Application security, Patch/Configuration Management, Vulnerability Management

News briefs


Security experts warned email and instant-messenger users about a new email bot that creates a peer-to-peer network of infected host PCs.

The "Nugache" worm spreads both as an email attachment and through AOL and MSN instant messenger networks, according to warnings from numerous security firms.

The bot is considered unique because it does not create a botnet via internet relay chat as do most IM malware. It instead uses a P2P network.


The U.S. still leads the world in the amount of spam dispersed, producing nearly a quarter of the world’s unwanted email messages, according to a study by Sophos.

China, including the former British protectorate Hong Kong, is close on the U.S.’s heels, accounting for 22 percent of the world’s spam during the first three months of 2006.

South Korea finished a distant third, producing nearly 10 percent of the world’s spam during that time.

Security experts said American PC users are becoming more aware of the dangers of spam email, while federal and state laws in the U.S. also are helping to cut back on spam.


Users infected with a new strain of ransomware found their computers held hostage in exchange for a money transfer demanded by its creators.

The Troj/Ransom-A, freezes its infected PC by creating a number of new .exe files on a Windows system and telling users that deleted files are saved in a hidden directory and will be replaced during installation. It displays pornographic pictures and then orders users to wire $10.99 to the hacker in exchange for a CIDN number that will trigger the uninstallation process.

According to the experts at Sophos, it is unclear how the trojan was being spread.


Microsoft was forced to release an updated version of its April patch after it was found that it clashed with third-party software.

The original April release did not work as it was supposed to when it was combined with Hewlett-Packard and Sunbelt’s Kerio Personal Firewall software. The third party software flagged the patch’s installation of a new binary program, verclis.exe, which then prevented users from opening My Documents and My Pictures folders.


Security researcher Tom Ferris of the Security-Protocols blog announced that he discovered five new holes in Mac OS X which can lead to DoS attacks.

Some of the errors can be exploited when the Safari browser processes malformed HTML tags or GIF images on a malicious website or when Safari decompresses malformed ZIP archives in the Finder.

Ferris said he notified Apple about the flaws earlier in the year and was told that they "will be fixed in the next security release." He included the proof-of-concept exploit code in his posting.

Security monitoring service Secuinia rated the vulnerabilities highly critical.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.