This update delivers a number of security enhancements and is recommended for all Macintosh users.

www.cdfreaks.com
*Update* Due to the reactions below and the fact that I posted this story, I did a spyware experiment. I cleaned my system with both Spybot Search and Destroy and Adaware 6 with latest updates. Then I set a restore point, then installed the program. I was greeted with no less than 34 entries and two new folders! The worst piece was Virtual Bouncer - extortion ware. From the Spyware-Guide website:

Danger Level: 4 [Explain]
Official Description: Claims to be an adware remover.

Highly critical security bug was discovered in Internet Explorer. One can create a web page which after loading in IE causes corruption of the registry with IE Entries and according to our tests also its crash.

Instructions for patching and cleaning vulnerable Windows 2000 and Windows XP systems:

Vulnerable Windows 2000 and Windows XP machines may have the LSASS.EXE process crash every time a malicious worm packet targets the vulnerable machine which can occur very shortly after the machine starts up and initializes the network stack.

When cleaning a machine that is vulnerable to the Sasser worm it is necessary to first prevent the LSASS.EXE process from crashing, which in turn causes the machine to reboot after a 60 second delay. This reboot cannot be aborted on Windows 2000 platforms using the Shutdown.exe or psshutdown.exe utilities and can interfere with the downloading and installation of the patch as well as removal of the worm.

W32.Sasser.Worm is a worm that attempts to exploit the MS04-011 vulnerability. It spreads by scanning randomly-chosen IP addresses for vulnerable systems. make sure you installed the MS04-011 Patch.

Hackers have broken into some of the world's most powerful computer clusters in recent weeks in an apparently coordinated cyberattack targeting research and academic institutions.

Although officials sought Wednesday to play down the seriousness of the threats, some security experts warned that such a break-in could potentially enable a serious attack on the Internet.

Stanford University, the San Diego Supercomputer Center and the University of Illinois' National Center for Supercomputing Applications were among the systems hit.

Also affected was TeraGrid, a government-funded effort to link together several supercomputers, including those at San Diego and NCSA, so scientists can better crunch data for weather forecasting, astronomy and medicine.

TrendLabs has declared a Yellow Alert to control the spread of PE_BAGLE.Q. TrendLabs has received numerous infection reports of this malware spreading in Korea and Japan.

This new BAGLE variant is capable of infecting files. It propagates via email in two ways. The first is by sending emails, which do not have an attachment. Instead it contains a link, which upon opening the email, starts a series of events that eventually downloads this file infector into the system. The second is that the email may contain varying subjects, message bodies, and attachment file names, just like its earlier variants.

BetaNews: Just two days after portions of the Windows 2000 Service Pack 1 source made its way onto the Internet, the first exploit to take advantage of bugs discovered in the now opened code has appeared on security mailing lists. The vulnerability lies in Internet Explorer's handling of bitmap images. With a specially created bitmap, a remote user can cause a buffer overflow and execute arbitrary code on a target system. The author of the report, which was seemingly posted with malicious intent, indicates the flaw was uncovered when analyzing the file "imgbmp.cxx" within the Windows source code.

WinHelpLine.info bietet auf ihrer Homepage eine sehr gute FAQ zum Wurm 'MyDoom', der laut Kaspersky Labs die Liste der meist verbreiteten Malware mit fast 80% anführt. Es wird Hilfestellung in folgenden Bereichen gegeben:
- Wie können Sie sich vor diesem Virus schützen?
- Wie können Sie feststellen, dass ihr Computer von Mydoom.B infiziert ist?
- Was sollten Sie tun, wenn Ihr Computer infiziert ist? Zu finden ist diese FAQ HIER.

Trivial file spoofing in Internet Explorer 6.0.2800.1106 and all of 'its' patches to date on WIN XP [probably others]: Content-Disposition: attachment; filename=malware.{3050f4d8-98B5- 11CF-BB82-00AA00BDCE0B}fun_ball_gites_pie_throw%2Empeg"

Die Mailingliste Full Disclosure dokumentiert ein weiteres Sicherheitsloch im Internet Explorer, das nach einem ähnlichen Muster arbeitet wie der kürzlich bekannt gewordene Ordner-Bug in Windows XP. Ein Angreifer kann dem Internet Explorer Dateien mit falschen Endungen unterschieben, so dass ein Opfer vermeintlich sichere Dateien öffnet und so womöglich gefährlichen Programmcode ausführt. Mehr Infos

Symantec Security Response has developed a removal tool to clean W32.Novarg.A@mm infections.

Also known as: W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky]

W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.

Microsoft Internet Security and Acceleration (ISA) Server 2004 is the advanced application layer firewall, VPN, and Web cache solution that enables customers to easily maximize existing IT investments by improving network security and performance. ISA Server 2004 Beta allows you to preview the upcoming functionality in this upcoming version.

Just days after it first surfaced, the MyDoom worm has become the fastest spreading computer virus in history. MyDoom's payload is far from innocuous, too. When opened, the virus installs a stealth program on the victim's computer that opens up a software "back door." Attackers can then bypass the PC's security and turn the system into a bounce point, or proxy, for any network-based attack. More at TechReport

Computer security experts fear a new worm - Bagle-A - which began spreading rapidly across Australian email overnight could be a rehearsal for a more concerted worldwide attack in coming weeks. According to Daniel Zatz, security director for Computer Associates Australia, Bagle-A carries an expiry date, possibly indicating more robust versions of the worm could be slated for release soon - drawing comparison to the Sobig worm.

Die Computerwoche berichtet, das der AntiViren Hersteller Trend Micro vor dem Mail-Wurm "Bagle.A", der alle Windows-Versionen befällt, warnt.
Der Wurm ist mit der Betreffzeile "Hi" und dem Text "Yep, Test" und einer zufälligen Datei im Anhang zu erkennen.

Buffer Overrun in MDAC Function Could Allow Code Execution (832483) An attacker who successfully exploited this vulnerability could gain the same level of privileges over the system as the program that initiated the broadcast request. The actions an attacker could carry out would be dependent on the permissions under which the program using MDAC ran. If the program ran with limited privileges, an attacker would be limited accordingly; however, if the program ran under the local system context, the attacker would have the same level of permissions. Get more informations and download over here

Die Site Operash weist auf einen Fehler im Web-Browser Opera hin, der es Angreifern erlaubt, beliebige Dateien auf einem anfälligen System zu löschen. Betroffen ist Opera für Windows in der Version 7 bis einschließlich 7.22, 7.23 ist nicht betroffen, das berichtet das Internetmagazin Golem, welches zusätzlich noch mehr Informationen über das Problem hat.

"Mimail.I" tarnt sich als E-Mail vom Paypal-Kundendienst Die Antiviren-Spezialisten H+BEDV Datentechnik und Bitdefender warnen Windows-Anwender vor einer neuen Variante des Mimail-Wurms. Der Internet-Wurm verbreite sich über E-Mail an alle Adressbuch-Kontakte eines infizierten Rechners. Von dem seit der vergangenen Woche als Mimail.H aktiven Wurm liegt jetzt die schädlichste Variante vor: Mimail.I. H+BEDV geht davon aus, dass der Wurm die "Testphase" beendet habe und jetzt ernsthaften Schaden anrichten kann. Anwender, die über das Zahlungssystem "Paypal" abrechnen, sollten daher jetzt besonders vorsichtig sein: Der Wurm tarne sich als Aufforderung des populären Online-Bezahldienstes, Mitgliederdaten inklusive Kreditkartennummern zu aktualisieren.

As a extension of the 2 x $250.000 bounty on the releasers of Blaster and SoBig, Microsoft is now setting up a virus-hunting fund with a initial donation of $5 million including the 2 x $250.000, so its bigger than first assumed. Microsoft will work together with law enforcement to track down the creators of Virii, worms and other forms of malicious code. It will be exciting to see if this has any effect on the amounts of attacks on the security of Microsoft's products.

Quote: "These are not just Internet crimes, cybercrimes or virtual crimes. These are real crimes that disrupt the lives of real people," Brad Smith, general counsel at Microsoft, said in a press conference.

Read more on CNet.