Ok, there were no much entries these past days and I want to share some updates.
- There’s another variant of the W97M_DLOADER, detected as W97M_DLOADER.BVS, which arrives as a .doc file attached to spammed email. It drops a Trojan downloader which is also detected as TROJ_DLOADER.BVS.
- Mac OS X 10.4.7 Update
This update fixes multiple vulnerabilities found in version 10.4.6 and below.
AFP : (CVE-ID: CVE-2006-1468)
– File and folder names may be disclosed to unauthorized users
ClamAV: (CVE-ID-2006-1989)
– When virus scanning is configured to update automatically, a malicious database mirror may cause arbitrary code execution
ImageIO: (CVE-ID-2006-1469)
– Viewing a maliciously-crafted TIFF image may result in an application crash or arbitrary code execution
Launchd: (CVE-ID-2006-1471 )
– Local users may gain elevated privileges
OpenLDAP: (CVE-ID-2006-1470)
– Remote attackers may cause Open Directory server to crash
You may get your updates by visiting Apple’s support page.
References:
- http://www.apple.com/support/downloads/
- http://docs.info.apple.com/article.html?artnum=303973
- http://www.securityfocus.com/bid/18686/info
- http://www.apple.com/support/downloads/
- An IRC bot, to be detected as BKDR_IRCBOT.CR, targeting the irc.shadowfire.org IRC server submitted to the Service team for further analysis and detection.
