Virus/Worm Warning

A new virus/worm is now in the wild and circulating via email, causing at least 3 security vendors to update their detection definitions and/or issue an alert.

Since the malware uses its' own Simple Mail Transfer Protocol (SMTP) engine, the user may not even realize they have been infected.

As usual there is not a common name so here is the breakdown as of this time:

TrendMicro: WORM_STRATION.WO

McAfee: W32/Stration@MM

PandaLabs: Spamta.CY

Even though the threat level of this worm is rated "low" by all three vendors, they have seen fit to update their AV signatures. If your AV software does not or has not been updated automatically, since the Damage and distribution potential is rated "high", you are urged to update manually ASAP.

MS Support Ending For Microsoft XP SP1 and SP1a

My dear friend and fellow blogger Corrine (Microsoft MVP) at Security Garden reminds everyone that the end of Microsoft support for these versions of XP is rapidly approaching. This is extremely important.

Please read her entire post HERE...

Security Alert Issued For Microsoft Internet Explorer

U.S. Cert has issued the following Security Alert for Internet Explorer which has yet to be addressed by a Microsoft Patch.

Vulnerability Note VU#416092

Microsoft IE version 5.0 and higher support the Vector Markup Language (VML), which is a set of XML tags for drawing vector graphics. IE fails to properly handle malformed VML tags allowing a stack buffer overflow to occur. If a remote attacker can persuade a user to access a specially crafted web page with IE, that attacker may be able to trigger the buffer overflow.

It should be noted that this exploit is actively being exploited and there is no readily available solution available. Until a patch is released, it is advisable to configure Microsoft Outlook and Outlook Express to render email messages in plain text format.

A statement from Microsoft says "A security update to address this vulnerability is now being finalized through testing to ensure quality and application compatibility. Microsoft's goal is to release the update on Tuesday, October 10, 2006, or sooner depending on customer needs".

They do offer a workaround available at M.S. Security Advisory 925568.

Cyber Security Alert For Microsoft Word 2000

Alert SA06-250A from US-CERT

Microsoft Word Vulnerability
Original release date: September 7, 2006
Last revised: --
Source: US-CERT

Systems Affected: Microsoft Word 2000, however other versions of Word and other Microsoft Office programs may also be affected.

Overview: A vulnerability in Microsoft Word 2000 could allow an attacker to gain control of your computer.

Solution: Do not open untrusted documents. Microsoft has not yet released an update to address this vulnerability. Do not open unfamiliar or unexpected Word or other Office documents, including those received as email attachments or hosted on a web site.

Description: An attacker could exploit a vulnerability in Microsoft Word 2000 by convincing a user to open a specially crafted Word document. A Word document could be attached to an email message, hosted on a web site, or included in another Office document. This
vulnerability may affect other versions of Word and other Microsoft Office programs.

For further reference see Microsoft Security Advisory (925059)

It is also being reported by ZDNet, that Microsoft plans to release a "critical" security update for Office next week, one of three bulletins it will distribute as part of its monthly patch cycle.

The other two updates are for Windows and are rated as "important," its second-highest ranking, the software giant said in an advisory Thursday. Read on.....

AOL 9.0 Badware???

eWEEK.com reports that the new AOL 9.0 software has been labelled as "badware" by the StopBadware.org coalition which is made up of Google, Lenovo Group and Sun Microsystems.

In their report, the organization states

We currently recommend that users do not install the version of AOL software that we tested, unless the user is comfortable with the level of risk we identify or until the application is updated consistent with the recommendations in this report.

You can read the entire report from the StopBadware.org coalition and AOL's response to it HERE....

Rootkit Malware Packs Double Punch

Panda Software has issued an alert warning of a new malware intercepted over the weekend they are referring to as ZCodec.

Security experts are warning that with this particular piece of malware, if your computer becomes infected, will block search engines by changing local DNS settings, then proceeds to install additional malicious code posing as a codec that is necessary to play some multimedia formats. It shows the end-user a license, however it does not wait for the user to agree or disagree. The moment this so-called "agreement" pops up it is already too late. In reality, no codec is installed, and instead Zcodec is installed on the computer when the user clicks on the downloaded file.

Once downloaded, a rootkit is installed. Rootkits are a program designed to hide processes, files or registry entries.

Zcodec installs two executable files. The first modifies the DNS settings so that when a user clicks on results from search engines a different page is displayed.

Further information on this is available of course at Panda Virus Encyclopedia, and at Vnunet.com. I would urge you to learn about this new threat, and be prepared. If you get a rootkit invader, you will have real problems including, redirection of users to pages designed to steal confidential data such as banking sites, or pages where you may uses your credit card information to make purchases. Also, since rootkits hide themselves so well they are also extremely difficult for anti-spyware, andti-trojan, and anti-spyware to identify.