- Latest
- Apr 2013
- Mar 2013
- Feb 2013
- Jan 2013
- Dec 2012
- Nov 2012
- Oct 2012
- Sep 2012
- Aug 2012
- Jul 2012
- Jun 2012
- May 2012
- Apr 2012
- Mar 2012
- Feb 2012
- Jan 2012
- Dec 2011
- Nov 2011
- Oct 2011
- Sep 2011
- Aug 2011
- Jun 2011
- May 2011
- Apr 2011
- Mar 2011
- Feb 2011
- Jan 2011
- Dec 2010
- Nov 2010
- Oct 2010
- Sep 2010
- Aug 2010
- Jul 2010
- Jun 2010
- May 2010
- Apr 2010
- Mar 2010
- Feb 2010
- Jan 2010
- Dec 2009
- Nov 2009
- Oct 2009
- Sep 2009
- Aug 2009
- Jul 2009
- Jun 2009
- May 2009
- Apr 2009
- Mar 2009
- Feb 2009
- Jan 2009
- Dec 2008
- Nov 2008
- Oct 2008
- Sep 2008
- Aug 2008
- Jul 2008
- Jun 2008
- May 2008
- Apr 2008
- Mar 2008
- Feb 2008
- Jan 2008
- Dec 2007
- Nov 2007
- Oct 2007
- Sep 2007
- Aug 2007
- Jul 2007
- Jun 2007
- May 2007
- Apr 2007
- Mar 2007
- Feb 2007
- Jan 2007
- Dec 2006
- Nov 2006
- Oct 2006
- Sep 2006
- Aug 2006
- Jul 2006
- Jun 2006
- May 2006
- Apr 2006
- Mar 2006
- Feb 2006
- Jan 2006
- Dec 2005
- Nov 2005
- Oct 2005
- Sep 2005
- Aug 2005
- Jul 2005
- Jun 2005
- May 2005
- Apr 2005
- Mar 2005
- Feb 2005
- Jan 2005
- Dec 2004
- Nov 2004
- Oct 2004
- Sep 2004
- Aug 2004
- Jul 2004
- Jun 2004
- May 2004
- Apr 2004
- Mar 2004
- Feb 2004
- Jan 2004
- Dec 2003
- Nov 2003
- Oct 2003
- Sep 2003
- Aug 2003
- Jul 2003
- Jun 2003
- May 2003
- Apr 2003
- Mar 2003
- Feb 2003
- Jan 2003
- Dec 2002
- Nov 2002
- Oct 2002
- Sep 2002
- Aug 2002
- Jul 2002
- Jun 2002
- May 2002
- Apr 2002
- Mar 2002
- Feb 2002
- Jan 1995
- Jan 1994
6/30: Bankhook.A Steals User Information
Bankhook.A is a Trojan that installs itself in the affected computer by taking advantage of several vulnerabilities.
6/30: Agobot-KG Sets Up IRC Channel
W32/Agobot-KG is an IRC backdoor Trojan and network worm which establishes an IRC channel to a remote server in order to grant an intruder access to the compromised machine.
6/30: Rbot-CG Allows Unauthorized Access
W32/Rbot-CG is a backdoor Trojan and network worm that allows unauthorized remote access to the infected computer via IRC channels while running in the background as a service process.
CEO Warns Threats are Coming from the Inside
The CEO of a security start-up says IT administrators aren't paying enough attention to the threats that are coming from within their own networks.
6/30: Doep.A Spreads Via File Sharing
W32.Doep.A is a worm that spreads through file-sharing networks, such as Kazaa, eMule, eDonkey2000, Lphant, and Overnet.
Spyware Sneaking into the Enterprise
Not just for consumers anymore, invasive programs are finding comfort in the corporate realm and leaving more than unwanted ads in their wake.
6/29: Trojan.Ecure Modifies IE Page
Trojan.Ecure is a Trojan horse that modifies the Hosts file and Internet Explorer home page.
US-CERT: Beware of IE
The U.S. government's cybersecurity unit recommends ditching Internet Explorer in favor of other, safer browsers.
6/29: Downloader-LY Carries Trojan
Downloader-LY is a Trojan that attempts to connect to a remote URL, and downloads Keylog Briss.
6/29: Boxed.D Performs DoS Attacks
Trojan.Boxed.D is a Trojan horse that performs a Denial of Service (DoS) attack on certain Web sites.
6/29: Rbot-CC Has Backdoor Capabilities
W32/Rbot-CC is a member of the W32/Rbot family of worms with backdoor component.
6/29: Gaobot.AUS Lets Attackers In
W32.Gaobot.AUS is a repacked variant of W32.Gaobot.SN.
6/29: Randex.ATX Remotely Controlled
W32.Randex.ATX is a network-aware worm that may be remotely controlled using IRC.
Casino Stacks the Deck with New IDS System
The Riviera Hotel & Casino in Las Vegas has to deal with more than its share of hacker attacks. To fight off these threats, IT administrators there recently went shopping for an IDS system.
Gates on Spam
It's gonna get better, the chairman promises.
6/28: Backdoor-AXY Runs Silently
Backdoor-AXY is a Trojan that upon execution, runs silently, no GUI message boxes appear.
6/28: JS-Ject.A Hides in Hostile Web Pages
JS_Ject.A is Trojan script that usually arrives as an encrypted Java script file embedded in malicious Web pages.
6/28: Backdoor-CCL Running Wild
Backdoor-CCL is a Trojan that when executed, the file runs silently, no GUI message boxes appear.
6/28: Mota May Arrive As Attachment
W32/Mota.worm may arrive as an e-mail file attachment with the file attachment being either a .scr or .pif or .zip file.
6/28: Backdoor.Botex Steals Information
Backdoor.Botex is a backdoor program to allow unauthorized remote access to a compromised system.
6/28: JS-Scoba.A is Trojan Script
JS-Scoba.A is Trojan script that is usually embedded in malicious Web pages.
6/28: Agobot-KE Exploits Weak Passwords
W32/Agobot-KE is a backdoor Trojan and worm that spreads to computers protected by weak passwords.
6/28: Rbot-CA Allows Remote Access
W32/Rbot-CA is a worm that attempts to spread to remote network shares.
Malware Attack Thwarted but Danger Lurks
Critical IE vulnerability remains unpatched.
Predictability Can Be Fatal
eSecurityPlanet Columnist George Bakos says that in computing, as in life and love, being predictable can be a fatal flaw. Hackers and worm authors thrive on default settings. Bakos talks about how to get around that.
Soft on the Inside
While external security threats abound, most serious risks still emanate from lax policies and procedures and a lack of ongoing employee training.
A Spec to Spike Spam?
The latest anti-spam effort by the four largest U.S. ISPs is a joint specification to eliminate spoofed e-mail addresses.
Major Web Attack May Steal Financial Data
IT administrators are being warned to double check their servers, and Web surfers are being cautioned after a widespread hacker attack has compromised major corporate Web sites and infected thousands of users' computers.
6/25: Sdbot.Fo Exploits LSASS Flaw
Worm_Sdbot.Fo is a worm that spreads by exploiting the Windows LSASS flaw, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system.
6/25: JS.Scob Executes Javascript File
JS.Scob.Trojan is a simple trojan that executes a JavaScript file from a remote server.
6/25: Korgo.V Exploits Vulnerability
Worm_Korgo.V exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system.
6/25: BackDoor-AXJ Very Active
BackDoor-AXJ is a Trojan that when run on the victim machine, serves multiple actions.
6/25: Korgo.U Exploits LSASS Flaw
Korgo.U is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers.
6/25: JS/Scob-A a Java Script Trojan
JS/Scob-A is a Java script trojan that is reported to be appended to HTML files on IIS machines.
6/24: Korgo.T Exploits LSASS Vulnerability
Worm_Korgo.T is a memory-resident worm that exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system.
6/24: Sdbot-JF Allows Remote Access
W32/Sdbot-JB is a worm that attempts to spread to remote network shares.
6/24: Downloader.JH Downloads Dialer
Downloader.JH is a Trojan that gets information on the affected computer in order to download a dialer, detected by Panda Software as Dialer.DA, to the computer.
6/24: Bobax.B Exploits LSASS Vulnerability
Worm_Bobax.B is known to exploit the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of an affected system.
Anti-Spyware Bill Clears Committee Hurdle
Bill sponsors amend anti-spyware measure to cure Internet 'cancer.'
6/24: Korgo.R Scans IP Addresses
W32/Korgo-R is a network worm using the LSASS exploit to propagate (MS04-011).
IM -- a Threat to Network Security
Employees using instant messaging could be opening up gaping holes in their companies' network security.
AOL Employee Arrested in Spam Sting
Millions of screen names were used to illegally promote an Internet gambling operation.
6/23: Korgo.S Exploiting LSASS Vulnerability
Continuing its way through the alphabet, Panda Software issued an alert for the S variant of the Korgo worm, which spreads via the Internet by exploiting the LSASS vulnerability in remote computers.
6/23: Agobot-KC Seeks Weak Passwords
W32/Agobot-KC is a backdoor worm that spreads to computers protected by weak passwords.
6/23: Korgo Q, R Variants Use LSASS Flaw
Some security vendors have issued alerts for the Q and R variants of the Korgo worm, which spreads via the Internet by exploiting the LSASS vulnerability in remote computers.
Buffer Overflows in ISC's DHCP
Users at risk of denial-of-service or code execution attacks.
6/22: Rbot-BL Spreads to Remote Shares
W32/Rbot-BL is a worm that attempts to spread to remote network shares.
6/22: Ranky.G Runs as Proxy Server
Backdoor.Ranky.G is a Trojan horse that runs as a proxy server.
6/21: Lovgate-V Spreads Multiple Ways
W32/Lovgate-V is a variant of the W32/Lovgate family of worms that spread via email, network shares and filesharing networks.
6/21: Korgo-N, O, P Exploit LSASS Flaw
Some security vendors Monday issued alerts for the N, O and P variants of the Korgo worm, which spread by exploiting the LSASS vulnerability in Windows.
6/21: Rbot-BI Runs in Background
W32/Rbot-BI is a worm that attempts to spread to remote network shares.
6/21: IPScanner.A is a Hacking Tool
IPScanner.A is a hacking tool.
6/21: Hacarmy.C Gives Hacker Control
Backdoor.Hacarmy.C is a Backdoor Trojan horse that gives an attacker control over a compromised computer.
6/21: Lovgate.AB Spreads Via Email
Worm_Lovgate.AB drops copies of itself in several locations using varying file names.
6/18: Sdbot-JB Allows Remote Access
W32/Sdbot-JB is a worm that attempts to spread to remote network shares.
6/18: Rbot-BC Runs in Background
W32/Rbot-BC is a worm that attempts to spread to remote network shares.
6/18: Lovgate-V Spreading Widely
W32/Lovgate-V is a variant of the W32/Lovgate family of worms that spread via email, network shares and filesharing networks.
6/18: Dansh-A Copies to Windows
W32/Dansh-A is a network worm and IRC backdoor Trojan that can copy itself to the Windows System32 folder as DESKTOP.EXE when executed.
6/18: Korgo L,M Exploit Buffer Flaw
W32.Korgo.L and M are the latest variants of the W32.Korgo.I worm and attempt to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445.
Crisis of Confidence Spawns Confidence Games
The spam problem is inextricably linked to any number of other Bad Things lurking on the 'Net.
IT and End Users Differ on Spam Severity
IT managers report they're struggling to hold spam at bay, but end users say it's not a huge problem. What they do agree on is that spam isn't going away anytime soon, and will probably just get worse.
6/18: Backdoor.Nibu.H Opens Trojan
Backdoor.Nibu.H opens a backdoor Trojan horse on a compromised system.
6/17: Rbot-AX Spreads to Remote Shares
W32/Rbot-AX is a worm that attempts to spread to remote network shares.
6/17: PWSteal.Bammer.A Steals Passwords
PWSteal.Bamer.A steals passwords when you visit Web sites the belong to certain banks.
6/17: Rbot-AY Exploits OS Vulnerabilities
W32/Rbot-AY is a worm and backdoor that spreads by exploiting various operating system vulnerabilities, weak passwords on shares and SQL servers and backdoors opened by other worms and Trojans.
6/17: Agobot-KB Exploits Passwords
W32/Agobot-KB is a backdoor Trojan and worm that spreads to computers protected by weak passwords.
Newcomer Zafi-B Cracks Top 5
Only a week old, Zafi-B is spreading wildly around the world, working itself into the Top Five ranking of the Most Dangerous Malware.
6/17: Argen Is Malware Joke
Argen is a malware type joke.
6/17: Download.Ject Installs File
Download.Ject is a Trojan horse that attempts to download and install a file by exploiting a vulnerability in Internet Explorer.
6/17: Sdbot.RZ Uses NetBEUI Functions
Worm_Sdbot.RZ is a memory-resident worm that spreads through network shares.
Symbol Buys Trio Security
Three-factor encryption technology comes to Symbol handheld devices.
Honeypots Let You Spy on Your Enemy
What's one of the first tenets of warfare? Know your enemy. Well, one of the authors of a new book tells eSecurityPlanet that using honeypots is one of the best ways to do just that.
6/16: Download.Ject Installs File
Download.Ject is a Trojan that attempts to download and install a file on a compromised system by exploiting a vulnerability in Internet Explorer.
6/16: Korgo-H Exploits LSASS Flaw
W32/Korgo-H is a member of the W32/Korgo family of network worms that propagates using the LSASS exploit (TCP port 445).
6/16: Rbot-AV Spreads to Remote Shares
W32/Rbot-AV is a worm that attempts to spread to remote network shares.
6/16: Agobot-WR Attacks Weak Passwords
W32/Agobot-WR is an IRC backdoor Trojan and network worm.
Do-Not-Spam List Great For Spammers
After a six-month study, the FTC updates Congress on the National Do Not E-Mail registry. Hint: It's not a good thing.
6/16: Boxed-A, B Launch DoS Attacks
Trojan.Boxed.A and B variants are Trojan horses that perform a Denial of Service (DoS) attack on certain Web sites.
615: Paps.A@mm Disguised as Attachment
W32.Paps.A@mm is a mass-mailing worm that sends itself as an attachment to the email addresses that it finds on a computer.
Cell Phone Virus Ringing
First mobile phone worm squirms through Symbian OS.
6/15: EPOC.Cabir Spreads Via Bluetooth
EPOC.Cabir is a proof-of-concept worm that replicates on Nokia Series 60 phones.
6/15: Rbot-AS Attacks Weak Passwords
W32/Rbot-AS is a worm that attempts to spread to remote network shares.
6/15: Rbot-AQ Uses Remote Shares
W32/Rbot-AQ is a worm that attempts to spread to remote network shares.
Windows SP2 Comes Closer with RC 2
Microsoft reveals code for its oft-delayed second release candidate to developers ahead of the summer deadline for the finished product.
6/15: StartPage Changes Browser Settings
StartPage is a trojan that when executed, modifies certain Internet Browser settings.
Buffer Overflows Patched in RealPlayer
A buffer overflow vulnerability in RealNetworks' flagship RealPlayer software could put millions of users at risk of PC takeover.
6/14: Plexus.a@mm, Plexus.b@mm Spreading
W32/Plexus.a@MM and its b variant are worms that propagate through different vectors.
6/14: Qhosts.apd a Modified Hosts File
Qhosts.apd is a modified HOSTS file.
6/14: Dansh.worm!irc an IRC Bot
W32/Dansh.worm!irc is an IRC bot that is intended to propagate via various mechanisms.
6/14: Korgo.G Exploits LSASS Flaw
Worm_Korgo.G, previously detected as Worm_Korgo.F, propagates by exploiting a flaw in the Windows LSASS (Local Security Authority Subsystem Service), which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system.
6/14: Spybot-CO Spreads via KaZaA Network
W32/Spybot-CO is a P2P worm that spreads via the KaZaA file sharing network.
The Real Threats to Security are Changing
Today, the threats to our online activities are shifting. eSecurityPlanet's new columnist, Bob Hillery, takes a look at the changing threats and what we should be doing about them.
6/14: Zafi.B Now a High-Level Threat
According to data from PandaLabs, the Zafi.B worm, first detected last week, is now spreading widely around the world.
Has Julian Haight Gone Straight?
Executive Tech columnist Brian Livingston chats with Julian Haight, controversial director of spam-blocking system SpamCop, about the value of and problems with 'blocklists'.
6/14: Sober-H Emails Messages in German
Troj/Sober-H emails messages in German to addresses found in files on the hard disk.
6/11: Pam.worm Written in Delphi
W32/Pam.worm is a floppy worm written in Delphi.
6/11: Rbot-AE Uses Remote Shares
W32/Rbot-AE is a worm that attempts to spread to remote network shares.
6/11: Sasser.G Exploits LSASS Flaw
W32.Sasser.G is a minor variant of W32.Sasser.Worm.
6/11: W32/Zafi-B Sets Registry Entry
W32/Zafi-B is a peer-to-peer (P2P) and email worm that will copy itself to the Windows system folder as a randomly named EXE file and set the following registry entry to ensure that it will be run on system restart.
6/10: X97M.Crex Infects Spreadsheets
X97M.Crex is a macro virus that infects Microsoft Excel 97 (and later) spreadsheets.
Open Source CVS Flaw Sparks Use Audits
After new breaches found in CVS, open source community mulls how extensively they use the online repository.
6/10: VB_Pub.A Spreads Via Email
VB_Pub.A is malicious Visual Basic (VB) script that spreads via email.
6/10: Downloader-LB Being Spammed
Downloader-LB is a trojan believed to have been Spammed to many users as an attachment 'Clock.exe.'
Zero-Day Exploit Targets IE Flaws
Browser vulnerabilities carry an 'extremely critical' rating and is being exploited to launch adware on infected machines.
6/10: Agobot-XX Exploits Bad Passwords
W32/Agobot-XX is capable of spreading to computers on the local network protected by weak passwords.
6/10: Agobot-JX Targets MyDoom Infections
W32/Agobot-JX is a backdoor Trojan and worm that spreads to computers protected by weak passwords and to computers infected with variants of W32/MyDoom.
6/10: Downloader-KP Arrives in File
Downloader-KP is not an email virus.
6/10: Agobot-JT Allows Unauthorized Access
W32/Agobot-JT is a backdoor worm that runs in the background as a system process and allows unauthorized remote access to the computer.
6/9: W32.Tubty.A@mm Uses SMTP Engine to Mail Itself
W32.Tubty.A@mm is a mass-mailing worm that uses its own SMTP engine to send itself to all the contacts in the Windows Address Book.
6/9: Downloader.GK a 'High Threat'
Panda Software Wednesday issued a high threat alert for Downloader.GK, a Trojan that downloads and runs adware programs on the affected computer.
6/9: Korgo-I Exploits LSASS to Spread
W32/Korgo-I is a member of the W32/Korgo network worms family that propagates by using the LSASS exploit.
6/9: Rbot.AF Uses NetBEUI Functions
Worm_Rbot.AF is a worm that spreads through network shares.
Oracle Fixes E-Business Suite Flaw
US-CERT warns that attackers could exploit the vulnerability and execute arbitrary SQL statements.
6/9: BackDoor-AET is C++ Trojan
BackDoor-AET is a remote access trojan written in Microsoft Visual C++.
6/9: Agobot-JP Hits Weak Passwords
W32/Agobot-JP is a backdoor Trojan and worm that spreads to computers protected by weak passwords.
6/9: Rbot-AA Spreads to Remote Shares
W32/Rbot-AA is a worm that attempts to spread to remote network shares.
6/9: Gletta.A Steals Banking Information
Trojan.Gletta.A is a Trojan horse that steals Internet banking passwords.
Threat Heightened for Korgo Family
Report comes out warning that the creator of the Korgo family of worms seems to be carrying out experments with new variants aimed at catching users off guard while aiming to cause a serious epidemic.
Exec Talks about Growing Security Pressures
IT administrators and security officers are under a lot more pressure than ever before. Ken Xie, president of Fortinet Inc., talks to eSecurityPlanet about the added workload and what can be done to make the job a little easier.
6/8: Trojan.Dingsta.A Logs Keystrokes
Trojan.Dingsta.A is a keylogger that tries to log keystrokes that are typed in open Web browser windows.
Bagle-AA Called 'Very Aggressive'
Bagle-AA has moved up the ranks to become the fifth most dangerous malware roaming the Internet.
6/8: StartPA-AE Changes IE Settings
Troj/StartPa-AE changes browser settings for Microsoft Internet Explorer each time Windows is started.
6/8: Keylog-Dingxa Captures Keystrokes
Keylog-Dingxa is a keylogging Trojan that captures keystroke information on the victim machine.
6/8: Spybot-CC Uses Kazaa P2P to Spread
W32/Spybot-CC is a backdoor Trojan and worm that spreads via file sharing on Kazaa P2P networks and by copying itself to network shares that have weak password protection on the $ADMIN share.
Nine out of 10 U.S. Emails Now Spam
Spam levels have reached new heights -- or lows as the case may be. Nine out of 10 emails traveling across the U.S. are spam, according to a new report.
Spam-Fighting Theories Far From Practice
Gartner says filters, sender authentication-reputation initiatives not likely to provide short-term relief.
6/8: Korgo-G & H Exploit LSASS Flaw
Security vendors Tuesday issued alerts for the G and H variants of the Korgo worm, a network worm that uses the LSASS exploit to propagate.
6/8: Dumaru-AK Drops Itself Into Win Folder
W32/Dumaru-AK consists of a dropper and a number of dropped files.
6/7: Spybot-BZ Copies Itself to Folder
W32/Spybot-BZ attempts to copy itself to CRCSSV.EXE in the Windows system folder.
6/7: Backdoor.Ducy Grants Remote Access
Backdoor.Ducy is a backdoor program designed to grant unauthorized access via MSN Messenger.
Immunize Your Servers Against Attack
A security company is shipping today new software it claims will better protect your servers against hacker attacks -- whether or not you've installed the latest patches from Microsoft.
6/7: Unknown Trojan Executes VB Script
During Sunday and Monday, MessageLabs reported intercepting several copies of a new, multi-stage Trojan whose name is unknown.
The Deadly Duo: Spam and Viruses, May 2004
The spam volume remains unchanged over the month, but Internet users don't have reason to celebrate, as the plateau is not indicative of an imminent decline in unwanted messages.
Reacting to Attacks Dooms Us to Failure
eSecurityPlanet's new columnist Ken van Wyk talks about the way we defend ourselves from attack. Reacting to a situation isn't working, and it hasn't been working for some time. Van Wyk says it's time we get proactive.
6/7: Mitglieder.L Creates Email Relay
Trojan.Mitglieder.L is a Trojan horse program that allows a compromised system to be used as an email relay, according to Symantec, which issued an alert Monday.
6/7: Sdbot-DB Allows Access Via IRC
W32/Sdbot-DB is a network worm and IRC backdoor Trojan that runs in the background as a service process and allows unauthorized remote access to the computer via IRC channels.
6/7: Rainwash Copies to Kazaa Folder
W32.Rainwash is a worm that propagates by copying itself to the Kazaa shared folder.
Look Out For 3-Headed Plexus Worm
A patch Microsoft issued in April could fend off the malicious mutant.
6/4: Aladinz-R Lets Remote Attacker In
Backdoor.IRC.Aladinz.R is a backdoor server that allows a remote attacker to obtain access to your computer.
6/4: Korgo-A Uses LSASS to Spread
W32/Korgo-A is a network worm using the LSASS exploit to propagate, according to Sophos, which issued an alert Friday.
6/4: Korgo-D Attacks Buffer Overrun
Worm_Korgo.D is a member of the KORGO family of worms, which propagates by exploiting a buffer overrun vulnerability in the Windows LSASS (Local Security Authority Subsystem Service).
6/4: Korgo-F Allows Remote Control
To propagate this worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system.
6/4: Worm_Korgo.G Exploits Windows Flaw
Worm_Korgo.G propagates by exploiting a flaw in the Windows LSASS (Local Security Authority Subsystem Service), which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system.
6/4: Plexus-A Travels Network Shares
Worm_Plexus.A arrives via network shares, and takes advantage of the Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability in Windows.
6/4: Agobot-JM an IRC Bot
W32/Agobot-JM is a member of the W32/Agobot family of network worms and backdoor Trojans that exploits a number of known vulnerabilities and is also able to function as an IRC bot.
Broadcom Makes Storage Security Standard
Broadcom has unveiled storage management software that puts the company at the forefront of vendors addressing storage security concerns.
Could Arrests Slow Torrent of Virus Attacks?
After weathering a storm of viruses last month, security analysts are hoping that June isn't hit nearly as hard. But they're not getting their hopes too high.
6/4: Agobot.300544 a Memory Resident
Worm/Agobot.300544 is a memory resident Internet worm that spreads by capitalizing on various Microsoft vulnerabilities, as well as through network shares.
Sasser Still Battering Networks Globally
The Sasser worm continues to raise its ugly head, battering enterprise and home user networks around the globe.
Security Bug in Linksys Wireless-G Router
The flaw carries a 'moderately critical' rating and could give malicious hackers administrative access to vulnerable devices.
6/3: Rbot-94208 Uses mIRC to Spread
Worm/Rbot.94208 is an Internet worm that spreads through the use of the mIRC network.
6/3: Rbot-Y has Backdoor Trojan
W32/Rbot-Y is a worm that attempts to spread to remote network shares, according to Sophos, which issued an alert Thursday.
6/3: Korgo.E Exploits Buffer Overrun Bug
Worm_Korgo.E is a member of the Korgo family of worms, which propagates by exploiting a buffer overrun vulnerability in the Windows LSASS (Local Security Authority Subsystem Service).
6/3: Korgo-G Surfaces to a Low Alert
W32.Korgo.G is a minor variant of W32.Korgo.C, according to Symantec and McAfee, which issued low-level alerts Thursday.
6/3: Agobot-SU Controlled by IRC Bot
Worm_Agobot.SU is a memory-resident worm that spreads through network shares.
Learn the Basics of Handheld Security
While PDA and smartphone security is often a forgotten piece of the security infrastructure, these devices have the ability to transmit and receive viruses, and can be exploited in numerous ways. In this article, the first in a series on the subject, we provide a general overview of PDA security and discuss vulnerabilities, products, security issues, and policies.
6/3: Korgo-D Attacks LSASS Exploit
W32/Korgo-D is a variant of the W32/Korgo-C network worm and backdoor that propagates by using the LSASS exploit, according to Sophos, which issued an alert Thursday.
Netsky-P Still Top Threat After 4 Months
Netsky-P, first discovered March 22, has a new trick up its sleeve. Thousands of reports are in that the worm now is disguising itself as a Harry Potter Computer game.
6/2: Korgo-F Threat Level Heightened
Because of a flood of submissions in the past 12 hours, at least one anti-virus company has raised the threat level on Korgo-F.
6/2: Agobot-SG Targets Weak Passwords
W32/Agobot-SG is a backdoor Trojan and network worm that can spread by copying itself to network shares with weak passwords and may attempt to spread using the DCOM RPC and/or RPC locator vulnerabilities, according to Sophos, which issued an alert Wednesday.
6/2: Korgo-D Exploits Buffer Overrun
Worm_Korgo.D is a worm that propagates by exploiting the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system.
6/2: Korgo-F Exploits Windows Bug
W32.Korgo.F is a minor variant of W32.Korgo.E, according to Symantec, which issued an alert Wednesday.
6/2: Rbot-X Connects to Remote Server
W32/Rbot-X is an IRC backdoor Trojan and network worm, according to Sophos, which issued an alert Wednesday.
6/2: W64_Rugrat.A Targets 64-Bit Systems
W64_RUGRAT.A is a file infector that targets 64-bit systems and infects 64-bit .EXE files by appending its code to the host PE (Portable Executable) file.
6/2: Three Korgo Variants Hit the Wild
McAfee issued alerts for three variants of the Korgo worm: W32/Korgo.worm.f and the c and e variants, all of which are self-executing worms that spread by exploiting a Microsoft Windows vulnerability.
6/2: Backdoor-CBA Installs Itself in 'Run' Key
Backdoor-CBA is a Trojan that when run, installs itself in the 'Run' key as SCHECK to be loaded on next restart.
We've Made Some Changes to eSecurityPlanet
We have added a few things to eSecurityPlanet -- changes designed to give you more information, faster.
AT&T on DoS: Early Detection Equals Prevention
The carrier introduces a new service to thwart denial-of-service attacks in corporate systems.
6/2: IRC-Scanbot Has Share-Hopping Capabilities
IRC-Scanbot is an IRC bot Trojan that has share-hopping and remote access functionality.
Netsky-Z 'ZIPs' Through Perimeter
Netsky-Z, discovered April 21, 2004, uses a ZIP file to evade corporate perimeter protection.
Netsky-D Ranked as High Risk
The D-variant of the Netsky family has become one of the most problematic bugs roaming the Internet.
6/1: Lamud-A Spreads Via Network Shares
Worm_Lamud.A is a worm that spreads via network shares, according to Trend Micro, which issued an alert Tuesday.
'Critical' CVS Heap Overflow Flaw Patched
Security researchers have discovered a heap overflow vulnerability in Concurrent Versions System (CVS), the source code maintenance system used to power open-source software development projects.
Financial Firms in Hackers' Crosshairs
IT security attacks on some of the world's leading financial institutions more than doubled from last year, according to a new survey from Deloite & Touche.
- What are the top Android security apps?
- What are the top Android security risks?
- What are today's top cyber threats?
- What's the most secure way to delete data?
- How does hard drive encryption work?
- Is old software inherently insecure?
- Are Macs immune to malware?
- How can BYOD risk be managed?
- Which web browser is the most secure?
- How do I protect my iOS device?
- What are the top iPhone security apps?
- How do I secure my wireless network?
- Are public Wi-Fi hotspots safe?
