[virusinfo] Software vulnerabilities: an increasingly commo n means of infection for viruses - 05/25/04]

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Wed, 26 May 2004 15:53:04 -0700

From; Panada Oxygen3 24h-365d:

"Everything should be made as simple as possible, 
                          but not one bit simpler." 
           Albert Einstein (1879-1955); physicist and mathematician.  

                      - Software vulnerabilities: 
           an increasingly common means of infection for viruses -
  Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, May 25 2004 - Exploiting software vulnerabilities has become one of
the most important means for malicious codes to spread to as many computers
as possible. In today's Oxygen3 24h-365d we will look at how worms like
SQLSlammer, Blaster, Sasser... have managed to cause worldwide epidemics in
extremely short periods of time, by taking advantage of certain security
flaws and we'll examine the preventive action that users can take.

Software vulnerabilities can be defined as "flaws or security holes in a
program or IT system, often used by viruses as a means of infection or by
hackers to obtain unauthorized access to systems". In simpler terms, a
software vulnerability is a design flaw in one of the programs installed on
the computer,  which could allow a virus to carry out malicious actions
without the user having to open an infected e-mail, run suspicious files...
Software vulnerabilities can also open up a door for any malicious user that
wants to enter your computer.
 
Usually, when a software vulnerability is detected, the vendor of the
affected software releases a patch that fixes it. The problem arises when a
malicious user learns of the flaw and quickly develops an "exploit":  a
technique or program that takes advantage of a vulnerability and can be
incorporated into malicious codes.

Viruses designed to take advantage of software vulnerabilities have the
advantage  -from their creators' point of view- of spreading very quickly as
they carry out unusual actions. Sasser, for example, exploits the LSASS
buffer overrun vulnerability which allows malicious code to be run. Many
other viruses -like Blaster- do not need to use the more usual means of
propagation as they can get into computers directly through communication
ports. The possibilities are endless, and depend only on the type of
vulnerability exploited.

The best way to avoid the actions performed by this type of virus is to
install the patch that fixes the corresponding security hole. However, many
users, either due to lack of information, or due to the fact that they use
illegal software versions that prevent updates from being performed, do not
install patches, which leaves computers unprotected.

This is also known by creators of malicious code and explains why, once a
virus that exploits a certain vulnerability appears, many others follow.
This is why new worms keep appearing  -like some variants of Netsky- that
use the Iframe vulnerability, used by Klez.I, detected more than two years
ago. Likewise, since Sasser was released, many viruses have appeared which
also exploit the LSASS vulnerability: Cycle.A, Kibuv.A, and the variants A,
B and C of Bobax.

In any event, the best protection against software vulnerabilities is to
download the latest patches available to fix the application. For this
reason it is important to stay well-informed by periodically visiting the
websites of the vendors of the programs installed on your computer. It is
also useful to subscribe to computer security bulletins such as Panda
Software's Oxygen3 24h-365d.

For further information about these and other computer threats, visit Panda
Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia 

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------

The 5 viruses most frequently detected by Panda ActiveScan, 
Panda Software's free online scanner: 1)Netsky.P; 2)Briss.A; 
3)Sasser.ftp; 4)Qhost.gen; 5)Netsky.D.

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Software vulnerabilities: an increasingly commo n means of infection for viruses - 05/25/04]

1. Home
2. virusinfo
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---