" /> On the Horizon: January 2006 Archives

« December 2005 | Main | February 2006 »

January 27, 2006

Blackworm / Blueworm Warning

There are many variations of this identified virus, but what is most definate is the fact that it is dangerous. If the Blueworm sucessfully penetrates your system, it will sit dormant until February 3, when it will begin overwriting files at random.

It is propogated via E-Mail as an attachment and carries one of the following extensions: pif, scr, mim,uue, hqx, bhx, b64, and uu.

TSC takes every precaution to ensure mail entering campus systems is as clean as we can make it. What you can do to help us though is to use judgement when receiving attachments via E-Mail. Make sure the mail you open is from a known and trusted source, and even then, question that. For your system at home:

- Make sure your Anti virus software is updated
- Watch those attachments coming in - seriously question those attachments with the above listed extensions
- Delete E-Mail that you question

More information about the Blackworm / Blueworm virus is available at the following links:

http://www.lurhq.com/blackworm.html

http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=q&virus=blackworm&alt=blackworm&Sect=SA

January 3, 2006

Windows .WMF Vulnerability - Updated

Update - Jan 6

Microsoft has released the .WMF patch early. For those of you running Windows 2000 or greater at home, you can manually download and install the patch from the following url (you will have to reboot your system):
http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx

Reports are that the patch is also available through Windows Update as well. Campus systems will be receiving the patch through the automated Software Update Services (SUS).

For those of you using laptops and plan to take your systems off campus are urged to run WIndows Update to ensure you get all updated patches prior to leaving the campus. A copy of the patch is also available through the MyUWinnipeg Portal under Faculty Staff Pages > Trend Anti Virus Software

*******************

On December 28, Microsoft released an advisory outlining a previously unreported vulnerability in the way Windows deals with image files. Malicious code to exploit this vulnerability has already been released and is appearing on a variety of web sites. Trojans are also being distributed via E-Mail as attachments.

More information on this '0-day exploit' can be found on Microsoft's web site here. There is currently no patch available for this vulnerability, although one is expected to be released on January 10.

Microsoft has been working with Anti virus companies to minimize the impact to Windows users. As such, several varients of Trojans that exploit this flaw have been identified and cataloged. At a bare minimum, it is recommended that all users ensure their systems have updated Anti virus pattern files. For Trend Micro OfficeScan users:

- Alternate mouse-click on the Trend Micro OfficeScan Taskbar icon (the blue circle) and select 'Update Now!
- Select 'Update Now' in the Settings box
- Be patient as OfficeScan verifies the pattern file versions

For other Anti virus software, follow the manufacturers recommendations for downloading and installing pattern file updates.