RootsWeb Mailing List Archives

RootsWeb.com Mailing Lists

Home

Results for list 'ilwayne'

Sender

Subject

Content

Total: 1/1

1. CRITICAL SECURITY ALERT: Windows Vulnerabilities
2. Sandy Bauer
3. Wayne County Researchers Please read all the way through this and visit the links below to help you protect your computer from these security threats and viruses. I have also published this as a link from our Wayne County website as an "ALERT" so you can share with your friends and relatives as well. CRITICAL: --------------- MS Windows Vulnerabilities ACTION: ------------- MS Windows users must IMMEDIATELY apply patch updates. On April 12, 2005, Microsoft released 8 security bulletins for newly discovered vulnerabilities in Microsoft Windows and other Microsoft products. Microsoft has released patches and updates to address these vulnerabilities (see Resources section). Threat level of these vulnerabilities is classified as *CRITICAL* for Windows systems and all Windows users should apply the necessary updates and patches immediately. In related news, variants of the `Mytob' worm have been burrowing through the Internet since April 12. New variants of the `Mytob' worm have spawned on the Internet yesterday and today. The full names are `W32.Mytob.AR@mm', 'W32.Mytob.AU@mm' and 'W32.Mytob.AV@mm'. Symantec classifies these as a Category 2 (Low) threat. 'Mytob' is a mass-mailing worm that also spreads through network shares with weak passwords. Due to the potential for spread of this worm and that Microsoft has released 8 security bulletins for newly discovered vulnerabilities in Microsoft Windows and other Microsoft products. This alert has a threat rating of *SIGNIFICANT* for the Windows platforms. Owners of systems running Windows are advised to manually update their anti-virus definitions. Immediately install the latest definitions by clicking the "LiveUpdate" button that appears when you open the Symantec program (i.e. Norton Antivirus). Everyone is urged to exercise extreme caution when handling file attachments received, especially Windows system owners. The 'Mytob' variants are known to use the following file extensions: .bat, .cmd, .exe, .pif or .scr VIRUS DETAILS: -------------------------- The sender will appear to be a generic first name followed by one of the following domains: - aol.com - cia.gov - fbi.gov - hotmail.com - juno.com - msn.com - yahoo.com The following subject lines are characteristic of 'Mytob' variants (One of the following): - error - Good day - hello - Mail Delivery System - Mail Transaction Failed - Server Report - Status - [blank] - [random characters] The message body may contain (One of the following): - Here are your banks documents. - The original message was included as an attachment. - The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment. - The message contains Unicode characters and has been sent as a binary attachment. - Mail transaction failed. Partial message is available. The attachment may look like (One of the following): - body - data - doc - document - file - message - readme - test - text - [random name] # using one of the following extensions: - .bat - .cmd - .exe - .pif - .scr Note: The attachment may have a .zip extension and contain a file with a dual extension. The first extension will be .doc, .htm, or .txt, followed by .exe, .pif, or .scr as the second extension. The 'Mytob' variants steal email addresses from the systems they infect. The addresses are used to help disguise the worm and promote further infection and confusion. Do not worry if you receive a bounce-back message stating that your email could not be delivered because it contained a virus. Remember that while you did not physically send the email to begin with, virus filters are unable to make this distinction. The worm may also attempt to lower the security settings, terminate processes, add content to system files and download files from remote websites. MITIGATION ----------------- Symantec has published updated antivirus definitions. Users should apply the updates *immediately*. Symantec has also published a removal tool for use on infected systems (see 'Resources' below). W32.Mytob.AR@mm http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ar@mm.html W32.Mytob.AU@mm http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.au@mm.html W32.Mytob.AV@mm http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.av@mm.html USER ACTION --------------------- Immediately -- and routinely -- update your Windows-based PC and/or laptop with current Windows updates and patches (see below). To automatically install Windows Updates on most Windows platforms, click on the "Start" menu and go to "Windows Updates". If your laptop system is not configured to automatically connect to Microsoft to get patch updates, you will need to do this manually. Access http://www.microsoft.com and click on the "Windows Update" link in the “Product Resources” section located on the left side of the web page. ADDITIONAL RESOURCES ---------------------------------------- Microsoft Security Bulletin Summary for April 2005: http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx Windows Security Updates Summary for April 2005: http://www.microsoft.com/security/bulletins/200504_windows.mspx Microsoft Security Updates Portal: http://www.microsoft.com/downloads/search.aspx?displaylang=en&categoryid=7 US-CERT Alert TA05-102A: Multiple Vulnerabilities in Microsoft Windows Components: http://www.us-cert.gov/cas/techalerts/TA05-102A.html
04/14/2005 12:11:57