Microsoft urges update for flaws

Microsoft is urging Windows users to update their systems with the latest security patches it has released to fix three critical flaws in its software, BBC News reports.

The flaws mostly affect Windows 2000 and Internet Explorer. Users with updated Windows Server 2003 and XP systems are not as much at risk.

If left unplugged, the flaws could allow hackers and virus writers to take control of personal computers remotely.

Graham Cluley, senior technology consultant at net security firm Sophos, said that Windows users should "sit up, listen and take action."

"Although we have seen no malicious code in the wild yet which exploits these critical security holes in Microsoft's code, we have seen malicious worms and hackers follow these announcements very soon after the vulnerability's disclosure."

Read the full story:
http://news.bbc.co.uk/1/hi/technology/4138674.stm


Massive identity theft ring uncovered
Online August 9, 2005

Security firm Sunbelt Software claims to have uncovered a huge identity theft ring that appears to be using a spyware program to steal confidential information from computers, ZDNet UK reports.

Sunbelt Software said the operation, which is being investigated by the FBI and Secret Service, is gathering personal data from "thousands of machines" using keylogging software. The data collected includes credit card details, social security numbers, usernames, passwords, IM chat sessions and search terms. Some of the data gathered is then saved in a file hosted on a US-based server that has an offshore-registered domain.

"The types of data in this file are pretty sickening to watch," said Sunbelt president Alex Eckelberry. "In a number of cases, we were so disturbed by what we saw that we contacted individuals who were in direct jeopardy of losing a considerable amount of money."

The operation appears to be linked to CoolWebSearch (CWS), a malicious program that hijacks Web searches and disables security settings in the Internet Explorer browser.

Read the full story:
http://news.zdnet.co.uk/internet/sec...9212451,00.htm


Microsoft's "honeymonkeys" discover 750 malicious Web pages
Online August 9, 2005

Microsoft's experimental Honeymonkey project has found more than 750 Web pages that attempt to load malicious code onto visitors' computers and detected an attack using a vulnerability that had not been publicly disclosed, SecurityFocus reports.

Known more formerly as the Strider Honeymonkey Exploit Detection System, the project uses automated Windows XP clients to surf questionable parts of the Web looking for sites that compromise the systems without any user interaction. In the latest experiments, Microsoft has identified 752 specific addresses owned by 287 Web sites that contain programs able to install themselves on a completely unpatched Windows XP system.

Honeymonkeys, a name coined by Microsoft, modify the concept of honeypots--computers that are placed online and monitored to detect attacks.

"The honeymonkey client goes (to malicious Web sites) and gets exploited rather than waiting to get attacked," said a Microsoft spokesperson.

Read the full story:
http://www.securityfocus.com/news/11273


Windows 2000 wide open
Online August 4, 2005

A serious flaw has been discovered in a core component of Windows 2000, with no possible work-around until it gets fixed, ZDNet UK reports.

The vulnerability in Microsoft's operating system could enable remote intruders to enter a PC via its IP address, Marc Maiffret, chief hacking officer at eEye Digital Security said. As no action on the part of the computer user is required, the flaw could easily be exploited to create a worm attack, he noted.

What may be particularly problematic with this unpatched security hole is that a work-around is unlikely. "You can't turn this [vulnerable] component off. It's always on. You can't disable it. You can't uninstall," Maiffret said.

eEye declined to give more details on the flaw or the Windows 2000 component in question. As part of company policy, it does not release technical details of the vulnerabilities it finds until the software's maker has released either a patch or an advisory.

The vulnerabilities affect Windows 2000, but Maiffret noted eEye is still conducting tests, and he anticipates other versions of Microsoft's OS is likely to be affected.

Read the full story:
http://news.zdnet.co.uk/internet/sec...9212012,00.htm


Read more news at http://www.bullguard.com/news
'till next week
The BullGuard Team

BullGuard Limited, 823 Salisbury House, 29 Finsbury Circus, EC2M 5QQ London, United Kingdom