Welcome to neonova.net's Alerts System

General Alerts

Specific Alerts

August 9, 2006: Security Alert from Department of Homeland Security


Summary:

Microsoft has release a new Windows Update notice. This update resolves a vulnerability as well as additional issues. An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft recommends that customers apply the update immediately.

Details:

DHS Recommends Security Patch to Protect Against a Vulnerability Found In Windows Operating Systems

For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010
August 9, 2006

The Department of Homeland Security (DHS) is recommending that Windows Operating Systems users apply Microsoft security patch MS06-040 as quickly as possible. This security patch is designed to protect against a vulnerability that, if exploited, could enable an attacker to remotely take control of an affected system and install programs, view, change, or delete data, and create new accounts with full user rights.

Windows Operating Systems users are encouraged to avoid delay in applying this security patch. Attempts to exploit vulnerabilities in operating systems routinely occur within 24 hours of the release of a security patch. This vulnerability could impact government systems, private industry and critical infrastructure, as well as individual and home users.

Users can apply the Microsoft MS06-040 security patch at http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx. Home user may prefer to go to Windows Update at http://update.microsoft.com and select .express. to install critical security updates, including the MS06-040 security patch.

The Department.s U.S. Computer Emergency Readiness Team (US-CERT) continues to work closely with Microsoft to minimize any impact from this vulnerability. US-CERT has issued an alert through the National Cyber Alert System and conducted a series of briefings with federal Chief Information Officers and Chief Information Security Officers, and critical infrastructure sectors through Information Sharing and Analysis Centers. Additionally, all federal agencies are required to provide US-CERT with regular updates on their patching status.

DHS recommends that computer users and administrators implement the following preparedness measures to protect themselves against this vulnerability, and also from future vulnerabilities, worms, and viruses:
  • Keep up-to-date on security patches and fixes for your operating system. The easiest way to do this is to set your system to receive automatic updates, which will ensure you automatically receive security updates issued by Microsoft. If your system does not allow automatic updates, we recommend that you manually install the Microsoft security patch today through Microsoft Update at http://update.microsoft.com/microsoftupdate
  • Install anti-virus and anti-spy ware software and keep them up-to-date
  • Enable a firewall which will help block attacks before they can get into your computer
  • Do not open emails from unknown sources and do not open or execute email attachments that you are not expecting even if they come from a known and trusted source.


To access the alerts for this vulnerability and for additional information on cyber security tips and practices please visit at http://www.us-cert.gov.

September 18, 2003: Swen Worm on the loose.


W32.Swen.A@mm is a mass-mailing worm that uses its own SMTP engine to spread itself. It attempts to spread through file-sharing networks, such as KaZaA and IRC, and attempts to kill antivirus and personal firewall programs running on a computer.

The worm can arrive as an email attachment. The subject, body, and From: address of the email may vary. Some examples claim to be patches for Microsoft Internet Explorer, or delivery failure notices from qmail.

Systems affected: Windows 9x/ME/NT/2000/XP/Server 2003

Removal and information link:

  1. Symantec Write-up & Removal
  2. Symantec Automatic Removal Tool
  3. McAfee Write-up & Removal
  4. TrendMicro Write-up & Removal
  5. Computer Associates Write-up & Removal

August 19, 2003: New version of the Sobig worm hits the Internet.


The Sobig.F worm is a mass-mailing, network aware worm that sends emails to email addresses it finds on the now infected system. Unlike the Blaster worm, Sobig needs to be executed by a user on the system to activate.

Details of infected emails: 

Subject:

    * Re: Details
    * Re: Approved
    * Re: Re: My details
    * Re: Thank you!
    * Re: That movie
    * Re: Wicked screensaver
    * Re: Your application
    * Thank you!
    * Your details


Body:

    * See the attached file for details
    * Please see the attached file for details.


Attachment:

    * application.zip (contains application.pif)
    * details.zip (contains details.pif)
    * document_9446.zip (contains document_9446.pif)
    * document_all.zip (contains document_all.pif)
    * movie0045.zip (contains movie0045.pif)
    * thank_you.zip (contains thank_you.pif)
    * your_details.zip (contains your_details.pif)
    * your_document.zip (contains your_document.pif)
    * wicked_scr.zip (contains wicked_scr.scr)

Systems affected: Windows 9x/ME/NT/2000/XP

Removal and information link:

  1. Symantec Write-up & Removal
  2. McAfee Write-up & Removal
  3. TrendMicro Write-up & Removal
  4. Sophos Write-up & Removal

August 11, 2003: MS Blaster worm strikes the Internet.


The Blaster worm exploits the DCOM RPC vulnerability as described in Microsoft Security Bulletin MS03-026 using TCP port 135. Infected systems scan the Internet for other vulnerable system which it will use the exploit to cause the system to download and run "Msblast.exe".

Symptoms: Your computer may be running slower then normal, becomes unstable and crashes or reboots. Your computer will also be listening for incoming Internet connections on TCP port 4444 and UDP port 69.

Systems affected: Windows NT 4.0, Windows 2000, Windows XP, Windows 2003

Manual Steps to remove the Blaster Worm

NOTE: There is an automatic removal tool available, see the "Other information and tools" section below.

First, if you get a 60 second shutdown timer, abort the shutdown by doing this:

  1. Click the "Start" button and select "Run".
  2. Type in "shutdown -a" and click "OK".
Then shutdown the worm process:
  1. Click the "Start" button and select "Run".
  2. Type in "taskmgr.exe" and click "OK".
  3. Click on the "Processes" tab.
  4. Locate and select the processed called "msblast.exe" then click the "End Process" button.
  5. Confirm the command by selecting "Yes".
Next, search and remove the worm files.
  1. Click the "Start" button and select "Search".
  2. Search for "msblast.*", It should find two files.
  3. Select and delete both files. If you are unable to delete the "msblast.dll" file, try again after your system is rebooted.
  4. Reboot your system.
After reboot, apply the security patch available in Microsoft Security bulletin MS03-026

Other Information and tools

Automatic removal tool supplied by Symantec - Don't forget to apply the security patch: MS03-026.
Information write up supplied by: Symantec.
Information write up supplied by: Sophos.
 
Last Updated: 01/07/2005