Death and taxes are said to be the two things you can count on in life and presumably that applies to the life of security experts too. Unfortunately, a very reliable supply of major security vulnerabilities and fixes therefore is not in that list...
It has been a very quiet week, even compared to past quiet weeks. Some Linux vendors have (finally) shipped updates for things we have mentioned in previous issues and there has been a great deal of debate (much of it misdirected in my opinion) over Scott Culp's recent opinion piece which labelled the practice often termed 'full disclosure' as 'information anarchy'. However, there have been very few major security issues or virus or worm incidents worthy of mention.
So, it seems the system and security managers reading this may have an easy Friday afternoon (and weekend) ahead of them!
Finaldo virus spreading slowly
Officially sporting the name Win32/Finaldo.B@mm, this latest self-mailing virus deemed worthy of mention on antivirus developer web pages does not seem to have spread far. Finaldo is a parasitic PE infector that specifically targets .EXE (Windows applications), .SCR (screen savers) and .OCX (ActiveX controls) and that also e-mails itself via MAPI mail functionality. The mail message it sends has a blank body, a variable Subject: line and a variably sized attachment always named '.EXE'. This file has a Chinese flag as its icon.
Various sites that track virus activity show very little evidence of Finaldo having been at all 'successful' to date.
Security zone flaw in ZoneAlarm
The popular personal firewall ZoneAlarm Pro is reported to have a potentially problematic default configuration. By default, ZoneAlarm Pro (and presumably also the free version, ZoneAlarm) includes all machines with IP addresses whose first two octets match the local machine's address as being in the 'Local' rather than 'Internet' networks and such machines are given access to Windows networking shares, servers running on the local machine and so on.
Within a corporate LAN, this is not an unreasonable default, but it is also not entirely safe for small corporate networks and certainly not safe for laptops that access the network (at least while out of the office) via public access dial-up services. Users of ZoneAlarm and ZoneAlarm Pro should read the referenced article and carefully consider how this may affect their use of the product.