>From Information Week Daily (an IT Services news letter)
- TOP STORIES -
** Dangerous New Virus, Same Old Hole
An old and well-known security flaw in Microsoft's Internet
Explorer is continuing to cause problems, as a new worm that
exploits the flaw spreads on the Internet.
The worm, known as W32/BadTrans.B-mm, has been spotted in 50
countries, and is propagating rapidly, says Dave White,
technical manager for security company MessageLabs. It takes
advantage of a well-publicized hole in Explorer, the same
vulnerability used by the Nimda virus, which infected millions
of computers earlier this fall.
A previous version of the worm, BadTrans.A, spread in April,
infecting users who opened an infected E-mail attachment, but
the new variant can infect users who merely read or preview the
message in Microsoft's Outlook E-mail program. Once activated,
the virus spreads by both replying to unread messages in the
user's mailbox and mailing everyone in the recipient's address
book. It also installs a Trojan-horse key-logging program on
the user's computer, which collects confidential information
like passwords and E-mails them to another address.
"We're getting hit quite hard," says Russ Cooper, surgeon
general for security firm TruSecure Corp. He says that a patch
for the IE vulnerability has been available since March, but
that home users in particular have been slow to update their
security. "Unless they've had a bad experience before, they
haven't learned what they should and shouldn't do," he says.
"The average person doesn't even know that these things exist,
so adoption is going to be slow." - David M. Ewalt
For more virus coverage, see
Virus Definition Update Rings False Alarm On Nimda
http://update.informationweek.com/cgi-bin4/flo?y=eE260BdQNV0V20aAT0AX
New, Slower Version Of Nimda Worm Spreads
http://update.informationweek.com/cgi-bin4/flo?y=eE260BdQNV0V20Zgm0AT
Rikk Rogers - RK Lion LTD.
416 S 4th St
Ponca City OK. 74601-5335
(580)762-3157 rkltd@swbell.net
http://home.swbell.net/rkltd/
-M35A2- -M38- MVPA -22345-
This archive was generated by hypermail 2b29 : Fri Dec 07 2001 - 00:37:00 PST