Daily Report Monday, November 13, 2006

Daily Highlights

Federal Computer Week reports that the Nuclear Regulatory Commission has issued a final rule on reporting requirements for various transactions involving radioactive materials that will involve establishing secure, Web−based access to a new National Source Tracking System. (See item 1)
The Associated Press reports that Department of Homeland Security Secretary Michael Chertoff marked Veterans Day by helping christen U.S. Coast Guard Cutter Bertholf, the first of a new class of ships called National Security Cutters. (See item 12)

Information Technology and Telecommunications Sector

32. November 08, Age (Australia) — SpamThru and Warezov responsible for rise in spam: MessageLabs report. The number of e−mail viruses targeting Australians is on the rise, with Australia last month experiencing the biggest growth in attacks of any country. One in 84.1 e−mails or 1.2 percent of e−mail traffic contains a virus, up from 0.4 percent of e−mail traffic the month before, MessageLabs' Intelligence Report for October 2006 said. The global ratio was 1 percent of e−mail traffic. This ranks Australia 12th out of all countries, where it was "previously at the bottom of the list," the report said. India remains the hardest hit country, with one in 16 e−mails containing a virus. It was followed by Ireland, Germany, Singapore and Spain. Responsible for much of the rise in viruses is a spam−sending Trojan dubbed "SpamThru," which MessageLabs said had increased global spam levels to almost three out of every four e−mails. The developers of SpamThru have so far managed to avoid detection by traditional anti−virus software, by releasing new strains of the Trojan at regular intervals, MessageLabs said. Another virus, Warezov, is also identified by MessageLabs as a contributing factor to the increase in spam. Like SpamThru, it hijacks the computers of unsuspecting users and turns them into spam distributors.
MessageLabs report: http://www.messagelabs.com/publishedcontent/publish/threat_w
atch_dotcom_en/intelligence_reports/october_2006/DA_173834.h tml

Source: http://www.theage.com.au/articles/2006/11/08/1162661735244.h tml

33. November 08, Security Focus — Microsoft Excel file rebuilding remote code execution vulnerability. Microsoft Excel is prone to a remote code execution vulnerability. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Office files as objects contained in other Office files. As an example, Microsoft Word files may contain embedded malicious Microsoft Excel files, making Word documents another possible attack vector.
For a complete list of vulnerable products: http://www.securityfocus.com/bid/18938/info
Solution: Microsoft has released a security advisory addressing this issue. For more information: http://www.securityfocus.com/bid/18938/references
Source: http://www.securityfocus.com/bid/18938/discuss

34. November 08, Security Focus — Symantec Automated Support Assistant ActiveX control buffer overflow vulnerability. An ActiveX control shipped with Symantec Automated Support Assistant and some other Symantec products is prone to a stack−based buffer overflow vulnerability. This vulnerability requires a certain amount of user−interaction for an attack to occur, such as visiting a malicious Website. A successful exploit would let a remote attacker execute code with the privileges of the currently logged−in user. These products are shipped with the affected ActiveX control: Symantec Automated Support Assistant; Symantec Norton AntiVirus; Symantec Norton Internet Security; Symantec Norton System Works. Note that the Symantec Automated Support Assistant is used by support to identify problems running any Symantec consumer−based products. Therefore, the affected control may be present on computers running other consumer products and versions as well. Symantec Corporate and Enterprise products are not affected, because they do not install the affected control.
For a complete list of vulnerable products: http://www.securityfocus.com/bid/20348/info

Solution: Symantec has released fixes to address this issue. Fixes can be automatically applied
through Symantec LiveUpdate. Users who may have downloaded or installed the Symantec Automated Support Assistant should visit the following location to obtain a fixed version: https://www−secure.symantec.com/techsupp/asa/install.
A tool to remove vulnerable versions of the ActiveX control is available from the following location: http://www.symantec.com/home_homeoffice/security_response/re movaltools.jsp
Source: http://www.securityfocus.com/bid/20348/references