Audio/Video

This has to be one of the most advanced worms out in the wild to date. It uses a 128bit RSA encryption loop matched with semi-polymorphic properties. The worm tries to infect wsock32.dll library and writes itself to the end of last file section - hooks "connect" , "recv" , and "send" functions. While the dll is being loaded the worm encrypts the original entry routine. The worm sniffs on WSOCK32.dll for emails, when it locates an email it will attempt to email a copy of itself to that address. This worm has plugin support. So far 32 different plugins have been located for this worm.

AOL users are being warned to look out for an e-mail virus that can steal their passwords. Security software firm McAfee.com has issued the alert after noticing a 100% rise in infections from the APStrojan. The strain has been around for over a year, but has been recently refined to target AOL communities. The virus is in an attachment accompanying an e-mail entitled 'Hey You'. If opened, the file attempts to steal victims' AOL account names and passwords. It perpetuates itself by reading and sending itself to friends' e-mail addresses listed in their 'buddy lists'.

Following bugtraq I found a lot of the traffic following the BIND vulnerability announcement interesting. At some point I got a mail from nobody@replay.com claiming to be a fix for the BIND problem. Turns out the code is a trojan (bugtraq members quickly spotted the malicious code) that floods Network Associates servers. Wired is carrying a sensationalized story on the incident here.

Following is posted the original nobody mail:

Well word has it that there is a high possibility that crackers have modified the Ramen source code to enable the worm to automatically deface sites with the crackers own web pages/personalised message as opposed to the standard Ramen Crew message. Personally, I don't see why this didn't come about sooner - I mean you've got the source code, you've certainly got the compiler and vi... Might as well spread a more personalised message while you're risking your entire future defacing a site!

It's been almost two years since that infamous worm swept through the world's email servers, spreading faster than any virus ever had before, and it seems like there is a new strain out in the wild, known as Melissa.W... better update those virus definition files! Read the full report here.

An Internet worm that affects Linux-based servers running Red Hat Inc.'s version of the open-source operating system has been causing aggravation for some users over the past week, although security analysts said they haven't yet seen any permanent damage that was caused by the so-called Ramen code. Yummm... tasty!

CERT Advisory CA-2001-01 announced that the Interbase server database contains a compiled-in back door account. The thing is, it was not the result of a malicious code infection, but a direct addition by the original Borland/Inprise authors done before the program was released as open source.

Saw this over at HNN

7-Elevens around the country were victimized by a Y2K glitch on the first of this year. The glitch altered the date by a century, registering the day as January 1, 1901 on store computer systems. The convenience store chain had performed extensive Y2K compliance work on their networks prior to this occurrence.

AP via MSNBC

An anti-virus security firm named Central Command discovered the virus.

Computer Associates has issued the first virus warning of 2001 to its customers, advising them of a low-to-medium risk e-mail worm called Tqll-A.
Also known as VBS/Tqll-A, the virus is said to be the latest MS-Outlook-based e-mail worm threat. Check out the full story here.