Zotob worm hole also affects Windows XP

The plug-and-play vulnerability that caused havoc for Windows 2000 users last week also holds a serious risk for some Windows XP users, CNET reports.

It was previously thought that only Windows 2000 machines were vulnerable to remote attack using the plug-and-play flaw. However, computers running Windows XP with Service Pack 1 in a specific configuration are vulnerable to worm attacks similar to the ones that hit Windows 2000 systems, Microsoft said in a security advisory published Tuesday.

Also vulnerable are systems that run Windows XP with SP1 with file and printer sharing and the Windows guest user account enabled, according to Microsoft. This would likely be home users, because PCs are not vulnerable if connected to a network domain, which is common in business environments, Microsoft said.

Read the full story:
http://news.com.com/Zotob+worm+hole+...tml?tag=cd.top

Read Microsoft's security advisory:
http://www.microsoft.com/technet/sec...ry/906574.mspx


300,000 unique spyware sites
Online August 23, 2005

According to a study by anti-spyware software developer Webroot Software, the number of websites distributing spyware has quadrupled since the beginning of 2005 to 300,000 unique URLs as spyware purveyors grow their distribution channels and enter new markets, The Register reports.

Meanwhile the number of spyware traces in Webroot's spyware definition database has doubled to over 100,000 since the start of the year.

"Unlike virus writers who are motivated by personal pride or a desire for notoriety, spyware purveyors are motivated by profit ? whether it?s a penny per pop-up or a keylogger that captures valuable account information," said C. David Moll, chief exec of Webroot Software.

Four in five (80 per cent) of consumer and corporate PCs are infected with spyware, according to Webroot.

The majority of spyware is coming from the US, with Poland coming in second and the Netherlands third.

Read the full story:
http://www.theregister.co.uk/2005/08...pyware_report/


Worm steals Priston Tale gamers' data
Online August 24, 2005

Players of the fantasy role-playing game Priston Tale have suffered a nasty attack of reality after virus writers created a worm programmed to steal their usernames, passwords and data, The Register reports.

The worm - dubbed PrsKey.A - waits for users to enter either Priston Tale or the Yahoo! email system before capturing keystrokes and sending data back to hackers. It is programmed to spread via network shares but other propagation mechanisms, such as tricking fans into downloading the malware, may also be in play.

Antivirus experts reckon that the malware is being used to rake in money rather than rack up high scores.

"More malware is being written that not only causes disruption, but also steals registration keys, passwords and data from players of computer games," said Graham Cluley, senior technology consultant for Sophos. "In many cases the virtual weapons, cash and armour needed for such games are then sold in the real world, where there's a growing demand from online gaming fanatics. If gamers buy these virtual goods online they should be careful not to purchase them from internet criminals."

Read the full story:
http://www.theregister.co.uk/2005/08...ole_play_worm/


Microsoft warns of unpatched flaw
Online August 20, 2005

Microsoft is investigating an IE security bug amid fears that a hacker attack based on the vulnerability is imminent. A flaw in Microsoft DDS Library Shape Control COM object (msdds.dll) is at the centre of the security flap, The Register reports.

Security researchers warn that msdss.dll might be called from a webpage loaded by Internet Explorer and crash in such a way that it would allow hackers to inject potentially hostile code into vulnerable systems.

US-CERT warns that exploit code to do this is already available but Microsoft said it's not aware of any attacks.

No patch is available but Microsoft has posted an advisory detailing possible workarounds. These include disabling ActiveX controls, setting the kill bit for msdds.dll and unregistering msdds.dll.

Use of an alternative browser (such as Firefox, Opera) is also an option.

Read the full story:
http://www.theregister.co.uk/2005/08...exploit_fears/

Read Microsoft's security advisory:
http://www.microsoft.com/technet/sec...ry/906267.mspx


Read more news at http://www.bullguard.com/news
'till next week


The BullGuard Team
BullGuard Limited, 823 Salisbury House, 29 Finsbury Circus, EC2M 5QQ London, United Kingdom