[virusinfo] virusinfo Digest V4 #100

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Thu, 14 Apr 2005 11:04:04 -0700

virusinfo Digest        Wed, 13 Apr 2005        Volume: 04  Issue: 100

In This Issue:
                [virusinfo] W32/Mytob-E
                [virusinfo] Troj/Bancos-CD
                [virusinfo]  W32/Codbot-K
                [virusinfo] Address spoofing in various Microsoft mail clien
                [virusinfo] W32/Mytob-BA

----------------------------------------------------------------------

Date: Wed, 13 Apr 2005 10:05:07 -0700
From: "Mike" <mikebike@xxxxxxxxx>
Subject: [virusinfo] W32/Mytob-E


From; Sophos Alert System:

Name: W32/Mytob-E
Aliases: WORM_MYTOB.J, Net-Worm.Win32.Mytob.h, W32/Mytob.gen@MM
Type: Win32 worm
Date: 13 April 2005

A virus identity (IDE) file which provides protection is
available now from the Sophos website, and will be incorporated
into the June 2005 (3.94) release of Sophos Anti-Virus.

Customers using EM Library, PureMessage or any of our Sophos
small business solutions will be automatically protected at
their next scheduled update.

At the time of writing, Sophos has received a small number of
reports of this worm from the wild.


Note: The IDE issued for W32/Mytob-E at 08:15 GMT on 25 March
also contained detection for W32/Mytob-F. This IDE has now been
updated to enhance detection of W32/Mytob-E.

Information about W32/Mytob-E can be found at:
http://www.sophos.com/virusinfo/analyses/w32mytobe.html

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike


------------------------------

Date: Wed, 13 Apr 2005 10:08:09 -0700
From: "Mike" <mikebike@xxxxxxxxx>
Subject: [virusinfo] Troj/Bancos-CD


From; Sophos Alert System:

Name: Troj/Bancos-CD
Aliases: Trojan-Spy.Win32.Bancos.cr, TROJ_BANCOS.XZ
Type: Trojan
Date: 13 April 2005

A virus identity (IDE) file which provides protection is
available now from the Sophos website, and will be incorporated
into the June 2005 (3.94) release of Sophos Anti-Virus.

Customers using EM Library, PureMessage or any of our Sophos
small business solutions will be automatically protected at
their next scheduled update.

At the time of writing, Sophos has received a small number of
reports of this Trojan from the wild.


Information about Troj/Bancos-CD can be found at:
http://www.sophos.com/virusinfo/analyses/trojbancoscd.html

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike

------------------------------

Date: Wed, 13 Apr 2005 15:51:16 -0700
From: "Mike" <mikebike@xxxxxxxxx>
Subject: [virusinfo]  W32/Codbot-K


From; Sophos Alert System:

Name: W32/Codbot-K
Aliases: W32.Randex, Backdoor.Win32.Codbot.z, W32/Gaobot.worm.gen.q
Type: Win32 worm
Date: 13 April 2005

A virus identity (IDE) file which provides protection is
available now from the Sophos website, and will be incorporated
into the June 2005 (3.94) release of Sophos Anti-Virus.

Customers using EM Library, PureMessage or any of our Sophos
small business solutions will be automatically protected at
their next scheduled update.

At the time of writing, Sophos has received a small number of
reports of this worm from the wild.


Information about W32/Codbot-K can be found at:
http://www.sophos.com/virusinfo/analyses/w32codbotk.html

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike

------------------------------

Date: Wed, 13 Apr 2005 17:24:20 -0700
From: "Mike" <mikebike@xxxxxxxxx>
Subject: [virusinfo] Address spoofing in various Microsoft mail clients -
4/12/


From; Panda Oxygen3:

"Every man is the son of his own works."
           Miguel de Cervantes Saavedra (1547-1616). Spanish writer

                 - Address spoofing in various Microsoft mail clients - 
         Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, April 12, 2005 - A vulnerability has been reported in the email
clients Microsoft Outlook and Microsoft Outlook Web Access, which could
allow an attacker to easily spoof or hide the real address.

Microsoft Outlook and Microsoft Outlook Web Access (OWA) are widely-used
mail clients in corporate networks. The vulnerability lies in the handling
of message headers and allows an attacker to spoof the 'From:' field
displayed to the user.

In the SMTP header, when the 'From:' field contains multiple addresses
separated by commas, Outlook and OWA only display the first address. This
flaw can be used to send spam or phishing mails. What's more, it can slip
past message filtering rules that could be defined in the corporate server.
Microsoft Outlook Express is not affected by this problem.

------------------------------------------------------------

The 5 most frequently detected viruses by Panda ActiveScan, Panda
Software's free online scanner:
1)Mhtredir.gen; 2)Netsky.P; 3)Shinwow.E; 4)Sdbot.ftp; 5)Downloader.BTH. 

------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike

------------------------------

Date: Wed, 13 Apr 2005 19:22:26 -0700
From: "Mike" <mikebike@xxxxxxxxx>
Subject: [virusinfo] W32/Mytob-BA

From; Sophos Alert System:

Name: W32/Mytob-BA
Aliases: Net-Worm.Win32.Mytob.y
Type: Win32 worm
Date: 14 April 2005

A virus identity (IDE) file which provides protection is
available now from the Sophos website, and will be incorporated
into the June 2005 (3.94) release of Sophos Anti-Virus.

Customers using EM Library, PureMessage or any of our Sophos
small business solutions will be automatically protected at
their next scheduled update.

At the time of writing, Sophos has received no reports from
users affected by this worm. However, we have issued this
advisory following enquiries to our support department from
customers.


Information about W32/Mytob-BA can be found at:
http://www.sophos.com/virusinfo/analyses/w32mytobba.html

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 



------------------------------

End of virusinfo Digest V4 #100
*******************************

Other related posts:

• » [virusinfo] virusinfo Digest V4 #100

1. Home
2. virusinfo
3. Archive
4. 04-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---