Small News

This worm arrives

The latest version of Firefox 2.0 has a

It creates the following registry entries to enable its automatic execution at every system startup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Task Manager = “%Windows%\system\svchost32.exe”
Svchost = “%Windows%\system\svhost.exe”

Secunia has reported a CRITICAL Security Flaws in Apple Mac OS X.LMH has reported a vulnerability in Mac OS X, which potentially can be exploited by malicious, local users to gain escalated privileges or

This Trojan runs on Windows 98, ME, NT, 2000, XP, and Server 2003 and Create this entry in registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List
{Malware path and file name} = “{Malware path and file name}:*:ENABLED:0″
Technorati Tags: TROJ_YABE.AK, Trojan

Entry created by this Malware:
Windows startup:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Ttool = “%Windows%\9129837.exe”

Windows NT, 2000, XP, and Server 2003
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\hide_evr2
ImagePath = “%Windows%\HIDE_EVR2.SYS”
DisplayName = “!!!!”

It will connect to this website
http://81.95.{BLOCKED}.107/cgi-bin/options.cgi

NOTE:Scan your computer every week

Tag:BKDR_AGENT.FBB

According to symantec the risk is very low .

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
W32.Realor is a virus that spreads by infecting *.rm and *.rmvb files on network shares.

W32.Realor

Google Spreads Worm Virus to Google Video Group
“On Tuesday evening, three posts were made to the Google Video Blog-group that should not have been posted…This has now been addressed and fixed. Still, some of these posts may have contained a virus called W32/Kapser.A@mm – a mass mailing worm. If you think you have downloaded this [...]

ADW_WEBSEARCH.K

This adware application is a .DLL file that arrives on a system packaged with the MyWebSearch.com toolbar installer. It installs components, including an application that displays pop-up advertisements depending on an affected user’s browsing habits.

Installation and Autostart Techniques

This memory-resident worm propagates by dropping copies of itself in shared network drives.
It steals login information and saves the obtained data in a file, which can be retrieved by a remote user. Its keylogger component substitutes the standard Microsoft Graphical Identification and Authentication DLL (MSGINA.DLL) to carry out its information-stealing routine.
This worm has backdoor capabilities [...]

The W32/Stration.dr virus drops the mass mailing worm W32/Stration@MM. that uses its own SMTP engine to

send itself to the email addresses that it harvests on the infected computer. The W32/Stration.dr is written using Microsoft Visual C++ and also contains functionality to connect to a remote web server to download a file.
McAfee
Technorati Tags: W32/Stration.dr, antivirus, [...]

PGP Universal Gateway Email provides centrally managed, standards-based email encryption to secure email communication with customers and partners. Based on highly configurable encryption rules, emails are secured as they enter and leave the enterprise network.

Robert Lemos, SecurityFocus 2006-10-03
Two presenters razzed developers of the open-source Mozilla browser this weekend at the ToorCon hacking convention in San Diego with claims that the browser’s Javascript implementation is flawed, but the lecture appears to have been more stand-up comedy routine than substantiative research.
SecurityFocus 2006-10-03 

Discovered: October 3, 2006
Updated: October 3, 2006 04:40:32 PM GDT
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
W32.Imaut.A is a worm that spreads via Yahoo! Instant Messenger and Microsoft Windows Live Messenger. The worm may attempt to download remote files on the compromised computer.
Source