Ok, there were no much entries these past days and I want to share some updates.
- There’s another variant of the W97M_DLOADER, detected as W97M_DLOADER.BVS, which arrives as a .doc file attached to spammed email. It drops a Trojan downloader which is also detected as TROJ_DLOADER.BVS.
- Mac OS X 10.4.7 Update
This update fixes multiple vulnerabilities found in version 10.4.6 and below.AFP : (CVE-ID: CVE-2006-1468)
– File and folder names may be disclosed to unauthorized users
– When virus scanning is configured to update automatically, a malicious database mirror may cause arbitrary code execution
– Viewing a maliciously-crafted TIFF image may result in an application crash or arbitrary code execution
Launchd: (CVE-ID-2006-1471 )
– Local users may gain elevated privileges
– Remote attackers may cause Open Directory server to crash
You may get your updates by visiting Apple’s support page.
- An IRC bot, to be detected as BKDR_IRCBOT.CR, targeting the irc.shadowfire.org IRC server submitted to the Service team for further analysis and detection.