Symantec Security Response
Users running Symantec or Norton Anti-Virus products can use this link to update anti-virus files and to learn about the latest virus threats.

McAfee Security Headquarters
Users running McAfee Anti-Virus products can use this link to update anti-virus files and to learn about the latest virus threats.

Security Notifications:

July 22, 2004 -- Panda Software (Virus & Intrusion Prevention for your PC)
This glossary is a brief dictionary of some of the technical terms used when talking about computer viruses and antivirus programs. It will help users better understand how viruses work, their characteristics, they techniques they use to infect computers and transmit themselves, etc. MORE

June 1, 2004 -- Tips on creating and securing passwords
Tips for safeguarding your digital life: Create strong passwords

• Don't use easy-to-guess passwords such as "password," "1234," your username or any word that appearsin a dictionary.

• Don't use your pet's name, street address, date of birth, mother's maiden name, nickname or anything easily identifiable and thus easily guessed.

• Do combine numerals and letters. Use upper and lower cases along with special characters such as the exclamation point, if permitted.

January 15, 2004 -- How to Tell If a Microsoft Security-Related Message Is Genuine
Microsoft regularly sends e-mail to subscribers of it's security e-mail notification services when it releases a Microsoft Security Bulletin. Unfortunately, malicious individuals have been known to send bogus bulletins that appear to be coming from Microsoft, a tactic known as spoofing. Some of these messages lure recipients to malicious websites to download malicious code, while others include a file attachment containing a virus.

Learn What to Look For -- Fortunately, there are ways to spot the imposters. Here's how to verify that a Microsoft security-related message you receive is legitimate:

• The message contains no attachments. Authentic Microsoft Security Bulletin notifications never include software updates as attachments.

• The message is digitally signed. The Microsoft Security Response Center always signs its bulletin notifications before distributing them.

• The bulletin is listed on Microsoft.com. Microsoft never sends notices about security updates until after it publishes information about them on it's website.

FULL ARTICLE

Virus Alerts:

December 29, 2004
W32.Protoride.B is a worm that spreads through network shares and opens a backdoor that allows unauthorized access to a compromised computer. MORE

December 26, 2004
Perl.Santy.B is a worm written in Perl script that attempts to spread to Web servers running versions of the phpBB 2.x bulletin board software prior to 2.0.11, which are vulnerable to the PHPBB Remote URLDecode Input Validation Vulnerability (BID 11672). It uses AOL or Yahoo search to find potential new infection targets. MORE

December 19, 2004
W32.Mugly.C@mm is a worm that uses its own SMTP engine to spread by sending itself as an email attachment to addresses gathered from the compromised computer. The worm also drops and runs a W32.Spybot.Worm variant. MORE

December 11, 2004
VBS.Junkmail@mm is a generic VBS, mass-mailing worm, which copies itself to files on the C drive. MORE

December 3, 2004
W32.Mugly.A@mm is a worm that uses its own SMTP engine to spread by sending itself as an email attachment to the email addresses gathered from the infected computer. It also drops and runs a W32.Spybot.Worm variant, and may attempt to open a backdoor on the infected computer. MORE

July 22, 2004
Bagle.AH is a worm that affects Windows XP/2000/NT computers only. Bagle.AH opens and listens to a TCP port, waiting for remote connections. By doing so, it allows hackers to gain remote control over the affected computer in order to carry out malicious actions that would compromise user's confidentiality or impede normal work. MORE

June 8, 2004
W32.Svoy.A@mm is a mass mailing worm that uses Mapi.dll to send itself to the email addresses that it finds on your computer. The worm arrives in an email, with the subject line of "Message is not delivered" and a variable attachment name. The attachment will have a .exe file extension. MORE

June 7, 2004
Trojan.Mitglieder.L is a trojan horse program that allows a compromised system to be used as an email relay. Systems compromised in this way are often used to relay spam. Trojan.Mitglieder.L also terminates processes associated with various antivirus and security applications. MORE

June 3, 2004
Due to an increased rate of submissions, Symantec Security Response has upgraded this threat from a Category 2 to a Category 3 as of June 2, 2004. W32.Korgo.F is a minor variant of W32.Korgo.E. It is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (BID 10108) on TCP port 445. It also listens on TCP ports 113, 3067, and other random ports. MORE

May 5, 2004 -- Sasser worm rips through Internet
The fast-spreading computer worm Sasser has wreaked more havoc on computer users worldwide, affecting several businesses, banks and government offices, including Britain's Coastguard. Users of the Windows operating systems reported sluggish machines and computers that quit or rebooted for no reason. MORE

January 12, 2004
Trojan.Xombe is a Trojan horse that has at least two components: a 4,096 byte downloader and a 27,136 byte Trojan. The downloader component will retrieve the Trojan file from a predetermined Web site. The download component has been distributed in an unsolicited email, purporting to be a security update for Windows XP, sent by Microsoft.

The email has the following characteristics:

MORE