Category: Warnings

The W32/Bobax-A worm, which employs the same Microsoft security vulnerability as the Sasser worm to break into computers, uses port 5000 to identify Windows XP systems (the port used for “Universal Plug and Play”).

According to the Sophos Web site, this new worm “is capable of turning infected computers into spam factories and launchpads for denial-of-service attacks against Web sites.”

The process is explained on the LURHQ security site: “unlike proxy Trojans which require the spammer to connect and send each individual piece of mail, Bobax sends the mail using a template and a list of email addresses.

This has the benefit of offloading almost all the bandwidth requirements of spamming onto the Trojaned machines, allowing the spammer to operate with minimal cost.”

Kibuv.B creates an FTP server on port 7955 for which any username/password combination will work.

Like other malware of this type, the FTP server sends a copy of the worm in response to any file request.

The vulnerabilities exploited by these two worms are not new — users with the latest patches from Microsoft are protected.

More info: http://news.zdnet.co.uk/internet/0,39020369,39155162,00.htm

Last month the Austrailian group, FraudWatch International, received over 1000 variations, double the number of phishing email scams.

They are to contact a claims agent to collect their winnings, typically at a free email address. The claims agent sends his victims a claim form, and asks for copies of their passport and driver’s license to verify their true identity. They can have the money wired to their bank account, they can open an account with a specified bank (bogus), or they can pick up their winnings personally.

http://www.securityfocus.com/news/8571

The Windows XP SP2, a significant Windows client update that incorporates a host of new security features, has slipped for release until sometime in the third quarter, a Microsoft spokesman said.

On April 20, Microsoft security executives said the second-release candidate would be released in mid-May and Microsoft was still targeting to ship during the first half of 2004.

One solution provider, who requested anonymity, said Microsoft bumped into some security issues that it couldn’t resolve before June. Michael Cherry, an analyst with Directions on Microsoft, a newsletter in Kirkland, Wash., said the delay illustrates the difficulty of integrating new features with a set of constantly-evolving patches.

More info: http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=49808

As Microsoft continues to release a torrent of bulletins and fixes for Office XP and Office 2003, IT administrators and service providers that run customer networks are looking forward to Microsoft’s upgraded Software Update Services 2.0 (SUS 2.0) patch-management solution, which extends support for patches beyond Windows to Office and other applications.

http://www.techweb.com/wire/story/TWB20040310S0014

NT4 Enterprise Edition will be supported until 30 June, and NT4 Server until 31 December.

Microsoft has extended the support life of NT4 twice before.

Rather than cutting off support suddenly, it will increase the expense of using a product to match support costs and encourage upgrading.

http://www.vnunet.com/News/1152797

Independent research firm Secunia has rated the security hole as “moderately critical.”

The vulnerability affects the Sun ONE/iPlanet Web Server 6.0 Service Pack 5 and earlier versions on the HP-UX platform.

Sun has issued a new service pack to fix the flaw, noting that there are no workarounds.

More info: [url=http://www.internetnews.com/dev-news/article.php/3298031]http://www.internetnews.com/dev-news/article.php/3298031[/url]