In-Depth
Briefs: Symantec Vulnerability Assessment, Windows Server 2003 Backup, Another E-Mail Threat
Symantec tool finds vulnerabilities; Windows Server 2003 backup problem; new worm spreads via e-mail
Symantec Releases Vulnerability Assessment ToolSecurity vendor Symantec Corp. released Symantec Vulnerability Assessment, a tool for identifying and prioritizing vulnerabilities in the enterprise infrastructure. The software also provides extensive information on remediation actions. “Symantec documented more than 2,500 new vulnerabilities over the past year, an 81.5 percent increase over 2001. Unfortunately, many organizations are unaware of the vulnerabilities in their systems and applications, and are unable to determine if the identified vulnerabilities have been resolved," says Ronald Van Geijn, Symantec’s director of product management.
The software scans for vulnerable systems and applications in the enterprise, referencing a vulnerability database from Symantec that includes threats recognized by CVE and Bugtraq. New security updates and modules are updated using Symantec LiveUpdate technology.
The software also integrates with the new Symantec Incident Manager 2.0. That software correlates events from different security products to reduce false positives and gives administrators a real-time analysis of the business impact of vulnerabilities and incidents.
Flaw: Windows Server 2003 Backup
Microsoft’s long-awaited Windows Server 2003, released in April 2003, has a problem: its included backup software, NTBackup.exe, creates a backup file that cannot be read by older versions of Windows Server. Microsoft will issue a patch to fix the problem. Other backup software is not affected.
Worm: Sobig.B, Palyh, Mankx
A new Internet worm known as W32.HLLW.Mankx@mm (as well as Sobig.B, Palyh and Mankx) is making the rounds via e-mail, often appearing to be from “support@microsoft.com.” Not coincidentally, the worm also affects all Windows operating systems (Windows 9x/ME/NT/2000/XP). If a user opens the file attachment, the worm copies itself to the Windows directory as “mscon32.exe” and then scans for files with certain extensions—.dbx, .eml, .htm, .html, .txt, .wab. Using a built-in SMTP e-mail server, the worm then e-mails any addresses it finds in those files.
Description:http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.php?p_refno=030518-000043
Technical details and removal instructions: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.mankx@mm.html
About the Author
Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.