Upcoming MySQL patch fixes several critical vulnerabilites
William wrote in to let us know that the changelog to upcoming release to MySQL, version 5.1.47, has been released, and it appears this release fixes several critical vulnerabilities and probably should be applied as quickly as is reasonable. What is interesting is that although a relatively detailed changelog is available which describes in some detail the vulnerabilities being addressed, which could be interesting to attackers, I could not find any information on when the 5.1.47 release would be available.
If anyone can provide a pointer to this release information, please pass it on to us.
Update May 21st....5.1.47 is now available
-- Rick Wanner - rwanner at isc dot sans dot org
Symantec triggers on World of Warcraft update
We have had a couple of reports over the last 24 hour of users experiencing issues with Symantec anti-virus products triggering on scan.dll.new which is a component of World of Warcraft.
Judging by the traffic on this topic in the WoW forums it would appear these are not isolated reports.
The detailed version of the alert is:
Severity = High
Activity = Auto-Protect has detected Infostealer
Date & Time = 15/05/2010 (various times from 9:00 to now)
Status = Blocked
Recomended Action = Resolved no action
Risk Catagory = Virus
Definitions Version 2010.05.14.048
Severity = High
Component = Auto-Protect
Status = Blocked
File Name = c:userspublicworld of warcraftscan.dll.new
What I find interesting in this case is not that we have another anti-virus false positive, but that Symantec is listing scan.dll.new as an InfoStealer and that it appears this false positive has happened on past World of Warcraft patches/updates that created a file called scan.dll.new. What exactly are they triggering on? Is this an old signature from a previous issue?
I have been interested for a while in the accuracy of Anti-Virus products in the modern computing world. The Anti-Virus paradigm we have used since the 80's is seriously flawed, and in my opinion is slowly unraveling. The rash of false positives in recent months is just one symptom of that.
I have been watching with great interest the attempts to develop a new paradigm that fits better in the modern computing reality. Most of these are attempts at more heuristic or behavior based products that rely less on signatures. It seems to me that since these attempts require a little more "fuzzy" approach to anti-virus won't these sorts of false positives likely become more common, not less?
Are we getting to the point where software providers are going to have to start testing their updates against common anti-virus products before release?
As usual I am interested in your opinions. You can submit them either via our comment mechanism at the bottom of this diary, or via our contact page.
-- Rick Wanner - rwanner at isc dot sans dot org
P.S. If any anti-virus companies have any documentation on futuristic anti-malware research directions that they can let me read I would be fascinated to have it.
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago