Security Alert: Bagle.X Worm Seeding in Progress

Grok Headline matches for Security Alert: Bagle.X Worm Seeding in Progress

Security Alert: New Bagle.X Worm Variant
Detected

Security Alert: New Bagle.X Worm Variant
Detected 04/09/2004 03:58 PM
Bagle.X appears to be progressing slowly, but its seeding rate is consistent with previous Bagle versions that have witnessed great success.

Security Alert: Apache/Mod_ssl Worm in
the Wild

Security Alert: Apache/Mod_ssl Worm in
the Wild 09/17/2002 08:04 AM

Virus alert: Beware of dodgy Bagle

Virus alert: Beware of dodgy Bagle 01/19/2004 09:35 AM

New Bagle Variant Heightens Alert Levels

New Bagle Variant Heightens Alert Levels 07/16/2004 01:23 PM
Submissions pour in to anti-virus companies, raising levels as the worm drops itself into the Windows system folder, sets Windows to load it at startup and begins sending copies of itself to harvested e-mail addresses.

Bagle-B worm loose

Bagle-B worm loose 02/18/2004 10:46 PM
Sunday Times South Africa Feb 19 2004 3:17AM GMT

Other News: Bagle Worm

Other News: Bagle Worm 08/10/2004 10:15 AM
Are you getting spammed with infected email, too? It's probably the latest Bagle Windows worm.

New Bagle e-mail worm on a roll

New Bagle e-mail worm on a roll 02/17/2004 09:12 PM
BOSTON - Antivirus software companies are warning of a new computer virus that spreads using e-mail messages and installs a Trojan horse program on machines it infects.

Other News: Beagle/Bagle Worm

Other News: Beagle/Bagle Worm 01/22/2004 02:12 AM
Yet another evil Windows worm has spammers hijacking PCs.

Bagle Worm Goes Open Source

Bagle Worm Goes Open Source 07/07/2004 08:02 AM

New Bagle worm drops in and downloads

New Bagle worm drops in and downloads 09/01/2004 07:56 AM
Virus du jour

New Bagle E-mail Worm Spreads (PC World)

New Bagle E-mail Worm Spreads (PC World) 08/10/2004 05:17 AM
PC World - Antivirus updates available, but experts say this variant may fool some software.

Bagle.B internet worm third worst to
date

Bagle.B internet worm third worst to
date 02/18/2004 10:43 AM
Daily Mail & Guardian Feb 18 2004 1:55PM GMT

Bagle worm status + more blocking
information

Bagle worm status + more blocking
information 01/19/2004 03:07 PM
Gadi Evron (Jan 19 2004)

New Bagle worm spreading; source code is
revealed

New Bagle worm spreading; source code is
revealed 07/07/2004 04:36 PM
Antivirus software companies are warning customers that new editions of the Bagle family of e-mail worms are spreading on the Internet, depositing copies of the worm's source code on computers they infect.

Bagle.B Internet worm third most
virulent in history: experts

Bagle.B Internet worm third most
virulent in history: experts 02/18/2004 09:18 AM
AFP via Yahoo! Feb 18 2004 12:55PM GMT

Bagle.B Internet worm third most
virulent in history: experts (AFP)

Bagle.B Internet worm third most
virulent in history: experts (AFP) 02/18/2004 07:18 AM
AFP - The Bagle.B Internet worm continued to propagate itself throughout the world, with experts ranking the virus as the third most dangerous computer bug after the notorious Sobig.F and Mydoom.A.

New Bagle.B Internet worm appears,
spreads fast via e-mail (AFP)

New Bagle.B Internet worm appears,
spreads fast via e-mail (AFP) 02/17/2004 11:49 AM
AFP - A new variant of the Bagle Internet worm, dubbed Bagle.B, was spreading quickly by e-mail throughout the world, Internet security experts said.

Special Report: Beware of backdoor
planted by Bagle/Beagle worm

Special Report: Beware of backdoor
planted by Bagle/Beagle worm 01/23/2004 02:19 PM
CNET Jan 23 2004 8:47AM GMT

Fake MS alert-spreading worm in Europe

Fake MS alert-spreading worm in Europe 03/08/2004 11:20 PM
Sunday Times South Africa Mar 9 2004 3:17AM GMT

MEDIA ALERT: Secure Elements Discusses
IT Security for Higher Education at
EDUCAUSE Security Professionals
Conference

MEDIA ALERT: Secure Elements Discusses
IT Security for Higher Education at
EDUCAUSE Security Professionals
Conference 03/31/2005 03:03 AM
Daniel Bezilla, Secure Elements’ chief technology officer, will explore how educational communities can benefit from implementing an Enterprise Vulnerability Management solution. [PRWEB Mar 31, 2005]

Security a work in progress for
Microsoft

Security a work in progress for
Microsoft 01/17/2004 11:08 PM

Microsoft security effort a work in
progress

Microsoft security effort a work in
progress 01/16/2004 11:03 AM
ZDNet Jan 15 2004 10:56PM GMT

Microsoft hails "real progress" on
improving security

Microsoft hails "real progress" on
improving security 07/15/2004 08:20 AM

Mac Security Alert

Mac Security Alert 05/12/2004 09:43 AM
A UK government organization responsible for gathering information on IT security incidents has issued two security advisories regarding recently identified vulnerabilities in Mac OS X. By Macworld UK (via MyAppleMenu)

PHP Security Alert

PHP Security Alert 06/05/2005 11:38 PM
PHP Advanced Transfer Manager Include File Error Lets Remote Users Execute Arbitrary Commands

Security Alert

Security Alert 09/21/2004 04:41 PM

Who's Seeding the Net With Spyware?

Who's Seeding the Net With Spyware? 06/15/2004 11:34 AM

Security Alert: Another IE6
Vulnerability

Security Alert: Another IE6
Vulnerability 11/25/2002 11:55 AM
A new exploit has been found in IE6 that allows a serious security vulnerability. Although this is not directly related to PHP Freaks, I thought I would take a moment to point this out to our readers.

Security Alert: Voluntary XSS

Security Alert: Voluntary XSS 04/09/2004 05:30 PM

This is a personal security alert against a dangerous yet increasingly popular practice which I call Voluntary XSS.  Voluntary XSS involves a website voluntarily embedding script fragments hosted by another, typically very popular, website.  Here is an example:

Voluntary XSS is dangerous because the practice builds a hub-and-spoke (or star) vulnerability network which exposes all the spoke websites to  weaknesses in the hub website.  Since active contents of 'bar.js' from the hub website in the example above is typically injected into every page served by spoke websites, penetration at the hub website allows hackers to change contents of all pages served by spoke websites instantly by replacing the content of 'bar.js' with their own script.

As to how wide spread the use of Voluntary XSS is, Google uses Voluntary XSS to display ads at Google AdSense sites and Technorati uses Voluntary XSS for blog claiming blogs.  I haven't checked Amazon and Yahoo yet, but I intend to soon.

Since this is a personal security alert, allow me to be more blunt than formal security alerts: This is serious shit folks.  By inserting those HTML fragments into your webpages, you are betting that websites hosting those HTML fragments are and will remain impenetrable.Voluntary XSS makes those key websites very attractive to hackers and I seriously doubt any website can withstand constant onslaughts by smart hackers.

My other posts on this topic:

Cross-Site Scripting Network

APWG Threat Advisory Alert on Visual Spoofing

Yet another Windows security alert

Yet another Windows security alert 03/19/2003 10:25 PM
Microsoft has released Security Bulletin MS03-007, which simply says: An identified security vulnerability in Microsoft® Windows® 2000 could allow an attacker to take control of your computer. This issue is most likely to affect computers used as Web servers. You can help protect your computer from this vulnerability by installing this update from Microsoft. If you're using Windows 2000, make sure you install it.

FC Now: Seeding Home Soil

FC Now: Seeding Home Soil 03/19/2005 02:26 AM
When I graduated from my socially conscious liberal arts college, it seemed like every other graduate wanted to go to South America or India and work on micro-enterprise projects with local women. One friend even found a venture capitalist in...

Community News: PHP Security Alert

Community News: PHP Security Alert 02/13/2004 09:13 AM
In a posting from the fine folks at PHP Magazine:

Security alert at Bute House

Security alert at Bute House 06/12/2004 04:49 AM
A security alert is sparked after a man is seen outside Jack McConnell's official home carrying what looked like a bomb.

Single New Security Alert From Microsoft
For May

Single New Security Alert From Microsoft
For May 05/11/2004 01:44 PM
Windows XP/2003 Help system could execute attack code. In contrast to last month's flood of severe problems, a single "Important" vulnerability in some Windows versions, and re-released of two previous ones.

Gates sparks security alert

Gates sparks security alert 07/30/2004 06:26 AM

Feds Alert to Web Security Threat

Feds Alert to Web Security Threat 03/21/2003 05:59 AM
The Department of Homeland Security advises Americans to brace themselves for acts of cyberterror. But computer security experts say Internet users probably aren't much more vulnerable than usual. By Joanna Glasner.

Security Alert: PHPNuke Strikes Again

Security Alert: PHPNuke Strikes Again 02/04/2003 08:40 AM

BA Cancels U.S. Flight Amid Security
Alert

BA Cancels U.S. Flight Amid Security
Alert 01/02/2004 07:22 PM
Reuters via Wired News Jan 2 2004 6:44PM ET

The MS 'friendly' security alert service
- just say d'oh

The MS 'friendly' security alert service
- just say d'oh 03/20/2003 11:55 AM
A
Grok Description matches for Security Alert: Bagle.X Worm Seeding in Progress
GrokA matches for Security Alert: Bagle.X Worm Seeding in Progress

Security Alert: Bagle.X Worm Seeding in Progress

The following phrases have been identified by the grok system as matching this entry: