IDGNet Virus & Security Watch Friday 16 May 2003

Introduction: * Linux kernel patches, Opera browser updates, the Fizzer that wasn't Virus News: * Not such a fizzer after all... * South African in court on computer virus charge Security News: * Multiple security flaws fixed in recent Opera releases * Linux 2.4 kernel patch fixes DoS vulnerability

Introduction:

* Linux kernel patches, Opera browser updates, the Fizzer that wasn't

Virus News:

* Not such a fizzer after all...

* South African in court on computer virus charge

Security News:

* Multiple security flaws fixed in recent Opera releases

* Linux 2.4 kernel patch fixes DoS vulnerability

Introduction:

Aside from the Fizzer virus - which seems very inappropriately named given that it turned out to be anything but - it has been a very quiet week. The only security issues of any note are that yet more security and privacy leak flaws have been patched in the latest (Windows) builds of the Opera web browser. This will keep Linux admins busy with a round of kernel patching to fix an easily levied denial of service possibly due to flaws in the route cache code.

Fizzer is a multi-headed beast that despite a very slow start for three or four days late last week and over the weekend absolutely exploded on Monday. Read more about it below.

Virus News:

* Not such a fizzer after all...

A virus first isolated eight days ago (Thursday, 8 May) took a sudden and unexpected dash for glory late the following Monday 12 May. Known as Win32/Fizzer.A, it combines several increasingly common features. As well as being a mass-mailer it spreads through the Kazaa P2P network (if the Kazaa client is installed on the victim's machine), installs a keylogger, acts as a remote access agent (using the IRC network for its control channel), and can update itself across the Internet. Further features common among recent successful viruses that are included in Fizzer are its forging of e-mail 'from' address information and its active disabling of antivirus, personal firewall and other security software.

MessageLabs daily detection statistics currently (Thursday evening) show Fizzer to be outrunning longstanding prevalence leader Klez.H by a factor of five. Further, the email service provider's monthly stats (linked below) show that, combined through the whole month to date, Fizzer detection's outstrip the total for Klez.H over the same timeframe by approximately 35%.

MessageLabs' monthly threat list - messagelabs.com

Computer Associates Virus Information Center

F-Secure Security Information Center

Kaspersky Lab Virus Encyclopedia

Network Associates Virus Information Library

Sophos Virus Info

Symantec Security Response

Trend Micro Virus Information Center

* South African in court on computer virus charge

South African IT news site ITWeb has reported on the appearance last month, in Johannesburg Commercial Crimes Court, of a man on charges relating to the alleged release of a virus. The article notes that the defendant, who was an employee of the targeted company at the time of the attack, was reputedly upset at a salary reduction due to changes in responsibilities. This is the first case of such a charge in the South African courts and is being watched with interest to see the level of seriousness reflected in the sentencing, assuming the accused is convicted.

Virus at local retailer lands ex-employee in court

Security News:

* Multiple security flaws fixed in recent Opera releases

Several security vulnerabilities, ranging from information leaks to potential remote compromise of the victim's machine, have been fixed in the recent builds of this popular alternative to Internet Explorer. Unfortunately, neither the status of these bugs nor the timescale for likely fixes for the non-Windows versions of this browser are clearly spelled out at Opera's web site. If you use this browser, at least on Windows machines, check that you have the latest version - Opera 7.11.

Opera download page - opera.com

* Linux 2.4 kernel patch fixes DoS vulnerability

A bottleneck in the route cache code means that a relatively low rate of carefully chosen network packets can bring a substantial Linux machine to a grinding halt. Popular distributions have rebuilt and released the kernel with patches that fix this problem, or will do soon.

Administrators of Linux machines exposed to a 'hostile' network should obtain and install the appropriate updates. The original advisory announcing this issue is linked below.

Archived linux-kernel mailing list message - theaimsgroup.com

Join the newsletter!

Error: Please check your email address.

More about CA TechnologiesF-SecureKasperskyKasperskyLinuxMessageLabsSophosSymantecTrend Micro Australia

Show Comments
[]