[helpc] TR : Symantec Security Response - April 2002 Newsletter
- From: "Shaka( Rudy)" <strub.rudy@xxxxxxxxx>
- To: <helpc@xxxxxxxxxxxxx>
- Date: Tue, 23 Apr 2002 22:14:26 +0200
--->>>
Shaka( Rudy)
HelPC list owner
shaka.rudy@xxxxxxxxx
-----Message d'origine-----
De : SARC-HTML-l [mailto:sarc@xxxxxxxxxxxx]
Envoyé : lundi 22 avril 2002 5:58
À : SARC-HTML-L@xxxxxxxxxxxxxxxxxxxx
Objet : Symantec Security Response - April 2002 Newsletter
symantec <http://www.symantec.com/> TM
symantec security response
ISSN 1444-9994
April 2002 Newsletter
These are the most common Viruses, Trojans and Worms reported to
Symantec Security Response during the last month.
_____
Country Spotlight
United Kingdom
<http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html>
JS.Exception.Exploit
<http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan
.html> Backdoor.Trojan
<http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@xxxx
tml> W32.Klez.E@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@
mm.html> W32.Badtrans.B@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@xxxxxx
l> W32.Gibe@mm
<http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html>
W95.Hybris.worm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399
21@xxxxxxx> W32.Magistr.39921@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm
@mm.html> W32.Sircam.Worm@mm
<http://securityresponse.symantec.com/avcenter/venc/data/trojan.horse.ht
ml> Trojan Horse
<http://securityresponse.symantec.com/avcenter/venc/data/js.seeker.html>
JS.Seeker
<http://securityresponse.symantec.com/avcenter/venc/data/trojan.horse.ht
ml>
<http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan
.html>
_____
Top Global Threats
<http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html>
JS.Exception.Exploit
<http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@xxxx
tml> W32.Klez.E@mm
<http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html>
W95.Hybris.worm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399
21@xxxxxxx> W32.Magistr.39921@mm
<http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan
.html> Backdoor.Trojan
<http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@
mm.html> W32.Badtrans.B@mm
<http://securityresponse.symantec.com/avcenter/venc/data/trojan.horse.ht
ml> Trojan Horse
<http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@xxxxxx
l> W32.Gibe@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm
@mm.html> W32.Sircam.Worm@mm
<http://securityresponse.symantec.com/avcenter/venc/data/vbs.haptime.a@m
m.html> VBS.Haptime.A@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.
html>
Asia Pacific
<http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html>
JS.Exception.Exploit
<http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@xxxx
tml> W32.Klez.E@mm
<http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html>
<http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html>
W95.Hybris.worm
<http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan
.html> Backdoor.Trojan
<http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html>
<http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm
@mm.html> W32.Sircam.Worm@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@
mm.html> W32.Badtrans.B@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399
21@xxxxxxx> W32.Magistr.39921@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@xxxxxx
l> W32.Gibe@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399
21@xxxxxxx>
<http://securityresponse.symantec.com/avcenter/venc/data/vbs.haptime.a@m
m.html> VBS.Haptime.A@mm
<http://securityresponse.symantec.com/avcenter/venc/data/trojan.horse.ht
ml> Trojan Horse
Europe, Middle East & Africa
<http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@xxxx
tml> W32.Klez.E@mm
<http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html>
JS.Exception.Exploit
<http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@
mm.html> W32.Badtrans.B@mm
<http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html>
W95.Hybris.worm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@
mm.html>
<http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399
21@xxxxxxx> W32.Magistr.39921@mm
<http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan
.html> Backdoor.Trojan
<http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399
21@xxxxxxx>
<http://securityresponse.symantec.com/avcenter/venc/data/trojan.horse.ht
ml> Trojan Horse
<http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm
@mm.html> W32.Sircam.Worm@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@xxxxxx
l> W32.Gibe@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm
@mm.html>
<http://securityresponse.symantec.com/avcenter/venc/data/vbs.haptime.a@m
m.html> VBS.Haptime.A@mm
Japan
<http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@xxxx
tml> W32.Klez.E@mm
<http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html>
JS.Exception.Exploit
<http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@
mm.html> W32.Badtrans.B@mm
<http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html>
W95.Hybris.worm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@
mm.html>
<http://securityresponse.symantec.com/avcenter/venc/data/w32.fbound.gen@
mm.html> W32.FBound.gen@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@
mm.html> W32.Badtrans.B@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@xxxxxx
l> W32.Gibe@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@
mm.html>
<http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.
html> W32.Nimda.enc
<http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan
.html> Backdoor.Trojan
<http://securityresponse.symantec.com/avcenter/venc/data/w32.aliz.worm.h
tml> W32.Aliz.Worm
The Americas
<http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html>
JS.Exception.Exploit
<http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html>
W95.Hybris.worm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@xxxx
tml> W32.Klez.E@mm
<http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html>
<http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399
21@xxxxxxx> W32.Magistr.39921@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@xxxxxx
l> W32.Gibe@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399
21@xxxxxxx>
<http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan
.html> Backdoor.Trojan
<http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399
21@xxxxxxx>
<http://securityresponse.symantec.com/avcenter/venc/data/trojan.horse.ht
ml> Trojan Horse
<http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399
21@xxxxxxx>
<http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@
mm.html> W32.Badtrans.B@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm
@mm.html> W32.Sircam.Worm@mm
<http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.
html> W32.Nimda.enc
<http://www.symantec.com/avcenter/venc/data/w32.annoying.worm.html>
_____
<http://securityresponse.symantec.com/avcenter/venc/data/wscript.kakworm
.html>
Removal Tools for malicious code are on our
<http://securityresponse.symantec.com/avcenter/tools.list.html> web site
<http://securityresponse.symantec.com/avcenter/hoax.html>
A list of Virus Hoaxes
<http://securityresponse.symantec.com/avcenter/hoax.html>
reported to Symantec
A list of Joke
<http://securityresponse.symantec.com/avcenter/jokes.html> Programs
reported to Symantec.
Glossary <http://securityresponse.symantec.com/avcenter/refa.html> for
definitions of viruses, Trojans and worms and more.
_____
This month we had W32.MyLife and W32.Gibe peaking at around the same
time in the second week of March. This was an unwelcome coincidence and
whilst it rapidly increased the number of customer sample submissions we
received the Digital Immune System coped very well.
We had a mix up with the naming of W32.FBound.gen@mm, in the process of
getting detection out as soon as possible. We all focussed on the
analysis and not the name, which caused some debate in some of the
public anti-virus online forums about the naming standards in use. I
must say that whilst I agree it's important to get names correct it
humours me to see us spending more time discussing the names of threats
than it takes to do the detection and roll out the update. :)
This month has seen the faltering of a keystone of the product testing
framework of the anti-virus industry with the announcement that The
Wildlist (http://www.wildlist.org) may have to cease operation due to
lack of funds. The Wildlist has been used as the benchmark to test
anti-virus software against for many years and has contributors from
many prominent individuals and organisations. Each of these contributors
reports the names of viruses reported to them to The Wildlist who then
collates this information to produce monthly-consolidated virus
prevelance reports. The is good news though, apparently there is a
certain amount of industry support and the April Wildlist will be
published.
David Banes.
Editor, securitynews@xxxxxxxxxxxx
Viruses, Worms & Trojans
W32.MyLife
Moderate [3] Threat
Win32
Global Infection breakdown by geographic region
% of Total
America (North & South)
70.2%
EMEA (Europe, Middle East, Africa)
22.7%
Japan
0.7%
Asia Pacific
6.4%
Date
% Reports
8 Mar
9 Mar
10 Mar
11 Mar
12 Mar
13 Mar
14 Mar
15 Mar
16 Mar
17 Mar
12.0%
1.9%
4.7%
25.2%
19.6%
14.0%
7.5%
7.0
0.5%
1.4%
W32.MyLife@mm is a simple mass-mailer that sends itself to all contacts
in the Microsoft Outlook address book. The worm is a compiled Visual
Basic executable that has been compressed. It attempts to delete files
that have the extensions .com, .sys, .ini, .exe, .sys, .vxd, .exe, or
.dll. (This could not be reproduced in a controlled test environment.).
There are several variants of this worm, W32.MyLife.B@mm,
W32.MyLife.C@mm, D, E and F, G, H and J.
http://securityresponse.symantec.com/avcenter/venc/data/w32.mylife@xxxxx
ml
Douglas Knowles
Symantec Security Response, USA
W32.Gibe@mm
Moderate [3] Threat
Win32
Global Infection breakdown by geographic region
% of Total
America (North & South)
67.4%
EMEA (Europe, Middle East, Africa)
24.6%
Japan
3.4%
Asia Pacific
4.6%
Date
% Reports
5 Mar
8 Mar
10 Mar
11 Mar
12 Mar
13 Mar
14 Mar
15 Mar
18 Mar
24 Mar
0.3%
5.9%
10.4%
14.7%
16.4%
12.7%
4.6%
3.1%
2.2%
0.4%
W32.Gibe@mm is a worm that uses Microsoft Outlook and its own SMTP
engine to spread. This worm arrives in an email message--which is
disguised as a Microsoft Internet Security Update--as the attachment
Q216309.exe. The worm also attempts to copy itself to all locally mapped
remote drives.
The fake message, which is not from Microsoft, has the following
characteristics:
From: Microsoft Corporation Security Center
Subject: Internet Security Update
Message:
Microsoft Customer,
this is the latest version of security update, the update which
eliminates all known security vulnerabilities affecting Internet
Explorer and MS Outlook/Express as well as six new vulnerabilities
.
.
How to install
Run attached file q216309.exe
How to use
You don't need to do anything after installing this item.
.
.
Attachment: Q216309.exe
The attached file, Q216309.exe, is written in Visual Basic; it contains
other worm components inside itself.
http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@xxxxxxx
Gor Nazaryan
Symantec Security Response, USA.
W32.FBound.gen@mm
Moderate [3] Threat
Win32
Global Infection breakdown by geographic region
% of Total
America (North & South)
18.7%
EMEA (Europe, Middle East, Africa)
40.6%
Japan
19.4%
Asia Pacific
21.2%
Date
% Reports
17 Mar
18 Mar
19 Mar
20 Mar
21 Mar
22 Mar
23 Mar
26 Mar
30 Mar
4 Apr
1.9%
16.8%
17.1%
11.8%
7.1%
8.1%
5.0%
4.0%
2.2%
1.6%
This is a mass-mailing worm that uses the infected computer's SMTP
server to send itself to all addresses in the Windows address book. It
contains no payload. The email arrives with an attachment named
Patch.exe. For addresses ending in .jp (Japan), there are 17 Japanese
language subjects, one of which is randomly chosen each time
<http://securityresponse.symantec.com/avcenter/venc/data/w32.fbound.gen@
mm.html>
http://securityresponse.symantec.com/avcenter/venc/data/w32.fbound.gen@m
m.html
Peter Ferrie
Symantec Security Response, APAC
Linux.Jac.8759
Very Low [1] Threat
Linux
Linux.Jac.8759 is a virus that infects files under Linux. The virus
infects ELF executables that exist in the same directory as the virus.
When Linux.Jac.8759 is executed, it starts by checking all files that
are in the same directory as the one from which the virus was executed.
If it finds executable files that have write permission, it attempts to
infect them. The virus will not infect files that end with the letters
ps, nor will it infect files that were not created for the x86 (Intel)
platform.
The virus modifies several fields in the header of the file. One of the
modifications is used as an infection marker. This check prevents the
virus from infecting a file multiple times.
<http://securityresponse.symantec.com/avcenter/venc/data/linux.jac.8759.
html>
http://securityresponse.symantec.com/avcenter/venc/data/linux.jac.8759.h
tml
Neal Hindocha
Symantec Security Response, EMEA.
Security Advisories
Zlib compression library double free bug could allow arbitrary code
High [4] Risk
Various
There is a programming error in the zlib compression library used by
many versions of software. Under the proper circumstances an attacker
may be able to manipulate a system call in such a manner as to create a
denial of service condition or potentially allow arbitrary code to be
run on the targeted system. Such code would run with the permissions of
the affected program to include root.
The zlib compression library is an open-source loss less
data-compression library that can be used on virtually any computer
hardware and operating system to provide in-memory compression and
decompression functions. Zlib has been ported and modified to work on a
wide variety of operating systems and applications.
A bug in the zlib compression library has been posted and widely
discussed that can cause programs linked to zlib to be vulnerable. Under
certain circumstances segments of dynamically allocated memory may be
attempted to be de-allocated (freed up) twice, i.e., a specially crafted
segment of compressed data can cause an allocated chunk of memory that
is freed or de-allocated by a system call to return an unexpected memory
error. A subsequent system call then attempts to free the same chunk of
memory a second time. In most instances, this will result in a denial of
service when the application crashes. However, there is a potential that
this vulnerability could be manipulated by an attacker to run arbitrary
code with the permission of the affected application. If the application
runs with privileged access this could result in a critical compromise
of the targeted system.
This vulnerability potentially affects a multitude of operating systems
and applications that either contain the zlib application or dynamically
link to the zlib application.
Not all affected applications have been found and patched yet. There is
a partial list of over 500 know zlib applications located at
http://www.gzip.org/zlib/apps.html. If you do not know or if you suspect
you may be using a vulnerable version of zlib, Symantec recommends
contacting your vendor for update information.
More informnation and recommendations are available here;
<http://securityresponse.symantec.com/avcenter/venc/data/linux.jac.8759.
html>
http://securityresponse.symantec.com/avcenter/security/Content/1720index
.html
<http://securityresponse.symantec.com/avcenter/security/Content/1720inde
x.html>
Microsoft Virtual Machine multiple flaws allow malicious control
High [4] Risk
Win32
Two vulnerabilities exist in the Microsoft Virtual Machine (VM)
implementation. The first, which affects users who access the Internet
through a proxy server, may permit a malicious applet to redirect Web
traffic to another destination or record unencrypted confidential
information that is sent during the Internet session. The second affects
Java applets and may permit an attacker to gain control of a user's
computer.
The Microsoft VM runs Java code in an operating environment that, for
security, is isolated from the computer on which it is run. Microsoft
Virtual Machine is supplied for Windows 95, 98, ME, NT 4.0, 2000, and
XP. It is also available as part of Internet Explorer 6 and earlier.
The first vulnerability was reported on March 4, 2002. Because both
concern the Microsoft VM, Microsoft modified the vulnerability on March
18, 2002 after discovering the second critical flaw. The flaws affect
Microsoft VM Build 3802 and earlier.
The first vulnerability, which only affects computers that utilize a
proxy server, lies in how Java requests for proxy resources are handled.
This flaw affects not only Microsoft VM, but others as well. (See the
References for details.) When exploited, a malicious applet could
redirect Web traffic to a destination of the attacker's choice. The
attacker could then take control and discard the user's session to
simulate a denial of service (DoS) or search for the user's session for
unencrypted confidential data.
Microsoft's best practices strongly recommend using SSL to encrypt
sensitive information such as user names, passwords, and credit card
numbers. If done, sensitive information is protected from examination
and disclosure by an attacker exploiting this vulnerability.
The second vulnerability lies in the Microsoft VM verifier and may
enable an attacker to execute code in the context of the user outside of
the security of the Virtual Machine. This flaw only affects Java
applets, not Java applications. To exploit the vulnerability, the
attacker lures the victim to a site where the malicious applet resides.
Once the victim is compromised, the attacker can execute any action on
the victim's computer that the victim could. These actions include
creating, deleting, or modifying files, sending and receiving data to or
from a Web site, or even reformatting the victim's hard drive.
More informnation and recommendations are available here;
<http://securityresponse.symantec.com/avcenter/venc/data/linux.jac.8759.
html>
http://securityresponse.symantec.com/avcenter/security/Content/1685index
.html
<http://securityresponse.symantec.com/avcenter/security/Content/1685inde
x.html>
Various Buffer Overflows and vulnerabilities.
Various
Various
CDE dtspcd Buffer Overflow
Exploit to a buffer overflow vulnerability in most versions of the CDE's
Subprocess Control Service dtspcd daemon. Successful exploitation of
this vulnerability could provide root access to the malicious user.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0803
HTTP IIS ISAPI Extension
This exploit attempts to overflow the buffer in the ISAPI extensions of
the IIS server. Successful exploitation of this vulnerability allows
remote attackers to execute arbitrary commands via a long argument to
Internet Data Administration (.ida) and Internet Data Query (.idq) files
such as default.ida.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0500
MSIE Pop Up Object Tag Bug
Vulnerabilities exist in Internet Explorer 5.5 and 6.0 wherein the
Javascript object handler allows remote access to locally stored
objects. By referencing a known registry key, or identifying executable
code on the local hard drive, the remote attacker can execute code on
the browsing computer.
SNMP Community BO
Vulnerabilities exist in multiple vendors' implementations of simple
network management protocol version 1 (SNMPv1) wherein the SNMP
community name buffer may be overrun. This vulnerability may cause
routers, switches, and managed hubs to perform erratically, or to stop
processing altogether. Carefully crafted exploits may give
administrator-level control of a router or computer to the attacker.
This alert may also indicate a pre-strike probe using the Uolu
University SNMPv1 vulnerability assessment tool, Protos.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013
Wuftpd Site Exec Overflow
Washington University's FTP server versions 2.6.0 and 2.6.1 have a file
globbing heap address error in the server that potentially may allow an
attacker to execute a buffer overflow in the Site Exec command and gain
root level access to the server.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0550
Enterprise Security News Clips
Visit the Symantec Enterprise Security Web Site -
http://enterprisesecurity.symantec.com/
Recent Enterprise Security News headlines include:
Workers Are No. 1 Threat to Russia's IT;
The Moscow Times
http://enterprisesecurity.symantec.com/content.cfm?articleid=1264
Security Researcher Uncovers Two Office XP Flaws;
InfoWorld Daily News
http://enterprisesecurity.symantec.com/content.cfm?articleid=1263
Filtering Porn; Librarians in Court Over Internet Law;
Newsday (New York, NY)
http://enterprisesecurity.symantec.com/content.cfm?articleid=1255
Get the latest Enterprise Security News delivered straight to your
inbox.Register for Symantec's free Enterprise Security newsletters.
https://enterprisesecurity.symantec.com/Content/Subscribe.cfm
Security News
Symantec Contribution to Microsoft Security Operations Guide
Symantec is pleased to collaborate with Microsoft on their Security
Operations Guide. The Security Operations Guide is an excellent set of
specific configuration recommendations that if followed will result in
formidable security for Windows server platforms. Below is a set of
information security articles written by Symantec security experts that
expand on key points within the Security Operations Guide. Symantec
products play a key role in building a defense-in-depth security
posture. The security principles and recommendations outlined in the
Security Operations Guide and the following articles are best managed by
Symantec product solutions.
As part of our commitment to the Windows platform, Symantec Security
Response has created seven new Enterprise Security Manager? policies to
cover many of the recommendations covered in the Security Operations
Guide for Windows 2000 Servers, Windows 2000 ADS, Windows 2000
Professional, Windows NT 4 PDC, Windows NT 4 Server, and Windows NT 4
Workstations. These policies were developed from industry recognized
best practices and from guidelines in the Security Operations Guide.
These Symantec Enterprise Security Manager? policies are free to
Enterprise Security Manager? maintenance paying customers.
Enterprise Security Manager? Windows Policies
<http://securityresponse.symantec.com/avcenter/security/Content/windows.
os.hardening.policies.html>
http://securityresponse.symantec.com/avcenter/security/Content/windows.o
s.hardening.policies.html
Symantec Security Articles
General information security articles that elaborate on Security
Operations Guide recommendations:
Fundamentals of Information Security (80-20 Rule)
<http://securityresponse.symantec.com/avcenter/security/Content/security
.articles/fundamentals.of.info.security.html>
http://securityresponse.symantec.com/avcenter/security/Content/security.
articles/fundamentals.of.info.security.html
Defense in Depth Benefits
<http://securityresponse.symantec.com/avcenter/security/Content/security
.articles/defense.in.depth.html>
http://securityresponse.symantec.com/avcenter/security/Content/security.
articles/defense.in.depth.html
Corporate Security Policy
<http://securityresponse.symantec.com/avcenter/security/Content/security
.articles/corp.security.policy.html>
http://securityresponse.symantec.com/avcenter/security/Content/security.
articles/corp.security.policy.html
Microsoft Security Operations Guide
Review Microsoft's Security Operations Guide.
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secu
rity/prodtech/windows2000serv/staysecure/default.asp>
http://www.microsoft.com/technet/treeview/default.asp?url=
/technet/security/prodtech/windows2000serv/staysecure/default.asp
Contacts and Subscriptions:
Correspondence by email to: <mailto:securitynews@xxxxxxxxxxxx>
securitynews@xxxxxxxxxxxx, no unsubscribe or support emails please.
Follow <http://securityresponse.symantec.com/avcenter/newsletter.html>
this link to subscribe or unsubscribe
<http://securityresponse.symantec.com/avcenter/newsletter.html>
http://securityresponse.symantec.com/avcenter/newsletter.html Send virus
samples to: <mailto:avsubmit@xxxxxxxxxxxx> avsubmit@xxxxxxxxxxxx
Disclaimer- THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY.
This message contains Symantec Corporation's current view of the topics
discussed as of the date of this document. The information contained in
this message is provided "as is" without warranty of any kind, either
expressed or implied, including but not limited to the implied
warranties of merchantability, fitness for a particular purpose, and
freedom from infringement. The user assumes the entire risk as to the
accuracy and the use of this document. This document may not be
distributed for profit.
Symantec and the Symantec logo are U.S. registered trademarks of
Symantec Corporation. Other brands and products are trademarks of their
respective holder(s). (c) Copyright 2002 Symantec Corporation. All
rights reserved. Materials may not be published in other documents
without the express, written permission of Symantec Corporation.
Other related posts:
- » [helpc] TR : Symantec Security Response - April 2002 Newsletter
