Updated Thursday, Nov. 3, with additional information on the Mitglieder spread.
Cisco patches IOS flaw
Attackers could launch malicious code by exploiting a heap-based buffer overflow flaw in Cisco's Internetwork Operating System (IOS). But the San Jose, Calif.-based networking giant has a patch to fix it. In an advisory, Cisco said it discovered the problem during further research into another vulnerability it patched earlier this year. The earlier flaw became the focus of controversy in July after Michael Lynn, a former employee with Internet Security Systems, demonstrated how to exploit it at the Black Hat Briefings in Las Vegas.
"Cisco addressed the IPv6 (Internet Protocol version 6) attack vector used in that demonstration in a separate advisory published July 29," the company said. IPv6, designed by the Internet Engineering Task Force (IETF) to replace IPv4, is at the heart of the latest flaw as well. "A vulnerability exists in the processing of IPv6 packets," Cisco said. "Crafted packets from the local segment received on logical interfaces [that is, tunnels including 6-to-4 tunnels] as well as physical interfaces can trigger this vulnerability. Successful exploitation of the vulnerability on Cisco IOS may result in a reload of the device or execution of arbitrary code. Repeated exploitation could result in a sustained [denial of service] attack or execution of arbitrary code on Cisco IOS devices."
The latest fix came on the heels of news that W32.Spybot.ZIF is actively scanning Telnet port 23 and HTTP port 80 for Cisco routers to infect. Meanwhile, Cisco announced a patch for a flaw in its Management Center software for configuring network IPS devices.
Mitglieder back for more trouble
Glendale, Calif.-based Panda Software warned users Wednesday to protect their machines against new variants of Mitglieder. The firm said in an e-mailed statement that the Trojan horse is causing a significant amount of trouble worldwide. "The avalanche of Mitglieder Trojans continues: over 30 countries are now affected by the different variants of this threat," the firm said in an update Thursday afternoon. "Four of the five variants (FK, FL, FM and FN) are among the six threats most frequently detected by Panda Software's online antivirus solution, Panda ActiveScan."
Panda added: "To avoid being affected by this threat, it is important to remember that this Trojan has been propagated in an e-mail message with a blank subject and with texts like 'Texte' or 'Info' in the message body. This message includes an attached file with a .zip extension and [names like] Health_and_knowledge, Sms_txt, Max, Business, The_new_price, Info_prices and Business_dealing. The compressed file contains an .exe file that, when run, installs the virus on the computer. When installed on a computer, the Trojan tries to download a file from a long list of URLs."
Microsoft acknowledges more patch problems
Microsoft said in two new advisories Wednesday that two recent security updates for Internet Explorer can break the functionality of Web sites that use certain custom applications. According to a report from CNET News.com, the problems come after installing patches the software giant issued in security bulletins MS05-038 [delivered in August] and MS05-052 [delivered in October].
Both fixes could tamper with the ActiveX controls used to boost the functionality of a Web site. The MS05-038 patch can also break Java applications, the news site reported. Once the patches are installed, certain custom applications will stop working in Internet Explorer, the software giant said. Microsoft has had to fix other glitches in recent patches. The company found that MS05-051, for example, blocked users from logging on to Windows, blocked certain applications from running or installing; kept the Windows firewall from starting; and emptied the network connections folder.
Microsoft unveils new AV/PV clean-up utility
Microsoft is including an antivirus and PC clean-up utility into the new Windows Live initiative. A beta version of the new Safety Center lets users run free Web-based computer scans to detect and extract malcode, eWeek reported. The Safety Center uses an ActiveX control to conduct scans and virus removals. It can also detect vulnerabilities on Internet connections, the report said. Meanwhile, the software giant is testing Windows OneCare, a bundled service for virus scanning, firewall protection, data backup and PC cleanup tools. Microsoft plans to sell it as a subscription service within Windows Live.