virusinfo Digest Wed, 13 Apr 2005 Volume: 04 Issue: 100 In This Issue: [virusinfo] W32/Mytob-E [virusinfo] Troj/Bancos-CD [virusinfo] W32/Codbot-K [virusinfo] Address spoofing in various Microsoft mail clien [virusinfo] W32/Mytob-BA ---------------------------------------------------------------------- Date: Wed, 13 Apr 2005 10:05:07 -0700 From: "Mike" <mikebike@xxxxxxxxx> Subject: [virusinfo] W32/Mytob-E From; Sophos Alert System: Name: W32/Mytob-E Aliases: WORM_MYTOB.J, Net-Worm.Win32.Mytob.h, W32/Mytob.gen@MM Type: Win32 worm Date: 13 April 2005 A virus identity (IDE) file which provides protection is available now from the Sophos website, and will be incorporated into the June 2005 (3.94) release of Sophos Anti-Virus. Customers using EM Library, PureMessage or any of our Sophos small business solutions will be automatically protected at their next scheduled update. At the time of writing, Sophos has received a small number of reports of this worm from the wild. Note: The IDE issued for W32/Mytob-E at 08:15 GMT on 25 March also contained detection for W32/Mytob-F. This IDE has now been updated to enhance detection of W32/Mytob-E. Information about W32/Mytob-E can be found at: http://www.sophos.com/virusinfo/analyses/w32mytobe.html *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike ------------------------------ Date: Wed, 13 Apr 2005 10:08:09 -0700 From: "Mike" <mikebike@xxxxxxxxx> Subject: [virusinfo] Troj/Bancos-CD From; Sophos Alert System: Name: Troj/Bancos-CD Aliases: Trojan-Spy.Win32.Bancos.cr, TROJ_BANCOS.XZ Type: Trojan Date: 13 April 2005 A virus identity (IDE) file which provides protection is available now from the Sophos website, and will be incorporated into the June 2005 (3.94) release of Sophos Anti-Virus. Customers using EM Library, PureMessage or any of our Sophos small business solutions will be automatically protected at their next scheduled update. At the time of writing, Sophos has received a small number of reports of this Trojan from the wild. Information about Troj/Bancos-CD can be found at: http://www.sophos.com/virusinfo/analyses/trojbancoscd.html *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike ------------------------------ Date: Wed, 13 Apr 2005 15:51:16 -0700 From: "Mike" <mikebike@xxxxxxxxx> Subject: [virusinfo] W32/Codbot-K From; Sophos Alert System: Name: W32/Codbot-K Aliases: W32.Randex, Backdoor.Win32.Codbot.z, W32/Gaobot.worm.gen.q Type: Win32 worm Date: 13 April 2005 A virus identity (IDE) file which provides protection is available now from the Sophos website, and will be incorporated into the June 2005 (3.94) release of Sophos Anti-Virus. Customers using EM Library, PureMessage or any of our Sophos small business solutions will be automatically protected at their next scheduled update. At the time of writing, Sophos has received a small number of reports of this worm from the wild. Information about W32/Codbot-K can be found at: http://www.sophos.com/virusinfo/analyses/w32codbotk.html *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike ------------------------------ Date: Wed, 13 Apr 2005 17:24:20 -0700 From: "Mike" <mikebike@xxxxxxxxx> Subject: [virusinfo] Address spoofing in various Microsoft mail clients - 4/12/ From; Panda Oxygen3: "Every man is the son of his own works." Miguel de Cervantes Saavedra (1547-1616). Spanish writer - Address spoofing in various Microsoft mail clients - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, April 12, 2005 - A vulnerability has been reported in the email clients Microsoft Outlook and Microsoft Outlook Web Access, which could allow an attacker to easily spoof or hide the real address. Microsoft Outlook and Microsoft Outlook Web Access (OWA) are widely-used mail clients in corporate networks. The vulnerability lies in the handling of message headers and allows an attacker to spoof the 'From:' field displayed to the user. In the SMTP header, when the 'From:' field contains multiple addresses separated by commas, Outlook and OWA only display the first address. This flaw can be used to send spam or phishing mails. What's more, it can slip past message filtering rules that could be defined in the corporate server. Microsoft Outlook Express is not affected by this problem. ------------------------------------------------------------ The 5 most frequently detected viruses by Panda ActiveScan, Panda Software's free online scanner: 1)Mhtredir.gen; 2)Netsky.P; 3)Shinwow.E; 4)Sdbot.ftp; 5)Downloader.BTH. ------------------------------------------------------------ To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------ *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike ------------------------------ Date: Wed, 13 Apr 2005 19:22:26 -0700 From: "Mike" <mikebike@xxxxxxxxx> Subject: [virusinfo] W32/Mytob-BA From; Sophos Alert System: Name: W32/Mytob-BA Aliases: Net-Worm.Win32.Mytob.y Type: Win32 worm Date: 14 April 2005 A virus identity (IDE) file which provides protection is available now from the Sophos website, and will be incorporated into the June 2005 (3.94) release of Sophos Anti-Virus. Customers using EM Library, PureMessage or any of our Sophos small business solutions will be automatically protected at their next scheduled update. At the time of writing, Sophos has received no reports from users affected by this worm. However, we have issued this advisory following enquiries to our support department from customers. Information about W32/Mytob-BA can be found at: http://www.sophos.com/virusinfo/analyses/w32mytobba.html *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member ------------------------------ End of virusinfo Digest V4 #100 *******************************