  |
|
|
|
|||||||
 |
 |
|
|
OS/400 Alert: Nasty Little Viruses by Shannon O'Donnell This issue of "OS/400 Alert" focuses on several nasty little viruses making their way around the Internet and brings you up to date on IBM's latest PTFs. This column is designed to give concise information you can use to tell instantly what latest threats can hurt you and what fixes can help you. From time to time, we will also give you the kind of "how to" information you need to use the tools you already have in your shop. Let us know how we are doing with this new column. Your input will help to improve it. 
Slam the Door on Backdoor.EZBot Just when you thought it was safe to get back on the Internet after the havoc wreaked by SoBig, another virus has been discovered. The Backdoor.EZBot virus, written in Visual Basic, is a backdoor Trojan horse, which allows the writer of the virus to gain access to your computer via the IRC, or Internet Relay Chat, capabilities of Microsoft Windows computers. IRC, like so many other TCP/IP services, such as FTP, is installed and enabled automatically on most Windows PCs. Most people never even know it is there and running. But the Backdoor.EZBot virus can become a destructive force to systems exposed to the Internet with IRC enabled. Here's how it works and what it does. When Backdoor.EZBot is executed, it adds the following value to the Windows Registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run ""WindowsSetup"= <path to trojan> Once the registry has been modified, the virus waits for remote commands issued via the IRC server, which may include any or all of the following: manage the backdoor, control the IRC client on an infected computer, deliver system and network information to the creator of the Trojan horse, download and execute files, manage processes, or perform denial-of-service attacks against a target, which the Trojan's creator defines. Affected platforms include Windows 95, 98, NT, 2000, and Millennium Edition. For complete security and removal instructions for the Backdoor.EZBot virus, go to Symantec's Web site. MDAC Buffer Overflow Vulnerability The majority of custom-programmed Windows software that interfaces with a remote database uses the Microsoft Data Access Components, or MDACs. If you have such applications, you need to know about a vulnerability discovered late last month that allows an attacker to run arbitrary code on a client machine. Before you panic, however, be aware that this is a very specific vulnerability that only appears to affect the clients of an SQL Server implementing the SQL-DMO library. The attacker can send a broadcast request for SQL Servers on a network, causing a buffer overflow on the client machines. Once the buffer overflow has been achieved, a savvy attacker can then run code to explore, attack, or otherwise compromise secure data on the client systems. Microsoft has released a patch to address this vulnerability. Affected platforms include the following:
Specific components affected are the following:
Other Nasties This Week W32.Neroma.B@mm is a mass-mailing worm that uses Microsoft Outlook to send itself to all addresses in the Outlook address book. Click here for more information. W32.Randex.J is a network-aware worm that copies itself as \c$\winnt\system32\spolds.exe. Click here for more information. Backdoor.RPCBot.E is an Internet Relay Chat Trojan horse that allows its creator to control a computer through Internet Relay Chat. Click here for more information. W32.HLLW.Vuxer@mm is a mass-mailing worm that uses Microsoft Outlook to send itself to all addresses in the Outlook Address book. Click here for more information. W32.Mexer.D.Worm is an interesting little virus that attempts to spread itself across file-sharing networks, like KaZaA an iMesh. It also attempts to run executables on your hard drive. Click here for more information. W97M.Plonky is a Microsoft Word macro virus that spreads by infecting Word documents and the Normat.dot template file. It also affects your ability to edit Visual Basic code from Word. Click here for more information. Trojan.Norio is a virus that modifies your Web browser in an attempt to direct you to porn sites. Click here for more information. PTFs and Fixes for OS/400 and Related Programs IBM released several new PTFs for OS/400 V5R2 and V5R1 last week. Although there was nothing very exciting, remember that any problem is serious if it applies to your operation. Therefore, all PTFs are important. Here is a recap of this week's PTFs. For complete details, go to IBM's PTF site. V5R2M0 PTFs SI09931: error messages received when an independent ASP is varied on SI09899: ILE RPG compiler ignores operation code extenders on READE SI09691: problems using the ALTER TABLE statement in SQL SI09607: problems contacting WebFacing server SI09297: problems with the Copy From Query File (CPYFRMQRYF) command SI09238: errors in SQL in debug mode SI08992: Query Optimizer not handling FETCH correctly SI08991: Query Optimizer not handling FETCH correctly SI08461: Applying journal changes related to the SQL ALTER TABLE, ADD PRIMARY KEY, and APYJRNCHGX statements MF3100: varying on an independent ASP MF30696: access path recovery after an IPL SI09856: compile fails in COBOL SI09800: The Chinese iSeries Access product and the Japanese Language (MRI2962) SI09678: WebFacing runtime and too many subfile records SI09677: WebFacing runtime and too many subfile records SI09620: Read by Key and MGTCOL SI09512: DBL XML Extender and AIX/Windows NT MF31085: secondary partitions and corrupted data in a dump MF31077: problems in clearing an entire plan cache MF31074: DBST taking too much time evaluating a query MF31067: Additional Query tools MF31066: Additional Query tools SI09923: SMTP and file names SI09920: NLS and log-ins SI09917: CEExxx date APIs SI09876: long name errors with output queues SI09863: Windows Server 2003 and Non-English versions SI09714: IFS and OS/400 upgrades SI09285: V5R1 native JDBC and divide by zero SI09039: QDT Builder program and the DELETE WHERE CURRENT clause SI09891: operating system and IGC character pitch SI09883: Java and Dos400. properties SI09860: dragging and dropping spool files from Operations Navigator SI09839: DBCS and IGC SI09781: queries and message description CPI432C SI09771: Paymentech migration and WebSphere Commerce Suite SI09629: Payments and Websphere Commerce Suite MF31062: SQE and the MAX function MF31061: Configurator and WebSphere Commerce Suite MF31049: queries and debug MF31048: queries and debug MF31047: queries and debug MF31046: queries and debug V5R1 PTFs SI09914: Domino and migrating from R4.1 to R5.1 MF31129: very long journal synchronization SI09205: SQL and creating views SI09198: the CRTLF command SI09859: OS/400 host servers and temporary storage SI09835: IBM Content Manager and directory names
|
Editors
Contact the Editors |
| Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved. |
PROFOUND LOGIC SOFTWARE