What’s Up?

Ok, there were no much entries these past days and I want to share some updates.



  • There’s another variant of the W97M_DLOADER, detected as W97M_DLOADER.BVS, which arrives as a .doc file attached to spammed email. It drops a Trojan downloader which is also detected as TROJ_DLOADER.BVS.


  • Mac OS X 10.4.7 Update

    This update fixes multiple vulnerabilities found in version 10.4.6 and below.

    AFP : (CVE-ID: CVE-2006-1468)
    – File and folder names may be disclosed to unauthorized users

    ClamAV: (CVE-ID-2006-1989)
    – When virus scanning is configured to update automatically, a malicious database mirror may cause arbitrary code execution

    ImageIO: (CVE-ID-2006-1469)
    – Viewing a maliciously-crafted TIFF image may result in an application crash or arbitrary code execution

    Launchd: (CVE-ID-2006-1471 )
    – Local users may gain elevated privileges

    OpenLDAP: (CVE-ID-2006-1470)
    – Remote attackers may cause Open Directory server to crash


    You may get your updates by visiting Apple’s support page.


    References:




  • An IRC bot, to be detected as BKDR_IRCBOT.CR, targeting the irc.shadowfire.org IRC server submitted to the Service team for further analysis and detection.