[R129 SL] Mother's Day Virus

[Admin-MB Coupes.com]

Folks, keep attentive to these potential threats....


CERT Warns Of Mother's Day Virus May 8, 2003		
 <javascript:launcher(9700005)> 
 
<http://www.informationweek.com/shared/printableArticle.jhtml?articleID=
9700005> 
 
<http://www.informationweek.com/forum/showTopics.jhtml;jsessionid=QPCEKJ
AGXGXOIQSNDBGCKIKCJUMEKJVN?sid=300001&fid=601011> 
 
<http://www.informationweek.com/writetous.jhtml;jsessionid=QPCEKJAGXGXOI
QSNDBGCKIKCJUMEKJVN> 		
	 	
The security clearinghouse says the Trojan Horse is timed to coincide
with this weekend's holiday
By Gregg Keizer, TechWeb News 				
	 	
An Internet security clearinghouse is warning computer users to beware
of a potentially destructive Trojan horse timed to coincide with another
holiday. 
You guessed it: Hunker down for the Mother's Day Virus. 
The CERT Coordination Center said Thursday that it has received reports
that an in-the-wild Trojan horse known as Peido-B, VBS/Inor.B, or the
Mother's Day Virus, was making the rounds. CERT is a federally funded
research and development organization located at Carnegie Mellon
University. 
Like most Trojan horses, Mother's Day includes an executable file
attachment that, when opened, downloads and runs on the victim's
machine. The Mother's Day message masquerades as an undeliverable
message, but if the recipient opens the attached file, the sender may be
able to gain control of the computer. 
CERT has released an updated edition of a handbook that outlines steps
companies and organizations can take to create a computer security
incident response team (CSIRT). 
The second edition of the guide, which debuted five years ago, includes
refreshed content, newer examples, and expanded descriptions of CSIRT
planning and implementation, said Georgia Killcrece, one of the authors
of the handbook and a leader for CERT's CSIRT Development Team. 
A CSIRT, she said, is more than a threat assessment team. It also plans
detection and protection policies, and analyzes and responds to security
events that break on the Internet. 
"Anyone who has a network connected to the Internet will benefit from
the Handbook," Killcrece said. 
The guide, which lays out the issues that companies need to consider as
they form a CSIRT, is aimed at managers, IT administrators, CIOs, and
project leaders who've been tasked to implement a team, or who are
interested in preparing their enterprise to handle security events,
Killcrece said. 
Later this year, CERT will roll out additional documents to model a
variety of CSIRT organizational frameworks or templates. "Not all
organizations have the same need," Killcrece noted. "Among the models,
we'll have ones that outline a distributed team, a coordinated center,
and even an ad hoc team." 
The CSIRT handbook is available in PDF format from the CERT/CC Web site.
The organizational models will appear during 2003 in the CSIRT
Development section on CERT's site. 
Also, Microsoft acknowledged that two older versions of its popular
Windows Media Player share a vulnerability caused by downloading new
"skins." 
Windows Media Player 7.1 and 8.0 (the version included in Windows XP)
sport a flaw in the way they handle skin downloads, said Microsoft in a
security advisory posted on its TechNet site. 
Attackers exploiting this vulnerability could post code disguised as a
skin on a Web site; users who download it would introduce a possibly
malicious executable to their machine. 
The fake skin could also be delivered via E-mail. Users of Outlook 2002
and Outlook Express 6.0 (as well as Outlook 98 and 2000 when patched
with the Outlook Email Security Update) are not at risk, but others are.
An attacker could plant a masquerading skin on the computer even if the
recipient didn't click the embedded URL in the E-mail message. 
Judged "critical" by Microsoft--the second-highest warning in
Microsoft's four-level threat assessment scale--Player's security hole
can be plugged by downloading and installing patches from Microsoft's
site. The most current Player, version 9.0, is not affected.