Another week, another Netsky...; Virus prevalence survey

This issue's topics: Introduction: * Virus prevalence survey; multiple Cisco exploits, HP Web JetAdmin vuln Virus News: * Another week, another Netsky... * ICSA Labs Virus Prevalence Survey shows malware problem worsening Security News: * Multiple HP Web JetAdmin vulnerabilities disclosed * Multiple exploits for Cisco product vulnerabilities published * Indirect costs of computer insecurity studied * Emerging security concerns with growth of XML-based web services

This issue's topics:

Introduction:

* Virus prevalence survey; multiple Cisco exploits, HP Web JetAdmin vuln

Virus News:

* Another week, another Netsky...

* ICSA Labs Virus Prevalence Survey shows malware problem worsening

Security News:

* Multiple HP Web JetAdmin vulnerabilities disclosed

* Multiple exploits for Cisco product vulnerabilities published

* Indirect costs of computer insecurity studied

* Emerging security concerns with growth of XML-based web services

Introduction:

A slow week all round, with little of significance to report in either the virus or security sections...

Virus News:

* Another week, another Netsky...

Well, two actually. Still, that is something of a slow-down as multiple Netsky variants have been common in recent weeks. Netsky.R is really nothing to write home about, but neither were any of the other newly discovered viruses this last week. Also, it seems that the userbase may finally be wising up to the plethora of tricks the recently widespread virus families (Netsky, Bagle and Mydoom) have employed to inveigle their way onto victim computers.

Computer Associates Virus Information Center

F-Secure Security Information Center

Network Associates Virus Information Library

Sophos Virus Info

Symantec Security Response

Trend Micro Virus Information Center

* ICSA Labs Virus Prevalence Survey shows malware problem worsening

The results of the 9th Annual ICSA Labs Virus Prevalence Survey do not provide encouraging reading. ICSA Labs, a division of computer security consultancy TrueSecure Corporation, announced that 15% more respondent companies than in 2002 admitted to having suffered a 'virus disaster' - 25 or more PCs or servers infected at the same time with the same virus, or a virus incident causing significant damage or monetary loss to the respondent's organization - than in its 2002 survey, and 88% of respondents felt that malicious code had been 'somewhat or much worse' in 2003 than in the previous year.

TrueSecure's press release announcing the results of the survey is linked below for those interested in more detail. The press release includes links to the actual survey report.

Malicious Code Problem Continues to Worsen - truesecure.com

Security News:

* Multiple HP Web JetAdmin vulnerabilities disclosed

HP's Web JetAdmin software is based on the Apache web server and is used to manage network printers and other such peripherals. A couple of recent postings to the Bugtraq mailing list have exposed vulnerabilities in Web JetAdmin software 7.5.2546, and unspecified earlier versions, that can allow unauthorized use of Web JetAdmin facilities and possibly compromise of the Web JetAdmin web server. No updates have been made available from HP yet, but restricting access to the Web JetAdmin port (TCP 8443) may be a practical workaround for many in the meantime.

Archived Bugtraq list messages - securityfocus.com (358485)

Archived Bugtraq list messages - securityfocus.com (358502)

* Multiple exploits for Cisco product vulnerabilities published

Exploit code for nine 'old' vulnerabilities in various Cisco products, including some very widely used, was recently published. In response, Cisco has published a list of the products and versions vulnerable to those exploits so anyone who has fallen behind on patching their Cisco products can easily check whether they need to take action or not.

Security Notice: Exploit for Multiple Cisco Vulnerabilities - cisco.com

* Indirect costs of computer insecurity studied

A group of researchers from the Smith School of Business at the University of Maryland has undertaken a study of the indirect costs of computer security incidents. The direct costs of such incidents as break-ins, worm or virus attacks, web defacements and such are probably fairly obvious (although many contend, badly underestimated by most businesses anyway), but very little research has previously been done on quantifying the indirect costs such as loss of customer and/or shareholder confidence and the like.

Cybercrimes' True Price: Crime May Not Pay - informationweek.com

* Emerging security concerns with growth of XML-based web services

Increased interest in and use of web services, particularly using XML and distributed web applications raises its own special security concerns. Several of these are introduced and discussed in the articles linked below.

Extra headaches of securing XML - news.com

Commentary: Keeping developers out of security - news.com

Join the newsletter!

Error: Please check your email address.

More about ApacheCA TechnologiesCiscoF-SecureHPICSASophosSymantecTrend Micro Australia

Show Comments
[]