Audio/Video

Its ironic. Even as hackers and crackers from around the world were converging Friday in Las Vegas for the annual DefCon conference, two viruses written by some of the programming underworld's best are spreading like wildfire in the cities they're leaving behind. Unlike most viruses, these two don't require you to receive an e-mail, double-click on a file attachment or even open an e-mail program in order to become infected.

A hot topic at the Black Hat conference was worms. According to Crimelabs Security Group, worm creators are getting smarter and coding techniques becoming more complex. Future worms will thrive on subtlety and disguise, making it harder to detect and stop them. They will be able to automatically update components on the fly, effectively morphing them into a different virus.

This is the first patch I've ever heard of for Cold Fusion. As an administrator it always sort of worried me that with all the power of Cold Fusion, no one was ever releasing exploits -- or patches.

Bugtraq post follows...Macromedia releases patch that addresses ColdFusion Server security
issues.

Originally Posted: July 11, 2001

Summary

Anti-virus experts today warned of program masquerading as a security patch from Microsoft Corp. [NASDAQ:MSFT] that contains a new variant of a dangerous Internet worm. The worm, which security researchers have named W32.Leave.B.Worm, is the latest incarnation of Leave, a mysterious, self-propagating program that prompted an advisory from the FBI's National Infrastructure Protection Center last month.

An annoying but relatively harmless virus that advocates legalizing marijuana is making enemies out of some potential allies: potheads.

Unlike Stoned, which appeared a dozen years ago and could corrupt all data on a disk drive, the Marijuana virus doesn't damage victims' PCs. Its payload, which is spread by an e-mail worm and through a Trojan Horse program, sets the infected computer's Internet Explorer browser start page to marijuana.com and places an unmistakable green, palmate leaf in the Windows system tray of an infected PC....

This flaw is more on semantics, than on the mathematics or the protocol side of cryptography. Nevertheless, it is an important note to be taken seriously. Normal men on the street who do not know about the semantics in which encryption works will still be deceived by another person should he choose to exploit this semantic flaw.

By Dennis Fisher, eWEEK

June's virus chart is topped by the highly destructive Magistr worm, says security firm Sophos. This worm has been dominating the top ten for the last three months. It seems that the simple message - don't open unsolicited attachments - has not yet hammered home," says Peter Cooper, UK support manager, Sophos Anti-Virus.

"What's more, the highly publicised Homepage virus is also continuing to infect many people. It seems computer users are still ignoring warnings and have neglected to update their anti-virus protection" he says

Over the weekend we have been working to analyze a new MS Windows worm named W32.leave.worm. Although the ultimate intent of this worm has not yet been discovered, there are indications that it may be used as part of Zombie DDoS agents.

Network traffic collected by the Internet Storm Center and its partners indicates that there is widespread activity. It is assumed that the worms ability to synchronize the system time, to download additional code, and to listen to IRC channels make it a very dangerous DDOS tool.

A new virus that seeks out computers infected with a popular "backdoor" Trojan horse program could be used to download and store other malicious files, including those typically employed in distributed denial-of-service attacks, federal security experts warned Saturday.

The security alert - issued by FedCIRC, the FBI?s National Infrastructure Protection Center (NIPC), and several private anti-virus companies - concerns a virus called "W32-Leave.worm," which scours the Internet for systems infected with the notorious "SubSeven" Trojan..

I really noticed many people (not only small servers, also some realyl big
ones who should know better) are still running vulnerable verions of Apache
and noticed some things I disliked when testing this exploit, so I rewrote
a
lot of it's code. Now it will also work if executed from a Windows box. I
also made it much esaier to use. I hope you, who are intreted in testing
this issue, will enjoy it. File is attached.

Here is a change log: