Vulnerabilities identified the 2006 calendar year follow. See also vulnerability notes for issues identified in 2005, 2004, 2003, 2002, 2001 and 2000.

1. Windows -- Call China Worm, 21-Dec-2006
   Vulnerable Systems (Access Controlled)

   Large scale infection of many Windows systems. Compromise exploits a vulnerability with NAV and installs a version of the Hupigon/Blackbird backdoor. Malware is recognized by only a few AV engines -- NAV does not recognize the infection.

2. Windows -- FreeVideo Trojan, 20-Nov-2006
   Vulnerable Systems (Access Controlled)

   A very few users have been tricked into installing a "FreeVideo" Trojan. The Trojan installs a root-kit and direct DNS queries to a rogue server in Ukraine -- we alarm the DNS traffic to notify users who may be compromised.

3. Windows -- Firewall & Critical Patch MS06-040, 1-Sept-2006
   Vulnerable Systems (Access Controlled)

   Worms are actively exploiting MS06-040: Vulnerablity in Server Service (8-Aug-2006). We can test and identify some systems (Windows XP and 2000 with no firewall) where the patch has not been applied. Vulnerable systems should be firewalled and patched.

4. Mailer configuration -- SSL and Authentication, 03-Aug-2006
   Vulnerable Systems (Access Controlled)

   All mail servers should be configured to require encryption before users authenticate to relay mail. Otherwise users expose their password in the clear and that might lead to a compromise.

5. UWdir Email Information Disclosure, 19-Jun-2006

   From June 1-19, 2006 UWdir: the campus directory would provide the email address of users who had requested that no information be published.

6. RealVNC Compromise (Authentication Bypass), 14-Jun-2006
   Vulnerable Systems (Access Controlled)

   Snort alarms a RealVNC authentication bypass flaw -- an attacker obtains access to vulnerable systems without a password. We have seen a few compromises on Unix and Windows systems.

7. Windows PSW-Agent Trojan, 03-May-2006
   Vulnerable Systems (Access Controlled)

   Snort alarms a Trojan that SOPHOS calls Troj/Torpig-R -- a few compromises detected, some advice on cleanup.

8. Windows Haxdoor Backdoor, 02-May-2006
   Vulnerable Systems (Access Controlled)

   Snort alarms TrendMicro BKDR_HAXDOOR.DI Trojan -- a few compromises detected, some advice on cleanup.

9. Windows Windows Administrator Password, 22-Jan-2006
   Vulnerable Systems (Access Controlled)

   Windows systems that offer file and print services but do not protect the Administrator account are easily compromised. We alarm systems we find and give them some advice on how to protect their system.

10. Windows Windows BlackWorm, 17-Jan-2006
    Vulnerable Systems (Access Controlled)

    Blackworm is a widespread malicious worm infecting hundreds of thousands of systems around the world. We have seen the infection here and have installed an alarm based on Snort to detect systems which may be compromised.

11. Unix phpBB 2.0.19 released, 12-Jan-2006
    Vulnerable Systems (Access Controlled)

    phpBB 2.0.19 was released on 30-Dec-2005. Exploit code for version 2.0.17 and earlier was released on 24-Dec-2005. We scanned for and found several systems offering phpBB services which report vulnerable version numbers.

See also vulnerability notes for issues identified in 2005, 2004, 2003, 2002, 2001 and 2000.

Information Systems & Technology
University of Waterloo
200 University Avenue West
Waterloo, Ontario, Canada N2L 3G1
519 888 4567 x37070

Contact Us | Give Us Feedback | Privacy Statement