Address Bar Spoofing Vulnerability
- Symantec Client Firewall Products Multiple Vulnerabilities

2004-05-12
- Red Hat update for kernel

Latest Virus Information

2004-05-13
- Sober.G - Reported by Computer Associates
Risk: Low Risk. Grouped with 1 virus description:
- W32/Sober.g@MM [Network Associates]

- Spybot-T - Reported by Sophos

- Agobot-IE - Reported by Sophos

- Sdbot-CG - Reported by Sophos

- SdBot-CH - Reported by Sophos

- Agobot-IQ - Reported by Sophos
Risk: Not Assessed. Grouped with 2 virus descriptions:
- Agobot.AX [F-Secure]
- W32.HLLW.Gaobot.gen [Symantec]

- Padodor-B - Reported by Sophos

- Haxdoor-E - Reported by Sophos

- DownLdr-FE - Reported by Sophos

- Agobot-ZD - Reported by Sophos

Security Tracker

Norton AntiSpam SYMDNS.SYS Driver Lets Remote Users Execute Arbitrary Code to Take Full Control of the System

Several vulnerabilities were reported in Symantec's Norton AntiSpam in the 'SYMDNS.SYS' driver. A remote user can cause denial of service conditions or execute arbitrary code on the target system with kernel-level privileges.

Impact: Denial of service via network, Execution of arbitrary code via network, Root access via network

Symantec Client Security SYMDNS.SYS Driver Lets Remote Users Execute Arbitrary Code to Take Full Control of the System

Several vulnerabilities were reported in Symantec's Client Security in the 'SYMDNS.SYS' driver. A remote user can cause denial of service conditions or execute arbitrary code on the target system with kernel-level privileges.

Impact: Denial of service via network, Execution of arbitrary code via network, Root access via network

Symantec Client Firewall SYMDNS.SYS Driver Lets Remote Users Execute Arbitrary Code to Take Full Control of the System

Several vulnerabilities were reported in Symantec's Client Firewall in the 'SYMDNS.SYS' driver. A remote user can cause denial of service conditions or execute arbitrary code on the target system with kernel-level privileges.

Impact: Denial of service via network, Execution of arbitrary code via network, Root access via network

Sweex Wireless Broadband Router Disclosed Administrative Password to Remote Users

An information disclosure vulnerability was reported in the Sweex Wireless Broadband Router. A remote user can obtain the device's configuration information, including passwords.

Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information

Opera Telnet URL Processing Flaw Lets Remote Users Create or Overwrite Files

iDEFENSE reported a vulnerability in Opera in the processing of telnet URLs. A remote user can create a URL that, when loaded, will create or overwrite files on the target user's system.

Impact: Modification of system information, Modification of user information

SecurityFocus Vulnerabilities

2004-05-10: Microsoft Windows LSASS Buffer Overrun Vulnerability
2004-05-10: Linux Kernel Local IO Access Inheritance Vulnerability
2004-05-10: APSIS Pound Remote Format String Vulnerability
2004-05-10: Monit Overly Long HTTP Request Buffer Overrun Vulnerability
2004-05-10: IBM Parallel Environment Network Table API Sample Code Undisclosed Command Execution Vulnerability
2004-05-10: Microsoft Internet Explorer Embedded Image URI Obfuscation Weakness
2004-05-10: Microsoft Outlook 2003 Predictable File Location Weakness
2004-05-09: Multiple LHA Buffer Overflow/Directory Traversal Vulnerabilities
2004-05-08: Adam Webb NukeJokes Module For PHP-Nuke Multiple Input Validation Vulnerabilities
2004-05-08: OpenSSL ASN.1 Large Recursion Remote Denial Of Service Vulnerability
2004-05-08: OpenSSL Denial of Service Vulnerabilities
2004-05-08: EFFingerD Remote Buffer Overflow Vulnerability
2004-05-08: MyWeb HTTP Server GET Request Buffer Overflow Vulnerability
2004-05-08: Sendmail Prescan() Variant Remote Buffer Overrun Vulnerability
2004-05-08: SSMTP Mail Transfer Agent Multiple Format String Vulnerabilities
2004-05-08: XFree86 Font Information File Buffer Overflow Vulnerability
2004-05-07: Sun Java Runtime Environment Unspecified Remote Denial Of Service Vulnerability
2004-05-07: Trend Micro OfficeScan Weak Default Permissions Vulnerabilities
2004-05-07: Qualcomm Eudora Embedded Hyperlink Buffer Overrun Vulnerability
2004-05-06: SuSE LINUX 9.1 Personal Edition Live CD-ROM SSH Server Default Account Vulnerability
2004-05-06: KAME Racoon Remote IKE Message Denial Of Service Vulnerability
2004-05-06: Kinesphere Corporation Exchange POP3 Remote Buffer Overflow Vulnerability
2004-05-06: SurgeLDAP Web Administration Authentication Bypass Vulnerability
2004-05-06: DeleGate SSLway Filter Remote Stack Based Buffer Overflow Vulnerability
2004-05-06: Cisco Internet Operating System SNMP Message Processing Denial Of Service Vulnerability
2004-05-06: e107 Website System Multiple Script HTML Injection Vulnerability
2004-05-06: Microsoft ASP.NET Malformed HTTP Request Information Disclosure Vulnerability

Symantec SSR

W32.Gaobot.AJJ May 11, 2004 May 12, 2004
W32.Gaobot.AJE May 11, 2004 May 12, 2004
Backdoor.Nibu.E May 11, 2004 May 12, 2004
PWSteal.Tarno.H May 11, 2004 May 12, 2004
W32.Posit@mm
Bloodhound.W32.VBWORM May 11, 2004 May 12, 2004
W32.Wallon.A@mm
WORM_WALLON.A [Trend], Win32.Wallon [Computer Associates], W32/Wallon.worm.a [McAfee], I-Worm.Wallon [Kaspersky] May 11, 2004 May 12, 2004
W32.Gaobot.AJD
Backdoor.Agobot.gen [Kaspersky] May 11, 2004 May 11, 2004
W32.Donk.Q May 10, 2004 May 11, 2004
W32.Sasser.F.Worm May 10, 2004 May 11, 2004
Backdoor.Sinups May 10, 2004 May 10, 2004
W32.Cycle
Win32.Cycle.A [Computer Associates], WORM_CYCLE.A [Trend], W32/Cycle.worm.a [McAfee] May 10, 2004 May 10, 2004
W32.Sasser.E.Worm May 9, 2004 May 9, 2004
W32.Axon.B
Win32.HLLP.Riaz [Kaspersky] May 8, 2004 May 9, 2004
W32.Golo.A@mm May 8, 2004 May 9, 2004
W32.Axon
W32/Riaz [McAfee], Win32.HLLP.Xenon [Kaspersky] May 7, 2004 May 8, 2004
Hacktool.Upload May 7, 2004 May 7, 2004
W32.Gobot.A
Backdoor.Gobot.u [Kaspersky], Exploit-Mydoom [McAfee] May 6, 2004 May 7, 2004
W32.Randex.AEV
W32/Sdbot.worm.gen.j [McAfee], WORM_SDBOT.Z [Trend] May 6, 2004 May 7, 2004
W32.Welchia.K May 5, 2004 May 6, 2004
W32.Arcam May 4, 2004 May 5, 2004
Backdoor.Carool May 4, 2004 May 4, 2004
W32.Netad.Trojan May 4, 2004 May 4, 2004
W32.Supova.Z@mm May 3, 2004 May 3, 2004
W32.Netsky.AC@mm
WORM_NETSKY.AC [Trend], W32/Netsky-AC [Sophos], Win32.Netsky.AC [Computer Associates], I-Worm.NetSky.ad [Kaspersky] May 3, 2004 May 3, 2004
W32.Sasser.D
W32/Sasser-D [Sophos], WORM_SASSER.D [Trend], W32/Sasser.worm.d [McAfee], Win32.Sasser.D [Computer Associates], Worm.Win32.Sasser.d [Kaspersky] May 3, 2004 May 3, 2004
W32.Sasser.C.Worm
W32/Sasser-C [Sophos], Worm.Win32.Sasser.c [Kaspersky], W32/Sasser.worm.c [McAfee], WORM_SASSER.C [Trend], Win32.Sasser.C [Computer Associates] May 2, 2004 May 2, 2004
Trojan.Adwaheck May 2, 2004 May 2, 2004
W32.Sasser.B.Worm
WORM_SASSER.B [Trend], W32/Sasser.worm.b [McAfee], Worm.Win32.Sasser.b [Kaspersky], W32/Sasser-B [Sophos], Win32.Sasser.B [Computer Associates], Sasser.B [F-Secure], W32/Sasser.B.worm [Panda], Win32/Sasser.B.worm [RAV], W32/Sasser.B [F-Prot] May 1, 2004 May 1, 2004
W32.Sasser.Worm
W32/Sasser.worm.a [McAfee], WORM_SASSER.A [Trend], Worm.Win32.Sasser.a [Kaspersky], W32/Sasser-A [Sophos], Win32.Sasser.A [Computer Associates], Sasser [F-Secure], W32/Sasser.A.worm [Panda] April 30, 2004 May 1, 2004
W32.Misodene@mm
WORM_MISODENE.A [Trend], W32/Misoden.a@MM [McAfee] April 29, 2004 April 30, 2004
Backdoor.Sdbot.Z
Backdoor.SdBot.ht [Kaspersky] April 29, 2004 April 29, 2004
W32.Gaobot.AFW April 29, 2004 April 29, 2004
W32.Gaobot.AFJ
Backdoor.Agobot.gen [Kaspersky], WORM_AGOBOT.JF [Trend], WORM_AGOBOT.JO [Trend] April 27, 2004 April 28, 2004
W32.Gaobot.AFC
Backdoor.Agobot.gen [Kaspersky] April 29, 2004 April 29, 2004
W32.Beagle.X@mm
I-Worm.Bagle.z [Kaspersky], WORM_BAGLE.Z [Trend], WORM_BAGLE.AA [Trend], WORM_BAGLE.AB [Trend], W32/Bagle.aa@MM [McAfee], W32/Bagle.ab@MM [McAfee], W32/Bagle-AA [Sophos], Win32.Bagle.X [Computer Associates] April 28, 2004 April 28, 2004
W32.Netsky.AB@mm
W32/Netsky-AB [Sophos], W32/Netsky.ab@MM [McAfee], WORM_NETSKY.AB [Trend], Win32.Netsky.AB [Computer Associates], I-Worm.Netsky.ac [Kaspersky] April 27, 2004 April 28, 2004
Backdoor.Mipsiv April 27, 2004 April 28, 2004
W97M.Smey
W97M/Generic (McAfee), macro.Word97.Smyser.b (KAV) April 27, 2004 April 28, 2004
W32.Netsky.AA@mm
WORM_NETSKY.AA [Trend], W32/Netsky.aa@MM [McAfee], Win32.Netsky.AA [Computer Associates], W32/Netsky-AA [Sophos] April 27, 2004 April 27, 2004
Hacktool.LsassSba
Bloodhound.Exploit.8 April 27, 2004 April 27, 2004
W32.Traxg@mm April 26, 2004 April 27, 2004
W32.Beagle.W@mm
W32/Bagle.z@MM [McAfee], W32/Bagle-W [Sophos], Win32.Bagle.W [Computer Associates], WORM_BAGLE.X [Trend], I-Worm.Bagle.y [Kaspersky], Bagle.Y [F-Secure] April 26, 2004 April 26, 2004
Hacktool.THCIISLame April 26, 2004 April 26, 2004
PWSteal.Tarno.G April 26, 2004 April 26, 2004
W32.Shodi.C April 25, 2004 April 25, 2004
Backdoor.Evivinc April 25, 2004 April 25, 2004
Trojan.Mitglieder.J April 24, 2004 April 24, 2004
W32.Gaobot.ADX April 24, 2004 April 24, 2004
W32.Slime April 23, 2004 April 24, 2004
Backdoor.Sdbot.Y
Backdoor.Sdbot.U, W32/Sdbot.worm.gen.e [McAfee] April 23, 2004 April 24, 2004
W32.Bugbear.E@mm
W32/Bugbear.gen@MM [McAfee] April 23, 2004 April 24, 2004
W32.Gaobot.ADW April 23, 2004 April 23, 2004
W32.Randex.AAS April 22, 2004 April 23, 2004
W32.Gaobot.ADV April 22, 2004 April 23, 2004
Trojan.Mercurycas.A April 22, 2004 April 22, 2004
W32.Gaobot.ADN April 21, 2004 April 21, 2004
Backdoor.Berbew.D
Backdoor.Padodor.e [Kaspersky] April 21, 2004 April 21, 2004
W32.Netsky.Z@mm
W32/Netsky.z@MM [McAfee] April 21, 2004 April 21, 2004
W32.Blaster.T.Worm
W32/Blaster-G [Sophos], WORM_MSBLAST.I [Trend], W32/Blaster.worm.k [McAfee] April 21, 2004 April 21, 2004
W32.HLLP.Shodi.B April 20, 2004 April 21, 2004
W32.Mydoom.J@mm
WORM_MYDOOM.J [Trend], Win32.Mydoom.J [Computer Associates], W32/Mydoom.j@MM [McAfee] April 20, 2004 April 20, 2004
W32.Opasa@mm
WORM_MIMAIL.V [Trend], W32/Mimail-V [Sophos], JS.Mimail.V [Computer Associates] April 20, 2004 April 20, 2004
W32.Netsky.Y@mm
W32/Netsky.y@MM [McAfee], WORM_NETSKY.Y [Trend], Win32.Netsky.Y [Computer Associates], W32/Netsky-X [Sophos] April 20, 2004 April 20, 2004
W32.Netsky.X@mm
Win32.Netsky.X [Computer Associates], W32/NetSky.X@mm [F-Secure], W32/Netsky.x@MM [McAfee], W32/Netsky.X.worm [Panda], W32/Netsky-Y [Sophos], WORM_NETSKY.X [Trend] April 20, 2004 April 20, 2004
W97M.Evo April 19, 2004 April 20, 2004
Backdoor.Carufax.A April 19, 2004 April 19, 2004
W32.Erkez.A@mm
Zafi April 19, 2004 April 19, 2004
W32.Randex.YR April 19, 2004 April 19, 2004
W32.HLLW.Donk.O April 18, 2004 April 18, 2004
W32.Netsky.W@mm April 16, 2004 April 17, 2004
Backdoor.Sdbot.T April 16, 2004 April 16, 2004
W32.Mydoom.I@mm April 15, 2004 April 15, 2004
W32.Gaobot.AAY
W32.HLLW.Gaobot.gen, W32/Gaobot.worm.gen.d [McAfee], Backdoor.Agobot.kr [Kaspersky] April 15, 2004 April 15, 2004
Backdoor.IRC.Zcrew.C April 15, 2004 April 15, 2004
W32.Netsky.V@mm
W32/Netsky.v@MM [McAfee], WORM_NETSKY.V [Trend], W32/Netsky-V [Sophos], Win32.Netsky.V [Computer Associates] April 14, 2004 April 15, 2004
PWSteal.Tarno.E April 14, 2004 April 14, 2004
Backdoor.Anyserv.B April 14, 2004 April 14, 2004
Trojan.Mitglieder.I April 13, 2004 April 14, 2004
Backdoor.Graybird.I
Backdoor.GrayBird.m[AVP] April 13, 2004 April 13, 2004
Backdoor.NetCrack.B April 13, 2004 April 13, 2004
W32.Gaobot.ZW April 12, 2004 April 13, 2004
W32.Gaobot.ZX
Backdoor.Agobot.lq [Kaspersky] April 12, 2004 April 13, 2004
W32.Maddis.B April 12, 2004 April 13, 2004
W32.Dumaru.AI April 12, 2004 April 12, 2004
W32.Bugbros.B@mm
Bloodhound.W32.VBWORM, I-Worm.generic [Kaspersky], W32/Generic.a@MM [McAfee] April 11, 2004 April 12, 2004
W97M.Adren
W97M/Generic [McAfee], Macro.Word97.Adrine [Kaspersky] April 11, 2004 April 12, 2004
W32.HLLW.Gearbug@mm
Bloodhound.W32.VBWORM, I-Worm.generic [Kaspersky], W32/Generic.a@MM [McAfee] April 11, 2004 April 12, 2004
W32.Kotira April 11, 2004 April 11, 2004


NAV Daily Definitions (Go!)

*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.

National Cyber Alert System (US-Cert)


Latest version: May 12, 2004 16:23:43 EDT
W32/Sasser

Exploit for Microsoft PCT vulnerability released

Exploitation of Outlook Express MHTML Cross-Domain Scripting Vulnerability

Sober.F malicious code

Exploit for Cisco vulnerabilities released

Phatbot Trojan

Many Variants of W32/Beagle malicious code

Many Variants of W32/Netsky malicious code

Many Variants of W32/MyDoom malicious code

Current Activity Archive


Live Virus Advisory Feed