Come February 3rd, owners of Nyxem-infected Windows machines will be in for a rude shock. On that day, the bug is programmed to overwrite several common file types.
But today, the team at computer security vendor F-Secure is alerting the community that reports of the bug’s dangerous payload are trickling in. Users with incorrect time settings are already seeing their Office files, PDFs, e-mail archives and compressed folders getting corrupted.
A Trojan writer has been testing the response times of antivirus companies with malware that has been spammed out to over two million web users.
Managed security provider BlackSpider Technologies estimated that more than 2.4 million emails containing the Win32.small.cfg Trojan downloader were sent to UK businesses last night.
The malware was sent out in emails claiming to be about an unpaid invoice for a firm in Nottingham.
Microsoft will omit anti-virus protection in Vista, the next version of Windows, which it plans to ship late this year. As with previous versions of Windows dating back to Windows 2000 at least, Redmond is promoting Vista as a landmark improvement in Windows security.
Jim Allchin, co-president of Microsoft’s platform products and services division, told reseller magazineCRN that safety and security, improved user experience, and mobility features will be key additions in Vista. But there will be no anti-virus software, the Windows development supremo said during a questions and answers session with CRN. For unspecified business (not technical) reasons, Microsoft will sell anti-virus protection to consumers through its OneCare online backup and security service.
A group of security vendors has announced an agreement under which they will work together to establish industry standards for identifying and evaluating antispyware products.
The group, which includes McAfee, Symantec, Trend Micro, ICSA Labs, and Thompson Cyber Security Labs, wants to create standard metrics and common samples of spyware programs that third-party testers can use when evaluating antispyware tools.
The goal is to make it easier for companies to compare and evaluate antispyware products at a time of considerable market confusion over various offerings said David Cole, director of Symantec’s security response group. “In the antivirus space, there are several well-known testing bodies and testers who follow standards and well-thought-through methodologies” for evaluating products, he said.
Happy patch Tuesday. One critical update released today, affecting Windows Server 2003, Windows Server 2003 Service Pack 1, Windows Server 2003 x64 Edition, Microsoft Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with SP1 for Itanium-based Systems, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows XP Professional x64 Edition, and Windows 2000 Service Pack 4.
Virus writers have created a Linux worm which uses a recently discovered vulnerability in XML-RPC for PHP, a popular open source component used in many applications, to attack vulnerable systems.
XML-RPC for PHP features in many web application including PostNuke, Drupal, b2evolution, Xoops, WordPress, PHPGroupWare and TikiWiki. Most of these applications have been updated to address the security flaw.
But unpatched systems are at risk from a Linux worm - called Lupper - which exploits the bug to load itself onto vulnerable systems. Anti-virus firms report few reports of the malware which is noteworthy mainly because of the rarity of malware strains targeting Linux systems rather than its risk factor, which is low.
A team of I.T. staffers at the University of Indianapolis recently showed off a bundle of open-source tools and scripts it uses to trap and isolate PCs infected by viruses or spyware.
Dubbed Shelob, after the sinister giant spider in J.R.R. Tolkien’s “Lord of the Rings,” the software identifies suspect traffic patterns, identifies the computers involved and then shunts them to a closed virtual LAN. Users get an appropriate Web screen, explaining what’s happened and how to fix their PC or whom to call for help.
Shelob’s inner workings were shown off recently in Orlando, Fla., at Educause, the annual user conference for I.T. professionals in higher education.
The school says that since being rapidly thrown together during the Blaster worm outbreak of 2003, Shelob has helped to keep it free of network or service outages related to virus infections. One limitation is it works only with clients that are plugged directly into the LAN, not wireless about wireless devices.
Last week was lots of fun if you work in Sony-BMG’s PR department. First, there was the discovery that the latest Van Zant CD installed a bunch of malware without the user’s permission. After a mountain of negative press and public pressure, Sony-BMG saw sense and issued a patch to address customers’ concerns.
Unfortunately for Sony-BMG, the move may have come too late to dodge the US national pastime: the class action lawsuit. According to News.com, San Francisco law firm Green Welling, are already salivating over this.
“We’re still investigating the case and talking to different people about what happened to them,” said Robert Green, a partner at The Firm. Green’s main argument will be that customers should be informed if an audio CD’s copy protection extends to installing a bunch of software on your PC. Of course they should, though you can image that such ‘consent’ may well be tucked away in a long and confusing End User License Agreement (EULA) full of legalese that nobody will read. Naturally, that is no defence, but is it too much to expect companies to play fairly? Most users just tick the box and click Next.
Over time, the computers inside air conditioners, refrigerators, televisions and automobiles will increasingly connect to cyberspace. This phenomenon also will open them up to the same attacks now threatening PCs, servers and databases.
Are we as an industry prepared for such an assault? No. But Trend Micro executives last week said in time, we will be better equipped to take on such attacks.
“You’re seeing computer networks built into everything,” said David Michael Perry, global director of education for the Tokyo-based antivirus firm. “Look at cars. Door locks are increasingly controlled by computer networks. If you lock the keys in the car, OnStar can unlock it for you.” Perry also noted how he can use the Internet to turn down the air conditioner in his house and how TiVo “is nothing but a networked computer.”
So, you have the best firewall, intrusion-detection and antivirus systems technology has to offer. Yet, despite your Fort Knox approach, you’re still hit with security breaches and the occasional malware du jour. One reason for this may be the lack of motivation by your workers. Unlike owners, they don’t have a direct interest in the success of the company. Or do they? How far are they willing to go to ensure corporate success?
Usually, not very. In fact, in most cases, they don’t put much additional effort into executing their duties — just enough to get the work done and retain their jobs. According to Ken Shaurette, information security solutions manager at MPC Technology Solutions, however, “a too-often overlooked way to improve these attitudes is to include information security in the job descriptions of employees.” When your organization makes security awareness and policy compliance mandatory, the apathetic trend can be reversed.
When management requires security policy compliance to be a key part of an employee’s job, interest is generated. An added benefit is that security becomes part of the corporate culture. With performance reviews (hence, possible raises) looming periodically, employees are more apt to fit compliance into their daily routine. Knowing that they’re being graded encourages employees to comply with policies.
Microsoft has succeeded to end, through buying or negotiating, every antitrust lawsuit it faced so far… But there are still many lands to conquer and since Microsoft is the indisputable leader on the operating system market, why shouldn’t it be the same with an antivirus solution or an anti-spyware product?
The security solution announced last week by Microsoft, under the name of Microsoft Client Protection, is aimed at companies, but the company is also preparing Windows OneCare Live, an antivirus and anti-spyware solution for end users.
This outcome has been expected ever since Microsoft announced the acquisition
of several security companies. The corporation signed in June 2003 a contract for the intellectual property and technological resources of the Romanian company GeCAD SRL. GeCAD technologies are allegedly integrated in the security products and services.
Symantec last week quietly raised the price of annual renewals for its consumer and small business line of security products by as much as 33 percent, saying that it was part of a long-considered move toward a subscription-based business model, and not a reaction to Microsoft’s recent entry into the security space.
As of Monday, renewals for Symantec’s popular Norton AntiVirus and Norton SystemWorks jumped to US$30, up 20 percent from 2004’s $25; annual subscription renewals to Norton Personal Firewall and the Norton Internet Security suite, meanwhile, climbed 33 percent to US$20 and US$40, respectively.
Symantec has charged existing users renewal fees for years to pay for minor software updates, new anti-virus signatures, and intrusion detection definitions to protect users against new worms, viruses, Trojans, adware, and spyware. These price hikes, however, are among the largest ever.
They also highlight the rapid rise in security maintenance costs for home and small business users. As recently as 2001, for instance, Symantec charged just US$4 for an annual renewal to Norton AntiVirus; that translates into a 750 percent in five years.
A new variant of the IRCbot Trojan horse is taking aim at users of Skype Technologies S.A.’s VoIP software, according to New York-based e-mail security firm MessageLabs Ltd. As of Monday, the firm said it had blocked more than 150 copies of the Trojan, also known as Fanbot. The malware is being distributed by e-mail disguised as the newest release of the popular Skype software client — version 1.4, which was released Oct. 10.
“When executed, the attached malware program displays a fake ‘installation error’ box while, in fact, it is installing itself as %sysdir%remote.exe, altering the registry and shutting down shared access and Windows update services,” MessageLabs said. “It then tries to connect to either an IRC server named ‘jojogirl.3322.org’ or ’smallphantom.meibu.com,’ but fails.” According to Skype’s Web site, its Internet voice-calling software has been downloaded more than 184 million times.
Powered by WordPress