More Netsky tricks; preview XP SP2

This issue's topics: Introduction: * More Netsky tricks; preview XP SP2; Emil & Kerio MailServer patches Virus News: * Pesky Netsky returnsky even moresky * Are antivirus developers scamming us? Security News: * XP Service Pack 2 'technical preview' publicly released * Buffer overflow in Kerio MailServer spam filter fixed * Remotely exploitable holes in Emil patched * GNOME web site break-in delays next release

This issue's topics:

Introduction:

* More Netsky tricks; preview XP SP2; Emil & Kerio MailServer patches

Virus News:

* Pesky Netsky returnsky even moresky

* Are antivirus developers scamming us?

Security News:

* XP Service Pack 2 'technical preview' publicly released

* Buffer overflow in Kerio MailServer spam filter fixed

* Remotely exploitable holes in Emil patched

* GNOME web site break-in delays next release

Introduction:

If the phrase 'based on Release Candidate 1 of SP2' doesn't faze you, news of Microsoft's public release of the 'technical preview' of Service Pack 2 for Windows XP may be of interest. If so, please don't overlook Microsoft's warnings that the software is unsupported...

Kerio MailServer has been updated to fix some remotely exploitable issues, as has the Emil package included in some Linux and BSD distributions. We close the security section with news of the compromise of another site hosting open source software. Although it appears the code stored at the site is unaltered following the unauthorized access to the servers, the developers have delayed release of the next major version of the GNOME Desktop for a few days just to be sure everything is as it should be.

On the virus front, we describe the latest Netsky variant (I guess that means another will be released a few moments after I file this copy!) and link to a hopefully interesting issue that repeatedly confronts the antivirus industry.

Virus News:

* Pesky Netsky returnsky even moresky

Despite its writer apparently promising to 'retire' from writing and releasing further variants, the Netsky worm family is increasing at much the same rate as the contemporary Bagle family. A new variant released at the beginning of the week seems to have really gained some traction.

Known as Netsky.P, this variant composes a wide range of messages covering some of the more interesting social engineering approaches we have seen of late. Included are such ruses as the viral e-mail message claiming the recipient is known to have visited 'illegal websites', that the recipient had sent the sender a virus-infected message and the attachment was a cleaner for that virus and so on. It also can compose HTML e-mails that include an exploit of an Internet Explorer vulnerability whereby an attachment can be automatically executed from an e-mail attachment simply by reading (and possibly even previewing) the viral e-mail message, depending on the e-mail program the recipient uses.

Computer Associates Virus Information Center

F-Secure Security Information Center

Kaspersky Lab Virus Encyclopedia

Network Associates Virus Information Library

Sophos Virus Info

Symantec Security Response

Trend Micro Virus Information Center

* Are antivirus developers scamming us?

A question that is raised sufficiently often to be worth occasional consideration is addressed in a recent Wired article. Your list compiler is unable to remain dispassionate about this, so will refrain from commenting. Hopefully the article will prove an interesting read...

Cashing In on Virus Infections - wired.com

Security News:

* XP Service Pack 2 'technical preview' publicly released

Microsoft has publicly released what it terms a 'technical preview' version of Service Pack 2 for Windows XP. Be warned - this is not the finished product and is not supported. If you are at all unsure what Microsoft may mean by warnings such as 'This technical preview is unsupported and is intended for testing purposes only. Do not use in production environments' then do not consider getting a copy and 'playing with it'. Of course, the reason it is of interest here is that XP SP2 includes many security enhancements ( for example, the software firewall is significantly enhanced and will be enabled by default, and many underlying structural changes have been made with an eye to improving the OS' security).

However, if you have a test network (and some spare time!) by all means obtain a copy and do some testing. Of course, if you don't have something notably better than a modem-speed connection, expect the 273 MB download to take quite some time on its own (although your list compiler has not tried it yet, one suspects the eleven and half hour estimate for downloading via 56 kbps modem is a tad on the optimistic side).

Even if you are not of a mind to 'test' the pre-release of SP2, the page linked below contains a good deal of information about the changes, additions and so on to expect from the final released version of XP SP2.

Windows XP Service Pack 2 Technical Preview Program - microsoft.com

* Buffer overflow in Kerio MailServer spam filter fixed

Kerio has released version 5.7.7 of its Kerio MailServer. Among other bug fixes and performance enhancements, this release includes a fix for a buffer overflow in MailServer's spam filter that is potentially exploitable by sending a specially malformed e-mail message to the server. Another problem fixed in 5.7.7 involves improper stripping of viruses and other prohibited content, so administrators of earlier versions of Kerio MailServer would be well-advised to obtain this latest update.

Kerio MailServer Release History - kerio.com

* Remotely exploitable holes in Emil patched

Ulf Harnhammar has uncovered remotely exploitable buffer overflows in the Emil mail format and encoding conversion utility. Emil ships as one of the packages in Debian GNU/Linux and SUSE Linux, and is included in the FreeBSD Ports Collection. Buffer overflows in the handling of the filenames of attachments to messages affect at least the 2.0.4 and later versions of the package, while some format string vulnerabilities are also present in the latest release 2.1.0-beta9 (from 1996).

As with his recent similar discoveries in metamail, it appears that although still in use, this package currently has no official maintainer, so Harnhammar has provided source patches of his own. These are included in the advisory he posted to various security mailing lists (and obtainable from a link on the page archiving one of those list messages that we have linked to below). Affected distributions have already have shipped update packages, or presumably soon will.

Archived Bugtraq list message - securityfocus.com

* GNOME web site break-in delays next release

Servers hosting the GNOME project - one of the two main Linux desktop environments - and related open source development efforts have suffered a break-in, potentially compromising a large chunk of popular Linux code. The full extent of the damage, if any, is still being determined, but more recent comments from GNOME spokespeople suggest that no code was compromised at all. However, opting to possibly err on the side of caution, the release of GNOME 2.6 has been rescheduled for 31 March.

Update on 'Intrusion on www.gnome.org' - gnome.org

GNOME 2.6 Rescheduled for March 31st - gnome.org

Join the newsletter!

Error: Please check your email address.

More about CA TechnologiesDebianelevenF-SecureIntrusionKasperskyKasperskyLinuxMicrosoftSophosSymantecTrend Micro Australia

Show Comments

Market Place

[]