Microsoft has released version 2.0 of the Windows XP Security Guide

The Microsoft Windows XP Security Guide provides several levels of security guidance for customers interested in hardening deployments of Windows XP for desktop and laptop clients in their environment.

Also, version 1.2 of the Antivirus Defense-in-Depth Guide is also available.

Symantec Corp. announced on Tuesday that it has discovered the first "proof of concept" virus targeting AMD’s 64-bit processors.
The virus is similar to the proof-of-concept Rugrat virus, named Shruggle. Like Rugrat, Shruggle does not spread from machine-to-machine, but infect only one system at a time, targeting 64-bit executable files.

The virus is written in AMD64 assembly code, said Symantec Analysts, meaning it will not be a threat to 32-bit versions of Windows.
"Shruggle is a fairly simple proof-of-concept virus," said Oliver Friedrichs, Senior Manager, Symantec Virus Response Team, "to show that the AMD platform is just as susceptible to attack as any other platform."

VCatch 5.0.21.2 is a new, free tool, developed to protect your computer from web viruses. Whether you use an Email application, Web based Email, ICQ, or one of the new file-sharing programs (Napster, Gnutella etc.),

AIM has a critical vulnerability that could allow attackers to compromise your computer and execute malicious code on it. The vulnerability is a buffer overflow within the handling of the "Away" messages which can be easily exploited. According to the Secuin.com advisory: "A malicious Web site can exploit this via the AIM URI handler by passing an overly long argument to the 'goaway?message' parameter," the advisory said. "Successful exploitation may allow execution of arbitrary code on a user's system when ? a malicious Web site is visited with certain browsers." Read more..

Microsoft has released an updated removal tool for the Mydoom, Zindos, and Doomjuice worms

This tool will help to remove the Mydoom.A, Mydoom.B, Mydoom.E, Mydoom.F, Mydoom.G, Mydoom.J, Mydoom.L, Mydoom.O, Zindos.A, Doomjuice.A, and Doomjuice.B worms from infected machines.

Microsoft has released revision 1.3 of the Windows Server 2003 Security Guide.

The 50 latest Virus/Trojan Removal tools from Symantec are listed. You should always update your antivirus program with the latest updates because almost every day new virus threats come and go. Great news for people who dont have any scanner installed, there are enough virus/trojan removal tools available to remove those nasty infected files. Tools available for: Klez virus, Bugbear virus, Sobig virus, Blaster virus, Sober virus, Mydoom virus and many many more! (Total of 50)

The Microsoft Windows security updates for July 2004 address newly discovered issues in Windows, including Microsoft Internet Explorer and Microsoft Outlook Express, both components of Windows. If you have any of the software listed on this page installed on your computer, you should visit the Windows Update Web site to install related updates.2 of them are critical. Visit Microsoft for more informations.

Thanks to Jim McMahon over at MajorGeeks.com for the heads up.

This may be of interest to your users. Basically it is a remover for The Home Search Random DLL Hijack. To our knowledge it is the only tool that will remove this particular p[parasite.

Security firms and Homeland Security within the U.S is warning everyone of a new large scale attack on the Internet that's currently under way. Security firms say that thousands of web sites have already been infected by a virus. If a user goes to a web site which has been infected, the user will become infected if running Internet Explorer. The virus takes advantage of an exploit in Internet Explorer, an exploit that Microsoft has yet to fix. Once a end-user has been infected with the virus, their computer will be used to send spam to millions of people. NetSec, one of the large security firms, said there are some well known sites already infected but they declined to name the affected Web sites for liability reasons but said they are "big, big sites." Read more

A new virus is out that affects only cell phones and is probably the first known mobile virus. According to Kaspersky Labs, an anti-virus firm, the new virus called "Cabir" infects cell phones running the Symbian Operating System. The new virus was written by 29a, a group of virus writers that specializes in proof-of-concept viruses. The virus spreads thru a wireless Bluetooth connection and attempts to find other phones with the Symbian operating system. Read More..

Messenger Plus Zone reports that on 6/11/04 at around 6:30PM Eastern Standard Time, Messenger Plus! Zone obtained a copy of a file ("SWMPplugin.exe") that is known as Backdoor.Prorat (Symantec). The trojan was circulated as a Messenger Plus! Plugin that add's new sounds, and after receiving this file it was processed and scanned and it is a dangerous backdoor. The Trojan can allow a hacker to gain complete control of your computer. The trojan HAS been reported to Patchou.

RealNetworks Inc. has recently been made aware of security vulnerabilities that could potentially allow an attacker to run arbitrary code on a user's machine. While we have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks Inc. Real has found and fixed the problem.

Security Update 2004-06-07 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:

DiskImages LaunchServices Safari Terminal

This update delivers a number of security enhancements and is recommended for all Macintosh users.

www.cdfreaks.com
*Update* Due to the reactions below and the fact that I posted this story, I did a spyware experiment. I cleaned my system with both Spybot Search and Destroy and Adaware 6 with latest updates. Then I set a restore point, then installed the program. I was greeted with no less than 34 entries and two new folders! The worst piece was Virtual Bouncer - extortion ware. From the Spyware-Guide website:

Danger Level: 4 [Explain]
Official Description: Claims to be an adware remover.

Highly critical security bug was discovered in Internet Explorer. One can create a web page which after loading in IE causes corruption of the registry with IE Entries and according to our tests also its crash.

Instructions for patching and cleaning vulnerable Windows 2000 and Windows XP systems:

Vulnerable Windows 2000 and Windows XP machines may have the LSASS.EXE process crash every time a malicious worm packet targets the vulnerable machine which can occur very shortly after the machine starts up and initializes the network stack.

When cleaning a machine that is vulnerable to the Sasser worm it is necessary to first prevent the LSASS.EXE process from crashing, which in turn causes the machine to reboot after a 60 second delay. This reboot cannot be aborted on Windows 2000 platforms using the Shutdown.exe or psshutdown.exe utilities and can interfere with the downloading and installation of the patch as well as removal of the worm.

W32.Sasser.Worm is a worm that attempts to exploit the MS04-011 vulnerability. It spreads by scanning randomly-chosen IP addresses for vulnerable systems. make sure you installed the MS04-011 Patch.

Hackers have broken into some of the world's most powerful computer clusters in recent weeks in an apparently coordinated cyberattack targeting research and academic institutions.

Although officials sought Wednesday to play down the seriousness of the threats, some security experts warned that such a break-in could potentially enable a serious attack on the Internet.

Stanford University, the San Diego Supercomputer Center and the University of Illinois' National Center for Supercomputing Applications were among the systems hit.

Also affected was TeraGrid, a government-funded effort to link together several supercomputers, including those at San Diego and NCSA, so scientists can better crunch data for weather forecasting, astronomy and medicine.