Count on Exterminator!
Each Friday, Exterminator brings you news of important bug fixes, virus recovery information, service release announcements, security notices, and more from the prior week.
Win2K virus identified
You must be online and you must have administrative privileges for the newest Windows 2000 virus to trigger. Named W2K.Infis.4608, the virus loads inf.sys into the System 32 drivers folder. This registry key also appears with the virus: hklm\system\CurrentControlSet\Services\inf.
No fixes are currently available for the program, which is mistakenly being labeled by some as the first Windows 2000 virus. It is not. The first Windows 2000 viruses, Win2000.Install or W2K.Installer virus, were originally reported in early January.
This virus doesn’t appear to be serious. Symantec is labeling it low-risk and says the amount of damage it can cause is “negligible.”
Got time for “small poetry”?
Of course you don’t. That’s why you’ll want to be on the lookout for TROJ_HAIKU. This harmless worm tries to spread itself via e-mail. It usually arrives as an attachment labeled HAIKU.EXE, according to Trend Micro, which late last week released a bulletin announcing the virus.
The virus seeks *.doc, *.eml, *.htm, *.rtf, and *.txt files for e-mail addresses, and then sends itself to them. But the Trojan does not carry a destructive payload. Check out Trend Micro’s Web site for more details.
Site Server patch released
A security hole in Microsoft Site Server 3.0 Commerce Edition has been addressed with the release of a patch. The file was built to keep sample documents and wizards included with Site Server from enabling malicious users to gain unauthorized access to databases on a Web site.
You can find more information, and the patch, right here .
Virtual Machine patch
Microsoft has released a patch that closes a security hole in Microsoft’s Virtual Machine. Without the updated file, a malicious user could read files on the computer of a user visiting a Web site or reading content from within an intranet.
In order to read the files or content, the hacker would have to know the exact filename and the document location.
The Virtual Machine patch is available from Microsoft .
Possible ActiveX issue in IE5
According to a SecurityFocus report, an ActiveX control shipped with Internet Explorer can be used to install software over the Internet. The catch, however, is that the updated software must be “signed by Microsoft.” The user isn’t prompted before this installation occurs.
Of course, the security issue is that someone other than Microsoft could crack the code to make Internet Explorer or Outlook believe files are to be installed with Redmond’s blessing, when in fact they are not.
You'll find more information on Microsoft’s Active Setup process here .
Microsoft Security Bulletin (MS00-012)
A security hole in the system routing process of Microsoft Systems Management Server has been addressed with the issuance of a patch. Without the file, users could secure unauthorized privileges on a machine.
More information and the patch are available from Microsoft .
Microsoft Security Bulletin (MS00-013)
A patch has been released that plugs a Windows Media Services security hole. Without the updated file, denial of service attacks could be launched against a streaming media server.
More information on the patch can be found here .
Have a comment?
If you'd like to share your opinion, please post a comment below or send the editor an e-mail .