From security-bulletins@us-cert.gov Thu Feb 5 22:51:52 2004 From: US-CERT To: US-CERT-Bulletins: ; Date: Wed, 4 Feb 2004 16:33:38 -0500 Subject: US-CERT Cyber Security Bulletin SB04-035 -- Summary of Security Items from January 21 through February 3, 2004 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary of Security Items from January 21 through February 3, 2004 Publications by US-CERT Vulnerabilities in Microsoft Internet Explorer Microsoft Security Bulletin MS04-004 describes three vulnerabilities in Internet Explorer that have impacts ranging from disguising the true location of a URL to executing arbitrary commands or code. * TA04-033A: Multiple Vulnerabilities in Microsoft Internet Explorer * VU#784102: Microsoft Internet Explorer Travel Log Cross Domain Vulnerability * VU#413886: Microsoft Internet Explorer Drag-and-Drop Operation Vulnerability * VU#652278: Microsoft Internet Explorer does not properly display URLs W32/MyDoom.B Virus A variant of the W32/MyDoom (W32/Novarg.A) virus, W32/MyDoom.B infects Microsoft Windows systems. Like its predecessor, W32/MyDoom.B propagates via email and P2P networks and requires that a user intentionally run an executable file in order to infect a system. This virus may be designed to cease functioning on March 1, 2004. * TA04-028A: W32/MyDoom.B Virus VU#434566: Apache mod_rewrite vulnerable to buffer overflow via crafted regular expression A vulnerability in a supplementary module to the Apache HTTP server could allow an attacker to execute arbitrary code on an affected web server under certain circumstances. VU#549142: Apache mod_alias vulnerable to buffer overflow via crafted regular expression A vulnerability in a supplementary module to the Apache HTTP server could allow an attacker to execute arbitrary code on an affected web server under certain circumstances. VU#509454: HP-UX shar utility creates files with predictable names in "/tmp" directory The shar program distributed with some versions of the HP-UX operating system creates files insecurely. This vulnerability could allow local users to gain escalated privilege on the system. VU#530660: Microsoft Exchange Server 2003 fails to assign user credentials to proper mailbox A flaw in the authentication mechanism that Microsoft Exchange Server 2003 uses for Outlook Web Access users in some configurations could expose another user's mailbox. VU#602734: Cisco default install of IBM Director agent fails to authenticate users for remote administration Cisco IBM Director agent fails to authenticate users for remote administration. VU#721092: Cisco IBM Director agent does not properly handle arbitrary TCP packets to port 14247/tcp Cisco IBM Director agent does not properly handle arbitrary TCP packets to port 14247/tcp. VU#702526: Sun Solaris allows unprivileged local user to load arbitrary kernel modules Sun Solaris allows an unprivileged local user to load arbitrary kernel modules. VU#820798: KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability in VCF information reader KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability. Exploitation of this vulnerability could lead to the arbitrary execution of commands. VU#927630: NetScreen-Security Manager fails to encrypt communications with managed devices A vulnerability in the NetScreen-Security Manager software could expose sensitive information in cleartext over the network. Publications by Vendors Apple Apple released security updates to MacOS X and MacOS X Server. For more information, see * http://docs.info.apple.com/article.html?artnum=120300 * http://docs.info.apple.com/article.html?artnum=120302 * http://docs.info.apple.com/article.html?artnum=120301 * http://docs.info.apple.com/article.html?artnum=120304 Microsoft Microsoft released two security updates to Windows, and a security update to Microsoft Exchange and IAServer. * http://www.microsoft.com/security/security_bulletins/ 20040202_windows.asp (02-02-04) * http://www.microsoft.com/security/security_bulletins/ 20040113_windows.asp (01-13-04) * http://www.microsoft.com/security/security_bulletins/ 20040113_exchange.asp (01-13-04) * http://www.microsoft.com/security/security_bulletins/ 20040113_isaserver.asp (01-13-04) Sun Microsystems Sun Microsystems released security updates describing problems in Sun ONE/iPlanet Webserver, in.named (BIND), the tcsetattr(3C) library function, the pfexec command, Solaris IKE, SunForum, OpenSSL and TLS on SunPlex systems, Safe.pm and CGI.pm perl modules, and Loadable Kernel Modules. Additionally, Sun withdrew two patches previously released for the Basic Security Module. For more information, see * http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603&zo ne_32=category%3Asecurity (02-02-04) * http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57434&zo ne_32=category%3Asecurity (02-02-04) * http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57474&zo ne_32=category%3Asecurity (01-30-04) * http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57453&zo ne_32=category%3Asecurity (01-29-04) * http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57472&zo ne_32=category%3Asecurity (01-28-04) * http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57476&zo ne_32=category%3Asecurity (01-27-04) * http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57475&zo ne_32=category%3Asecurity (01-26-04) * http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57473&zo ne_32=category%3Asecurity (01-23-04) * http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57479&zo ne_32=category%3Asecurity (01-22-04) * http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57478&zo ne_32=category%3Asecurity (01-22-04) Cisco Cisco Systems released updates for vulnerabilities related to certain problems in Cisco 6000/6500/7600 series systems and incorrectly formed layer 2 frames, vulnerabilities in Microsoft Windows which affect certain Cisco products, and certain Cisco voice products installed on the IBM platform. For more information, see * http://www.cisco.com/warp/public/707/cisco-sa-20040203-cat6k.shtml (02-03-04) * http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.sh tml (01-29-04) * http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml (01-21-04) Red Hat Red Hat released updates related to NetPBM, mc, an updated kernel that address a number of issues, util-linux, Gaim, and slocate. Note that the origianl bulletin regarding mc was superceded. Additionally, Red Hat released an update to Fedora Core regarding slocate. For more information, see * https://rhn.redhat.com/errata/RHSA-2004-031.html (02-03-04) * https://rhn.redhat.com/errata/RHSA-2004-035.html (02-03-04) * https://rhn.redhat.com/errata/RHSA-2004-044.html (02-03-04) * https://rhn.redhat.com/errata/RHSA-2004-056.html (02-03-04) * https://rhn.redhat.com/errata/RHSA-2004-032.html (01-26-04) * https://rhn.redhat.com/errata/RHSA-2004-040.html (01-22-04) * https://rhn.redhat.com/errata/RHSA-2004-034.html (01-21-04) * http://www.redhat.com/archives/fedora-announce-list/2004-January/m sg00009.html (01-26-04) Gentoo Gentoo released updates related to GAIM, mod_python, and Honeyd. For more information, see * http://forums.gentoo.org/viewtopic.php?t=129216 (01-27-04) * http://forums.gentoo.org/viewtopic.php?t=129113 (01-27-04) * http://forums.gentoo.org/viewtopic.php?t=126976 (01-21-04) Mandrake Mandrake released updates to gaim, php-ini, tcpdump, mc, jabber, slocate, mrproject, dhcp, and qt3. For more information, see * http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKS A-2004:006-1 (01-30-04) * http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKA -2004:009 (01-28-04) * http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKS A-2004:008 (01-26-04) * http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKS A-2004:007 (01-26-04) * http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKS A-2004:006 (01-26-04) * http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKS A-2004:005 (01-23-04) * http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKS A-2004:004 (01-23-04) * http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKA -2004:008 (01-23-04) * http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKA -2004:007 (01-22-04) * http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKA -2004:005-1 (01-22-04) Turbolinux Turbolinux released updates regarding tcpdump and lftp. For more information see * http://www.turbolinux.com/security/2004/TLSA-2004-3.txt (01-22-04) * http://www.turbolinux.com/security/2004/TLSA-2004-2.txt (01-22-04) Trustix Trustix released an update regarding slocate. For more information, please see * http://www.trustix.org/errata/misc/2004/TSL-2004-0005-slocate.asc. txt (01-21-04) Debian Debian released updates to crawl, perl, trr19, and gnupg. For more information, see * http://www.debian.org/security/2004/dsa-432 (02-03-04) * http://www.debian.org/security/2004/dsa-431 (02-01-04) * http://www.debian.org/security/2004/dsa-430 (01-28-04) * http://www.debian.org/security/2004/dsa-429 (01-26-04) FreeBSD FreeBSD released information regarding vulnerabilities in mksnap_ffs. For more information, see * ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01 .mksnap_ffs.asc (01-30-04) Novell Novell issued updates to HTTPSTK.NLM , iChain 2.2, and eDirectory prior to 8.7.3. For more information, see * http://support.novell.com/cgi-bin/search/searchtid.cgi?/2963669.ht m (02-03-04) * http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968028.ht m (01-29-04) * http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968007.ht m Hewlett Packard Hewlett Packard released a security update describing a problem in Bind 8 for OpenVMS. Hewlett Packard has also revised previous bulletins describing problems in BIND 8 for OpenVMS, OpenSSH, a system service in OpenVMS Alpha, OpenSSL and TLS on Tru64 UNIX, and the way various programs handle certain types of network traffic. For more information, see * http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0212 -233 (02-03-04) * http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0307 -271 (02-03-04) * http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0311 -302 (01-21-04) * http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=SRB0106W (01-21-04) * http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=SRB0108W (01-27-04) * http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=SRB0111W (02-02-04) Apache Software Foundation The Apache Software Foundation released information regarding a vulnerability in mod_python. For more information, see * http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=1074819519 13448&w=2 (01-23-04) Macromedia Macromedia released two updates related to Coldfusion MX. For more information, see * http://www.macromedia.com/devnet/security/security_zone/mpsb04-02. html (01-28-04) * http://www.macromedia.com/devnet/security/security_zone/mpsb04-01. html (01-28-04) SGI SGI released updates related to do_mremap(), kmod, frm (part of elm), CVS, tcpdump, Ethereal, html2ps, Safe.pm, gzexe and gznew, libdesktopicon.so, and gr_osview. For more information, see * ftp://patches.sgi.com/support/free/security/advisories/20040102-01 -U.asc (01-22-04) * ftp://patches.sgi.com/support/free/security/advisories/20040103-01 -U.asc (01-28-04) * ftp://patches.sgi.com/support/free/security/advisories/20040104-01 -P.asc (01-29-04) Slackware Slackware has released information regarding GAIM. for more information, see * http://www.slackware.com/security/viewer.php?l=slackware-security& y=2004&m=slackware-security.361158 (01-26-04) SuSE Linux SUSE Linux has released inforamtion regarding gaim. for more information, see * http://www.suse.de/de/security/2004_04_gaim.html (01-29-04) Publications by Third Parties ISS ISS released an alert regarding MyDoom, as well as several summary documents. For more information, see * http://xforce.iss.net/xforce/alerts/id/161 (01-26-04) * http://xforce.iss.net/xforce/alerts/id/AS04-05 (02-02-04) * http://xforce.iss.net/xforce/alerts/id/AS04-04 (01-26-04) SANS SANS has released two version of the Consensus Security Alert. For more information, please see * http://www.sans.org/newsletters/risk/vol3_3.php (01-22-04) * http://www.sans.org/newsletters/risk/vol3_4.php (01-29-04) AusCERT AusCERT released a varety of bulletins and alerts. For more information, see * http://www.auscert.org.au/render.html?it=3811&cid=1 (02-04-04) * http://www.auscert.org.au/render.html?it=3810&cid=1 (02-04-04) * http://www.auscert.org.au/render.html?it=3809&cid=1 (02-04-04) * http://www.auscert.org.au/render.html?it=3808&cid=1 (02-04-04) * http://www.auscert.org.au/render.html?it=3807&cid=1 (02-04-04) * http://www.auscert.org.au/render.html?it=3806&cid=1 (02-03-04) * http://www.auscert.org.au/render.html?it=3805&cid=1 (02-03-04) * http://www.auscert.org.au/render.html?it=3804&cid=1 (02-03-04) * http://www.auscert.org.au/render.html?it=3803&cid=1 (02-02-04) * http://www.auscert.org.au/render.html?it=3802&cid=1 (02-02-04) * http://www.auscert.org.au/render.html?it=3801&cid=1 (02-02-04) * http://www.auscert.org.au/render.html?it=3800&cid=1 (02-02-04) * http://www.auscert.org.au/render.html?it=3799&cid=1 (02-02-04) * http://www.auscert.org.au/render.html?it=3798&cid=1 (01-30-04) * http://www.auscert.org.au/render.html?it=3796&cid=1 (01-29-04) * http://www.auscert.org.au/render.html?it=3795&cid=1 (01-29-04) * http://www.auscert.org.au/render.html?it=3793&cid=1 (01-28-04) * http://www.auscert.org.au/render.html?it=3792&cid=1 (01-27-04) * http://www.auscert.org.au/render.html?it=3791&cid=1 (01-27-04) * http://www.auscert.org.au/render.html?it=3790&cid=1 (01-27-04) * http://www.auscert.org.au/render.html?it=3789&cid=1 (01-27-04) * http://www.auscert.org.au/render.html?it=3788&cid=1 (01-27-04) * http://www.auscert.org.au/render.html?it=3787&cid=1 (01-27-04) * http://www.auscert.org.au/render.html?it=3786&cid=1 (01-27-04) * http://www.auscert.org.au/render.html?it=3785&cid=1 (01-27-04) * http://www.auscert.org.au/render.html?it=3784&cid=1 (01-23-04) * http://www.auscert.org.au/render.html?it=3781&cid=1 (01-23-04) * http://www.auscert.org.au/render.html?it=3780&cid=1 (01-22-04) * http://www.auscert.org.au/render.html?it=3779&cid=1 (01-22-04) * http://www.auscert.org.au/render.html?it=3778&cid=1 (01-22-04) * http://www.auscert.org.au/render.html?it=3777&cid=1 (01-22-04) * http://www.auscert.org.au/render.html?it=3776&cid=1 (01-22-04) * http://www.auscert.org.au/render.html?it=3775&cid=1 (01-22-04) * http://www.auscert.org.au/render.html?it=3774&cid=1 (01-21-04) * http://www.auscert.org.au/render.html?it=3773&cid=1 (01-21-04) * http://www.auscert.org.au/render.html?it=3772&cid=1 (01-21-04) * http://www.auscert.org.au/render.html?it=3771&cid=1 (01-21-04) UNIRAS UNIRAS issued a variety of bulletins and alerts. for more information, see * http://www.uniras.gov.uk/l1/l2/l3/alerts2004/ALERT%20-%200304.txt (01-26-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4604.txt (02-04-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4504.txt (02-04-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4404.txt (02-04-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4304.txt (02-04-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4204.txt (02-04-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4104.txt (02-04-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4004.txt (02-03-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-3904.txt (02-03-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-3804.txt (02-03-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-3704.txt (02-03-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-3604.txt (01-30-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-3504.txt (01-30-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-3404.txt (01-30-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-3304.txt (01-29-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-3204.txt (01-28-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-3104.txt (01-28-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-3004.txt (01-28-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-2904.txt (01-28-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-2804.txt (01-23-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-2704.txt (01-23-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-2604.txt (01-22-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-2504.txt (01-22-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-2404.txt (01-21-04) * http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-2304.txt (01-21-04) Symantec Symantec released information on W32.Hostidel.Trojan.C, W32.HLLW.Chemsvy, W32.Dumaru.AD@mm, W32.Galil.F@mm, VBS.Shania, Keylogger.Stawin, W32.Randex.FC, W32.HLLW.Anig, PWSteal.Olbaid, W32.Mimail.S@mm, Backdoor.Aphexdoor, W32.IRCBot.C, W32.Mydoom.B@mm, Trojan.Bookmarker.E, W32.HLLW.Pokibat, W32.Mydoom.A@mm, W32.Mimail.Q@mm, W32.Dumaru.Z@mm, W32.Dumaru.Y@mm, Trojan.Bookmarker.D, W32.HLLW.Sanker, and Backdoor.OptixPro.13b. Of these, W32.Dumaru.AD@mm, W32.Galil.F@mm, W32.Mydoom.B@mm, W32.Mydoom.A@mm, W32.Mimail.Q@mm, W32.Dumaru.Z@mm, and W32.Dumaru.Y@mm are rated as "High" distribution, which is an indication of how quickly a threat is able to spread. * http://securityresponse.symantec.com/avcenter/venc/data/w32.hostid el.trojan.c.html (02-03-04) * http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.c hemsvy.html (02-03-04) * http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru .ad@mm.html (02-03-04) * http://securityresponse.symantec.com/avcenter/venc/data/w32.galil. f@mm.html (02-02-04) * http://securityresponse.symantec.com/avcenter/venc/data/vbs.shania .html (02-02-04) * http://securityresponse.symantec.com/avcenter/venc/data/keylogger. stawin.html (01-29-04) * http://securityresponse.symantec.com/avcenter/venc/data/w32.randex .fc.html (01-29-04) * http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.a nig.html (01-29-04) * http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.ol baid.html (01-29-04) * http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail .s@mm.html (01-29-04) * http://securityresponse.symantec.com/avcenter/venc/data/backdoor.a phexdoor.html (01-28-04) * http://securityresponse.symantec.com/avcenter/venc/data/w32.ircbot .c.html (01-28-04) * http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom .b@mm.html (01-28-04) * http://securityresponse.symantec.com/avcenter/venc/data/trojan.boo kmarker.e.html (01-27-04) * http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.p okibat.html (01-27-04) * http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom .a@mm.html (01-26-04) * http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail .q@mm.html (01-26-04) * http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru .z@mm.html (01-25-04) * http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru .y@mm.html (01-23-04) * http://securityresponse.symantec.com/avcenter/venc/data/trojan.boo kmarker.d.html (01-23-04) * http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.s anker.html (01-22-04) * http://securityresponse.symantec.com/avcenter/venc/data/backdoor.o ptixpro.13b.html (01-21-04) Trend Micro Trend Micro released information on WORM_AGOBOT.RW, WORM_MSBLAST.H, WORM_DUMARU.AB, WORM_RANDEX.FC, WORM_SDBOT.GO, WORM_SDBOT.K, WORM_AGOBOT.O, WORM_ANIG.A, WORM_MIMAIL.S, WORM_MYDOOM.B, WORM_MYDOOM.A, WORM_AGOBOT.U, WORM_MIMAIL.Q, WORM_DUMARU.Z, WORM_AGOBOT.DG, WORM_AGOBOT.FQ, WORM_DUMARU.Y, WORM_AGOBOT.W, HTML_VISAFRAUD.A, and WORM_AGOBOT.FX. Of these, WORM_AGOBOT.FX, WORM_DUMARU.Y, WORM_AGOBOT.W, WORM_AGOBOT.FQ, WORM_DUMARU.Z, WORM_MIMAIL.Q, WORM_MYDOOM.B, WORM_MYDOOM.A, WORM_AGOBOT.U, WORM_MIMAIL.S, WORM_ANIG.A, WORM_AGOBOT.O, WORM_SDBOT.K, WORM_SDBOT.GO, WORM_RANDEX.FC, WORM_DUMARU.AB , WORM_MSBLAST.H, and WORM_AGOBOT.RW are rated as having "high" distribution potential. * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_AGOBOT.RW (02-03-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_MSBLAST.H (02-03-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_DUMARU.AB (02-03-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_RANDEX.FC (02-01-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_SDBOT.GO (02-01-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_SDBOT.K (02-01-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_AGOBOT.O (01-31-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_ANIG.A (01-29-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_MIMAIL.S (01-29-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_MYDOOM.B (01-28-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_MYDOOM.A (01-28-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_AGOBOT.U (01-28-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_MIMAIL.Q (01-26-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_DUMARU.Z (01-26-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_AGOBOT.DG (01-26-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_AGOBOT.FQ (01-25-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_DUMARU.Y (01-24-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_AGOBOT.W (01-23-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HT ML_VISAFRAUD.A (01-21-04) * http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_AGOBOT.FX (01-21-04) F-Secure F-Secure released information about Lovsan.H, Mydoom, Mydoom.B, Lasku, Needy.C, Mimail.S, Swen, Dumaru.AA, Dumaru.Z, Mimail.Q, UrlSpoof.E, Dumaru.Y, and Bagle. Of these, the variants of Mydoom and Dumaru, Swen, and Bagle received high alert levels under the "F-Secure Radar." * http://www.f-secure.com/v-descs/lovsanh.shtml (02-04-04) * http://www.f-secure.com/v-descs/novarg.shtml (02-03-04) * http://www.f-secure.com/v-descs/mydoom_b.shtml (02-02-04) * http://www.f-secure.com/v-descs/lasku.shtml (01-30-04) * http://www.f-secure.com/v-descs/needy_c.shtml (01-29-04) * http://www.f-secure.com/v-descs/mimail_s.shtml (01-29-04) * http://www.f-secure.com/v-descs/swen.shtml (01-27-04) * http://www.f-secure.com/v-descs/dumaru_aa.shtml (01-26-04) * http://www.f-secure.com/v-descs/dumaru_z.shtml (01-26-04) * http://www.f-secure.com/v-descs/mimail_q.shtml (01-26-04) * http://www.f-secure.com/v-descs/urlspoof_e.shtml (01-26-04) * http://www.f-secure.com/v-descs/dumaru_y.shtml (01-24-04) * http://www.f-secure.com/v-descs/bagle.shtml (01-22-04) Sophos Sophos released information about W32/Agobot-CS, W32/Spybot-AF, WM97/Ortant-A, W32/Agobot-CO, Troj/Chapter-A, Troj/Control-E, Troj/Daemoni-B, Troj/Daemoni-C, W32/Agobot-P, Troj/Volver-A, W32/Agobot-CK, W32/Agobot-AD, W32/Agobot-CL, W32/Agobot-CN, W32/SdBot-W, Troj/SdBot-AP, Troj/Flood-DZ, Troj/ByteVeri-E, Troj/NoCheat-B, W32/Carpeta-C, W32/RpcSdbot-B, W32/MyDoom-B, W32/Eyeveg-B, Troj/Femad-B, W32/Agobot-CM, Troj/Winpup-C, Troj/IRCBot-U, Troj/Hidemirc-A, Troj/Ircfloo-A, W32/Mimail-S, VBS/Inor-C, W32/Dumaru-Z, W32/Argdoor-A, W32/Spybot-CJ, W32/Apsiv-A, Troj/Digits-B, Troj/AdClick-Y, Troj/Stawin-A, W32/MyDoom-A, W32/Mimail-Q, W32/Dumaru-K, Troj/Small-AW, Troj/Mahru-A, W32/Dumaru-Y, W32/Flopcopy-A, W32/Randon-AC, and W32/Randex-Z. * http://www.sophos.com/virusinfo/analyses/w32agobotcs.html (02-04-04) * http://www.sophos.com/virusinfo/analyses/w32spybotaf.html (02-04-04) * http://www.sophos.com/virusinfo/analyses/wm97ortanta.html (02-04-04) * http://www.sophos.com/virusinfo/analyses/w32agobotco.html (02-04-04) * http://www.sophos.com/virusinfo/analyses/trojchaptera.html (02-04-04) * http://www.sophos.com/virusinfo/analyses/trojcontrole.html (02-04-04) * http://www.sophos.com/virusinfo/analyses/trojdaemonib.html (02-04-04) * http://www.sophos.com/virusinfo/analyses/trojdaemonic.html (02-04-04) * http://www.sophos.com/virusinfo/analyses/w32agobotp.html (02-03-04) * http://www.sophos.com/virusinfo/analyses/trojvolvera.html (02-03-04) * http://www.sophos.com/virusinfo/analyses/w32agobotck.html (02-03-04) * http://www.sophos.com/virusinfo/analyses/w32agobotad.html (02-03-04) * http://www.sophos.com/virusinfo/analyses/w32agobotcl.html (02-03-04) * http://www.sophos.com/virusinfo/analyses/w32agobotcn.html (02-03-04) * http://www.sophos.com/virusinfo/analyses/w32sdbotw.html (02-02-04) * http://www.sophos.com/virusinfo/analyses/trojsdbotap.html (02-02-04) * http://www.sophos.com/virusinfo/analyses/trojflooddz.html (02-02-04) * http://www.sophos.com/virusinfo/analyses/trojbyteverie.html (02-02-04) * http://www.sophos.com/virusinfo/analyses/trojnocheatb.html (02-02-04) * http://www.sophos.com/virusinfo/analyses/w32carpetac.html (02-02-04) * http://www.sophos.com/virusinfo/analyses/w32rpcsdbotb.html (02-02-04) * http://www.sophos.com/virusinfo/analyses/w32mydoomb.html (01-30-04) * http://www.sophos.com/virusinfo/analyses/w32eyevegb.html (01-29-04) * http://www.sophos.com/virusinfo/analyses/trojfemadb.html (01-29-04) * http://www.sophos.com/virusinfo/analyses/w32agobotcm.html (01-29-04) * http://www.sophos.com/virusinfo/analyses/trojwinpupc.html (01-29-04) * http://www.sophos.com/virusinfo/analyses/trojircbotu.html (01-29-04) * http://www.sophos.com/virusinfo/analyses/trojhidemirca.html (01-29-04) * http://www.sophos.com/virusinfo/analyses/trojircflooa.html (01-29-04) * http://www.sophos.com/virusinfo/analyses/w32mimails.html (01-29-04) * http://www.sophos.com/virusinfo/analyses/vbsinorc.html (01-28-04) * http://www.sophos.com/virusinfo/analyses/w32dumaruz.html (01-28-04) * http://www.sophos.com/virusinfo/analyses/w32argdoora.html(01-28-04 ) * http://www.sophos.com/virusinfo/analyses/w32spybotcj.html (01-28-04) * http://www.sophos.com/virusinfo/analyses/w32apsiva.html (01-28-04) * http://www.sophos.com/virusinfo/analyses/trojdigitsb.html (01-28-04) * http://www.sophos.com/virusinfo/analyses/trojadclicky.html (01-28-04) * http://www.sophos.com/virusinfo/analyses/trojstawina.html (01-28-04) * http://www.sophos.com/virusinfo/analyses/w32mydooma.html (01-27-04) * http://www.sophos.com/virusinfo/analyses/w32mimailq.html (01-26-04) * http://www.sophos.com/virusinfo/analyses/w32dumaruk.html (01-26-04) * http://www.sophos.com/virusinfo/analyses/trojsmallaw.html (01-26-04) * http://www.sophos.com/virusinfo/analyses/trojmahrua.html (01-26-04) * http://www.sophos.com/virusinfo/analyses/w32dumaruy.html (01-24-04) * http://www.sophos.com/virusinfo/analyses/w32flopcopya.html (01-23-04) * http://www.sophos.com/virusinfo/analyses/w32randonac.html (01-23-04) * http://www.sophos.com/virusinfo/analyses/w32randexz.html (01-23-04) _________________________________________________________________ Copyright 2004 Carnegie Mellon University Last updated February 04, 2004 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAIVlJXlvNRxAkFWARArwnAJ45LFTlkyTEkXyqE0YO5EJfmTk96ACfQIG1 W2lovAqmO6GE3NdzlTPkYY8= =zr44 -----END PGP SIGNATURE-----