Security

Viruses, worms, and Trojans return with a vengeance

Virus, worm, and Trojan attacks have remained pretty mild in the past few months, but apparently black hats were merely taking a rest and thinking up new attack modes. John McCormick brings you up to speed on the recent return of e-mail-borne threats.

It's Sobering news as viruses, worms, and Trojans emerge from an apparent vacation—rested and ready to wreak havoc once more.

Details

Just when you thought virus and worm attacks had finally slacked off and no longer needed to top your list of concerns, a couple new attacks are conspiring to bring malware concerns back to the forefront of security thinking. In addition, the latest version of Sober has surged across the Web, infecting more than three times as many e-mails in May as the month before.

Bagle

Meanwhile, a new version of the Bagle worm (designated Glieder by Computer Associates) has spread rapidly, using a new three-horned approach. The initial attack is the usual mass-mailing e-mail that contains an infected attachment, which harvests addresses from the address book of infected systems. The next action is to download a Trojan called Fantibag that blocks automatic antivirus updates, including links to Microsoft's Windows Update Web page.

Finally, the worm downloads a second Trojan called Mitglieder, which disables firewalls and antivirus software. According to the News.com report, spammers are paying a bounty of five cents per computer for compromised PCs. With zombies now a commodity market with an economic incentive for attackers, we can expect increasingly more sophisticated Trojan attacks as well as a surge in the number of attacks.

Mytob

Mytob is a dangerous new piece of malware that uses MyDoom exploit code. According to a NewsFactor.com report, antivirus firm Trend Micro believes this new infection often carries spyware and speculates that it may be a commercial venture. In addition, Mytob shows signs that its creators are taking caution to spread it carefully in order to avoid media attention.

As many of you know, major media outlets (i.e., television and newspapers) have a tendency to only mention malware when there's a widespread infection hyped by some security vendor—and that's usually after the infection has already run its course. However, it appears that Mytob may be the first malware intentionally kept low-key so it can fly below the radar of the major media, giving it a chance to spread further among home users and others who actually rely on getting security news from TV news reports.

At least five new versions of Mytob appeared in the first two days of this month. For more information, check out the Symantec report on Mytob.da.

CA AV Vulnerability

SecuriTeam.com reports that there's a vulnerability in Computer Associates' VetE.dll virus library. This affects various CA products, including the eTrust family and some Zone Labs products, so make sure you get the appropriate updates. According to Computer Associates, the risk level is medium for this remote access code-execution threat.

Final word

For the past several months, virus, worm, and Trojan attacks have remained pretty mild, which is why you haven't read about any major outbreaks in this column. Apparently, black hats were taking a rest and thinking up new attack modes—I've seen a lot of online talk about new infections emerging in the past week or two.

Since these threats don't originate from any particular vulnerability that you can patch, about all you can do is keep your antivirus software patched and make sure the signature files are up to date. However, given the issue with CA's antivirus library, you also need to be careful with security tools these days.

Of course, many argue that educating end users about emerging threats can help. As for me, I've about given up on trying to educate end users who apparently never saw a scam e-mail they didn't think was the perfect thing to read at the office.

And now, I'd like to leave you with a different sort of commentary. If you ask me, the end of the world can't be too far away—all you need to do is look at the popularity of reality shows to realize just how few people have their own lives to live. The latest abomination is Beauty and the Geek, brought to you by Ashton Kutcher and the WB network.

In only two episodes, this reality show has managed to broadly insult intelligent people, computer programmers, Mensans, and just about every other highly intelligent but socially awkward individual. It also insults women, blonds, the mentally challenged, and the uneducated.

The premise of the show is that attractive yet brainless women pair off with brilliant stereotypical geeks, so the geeks can teach the women that the state east of West Virginia is Virginia and not Massachusetts, and that South Dakota is not closer to the equator than North Carolina. At the same time, the women are supposed to teach the geeks social skills, such as how to dance.

The show has received several positive reviews, but I can only hope that these people are secretly actors working from a script. Have you seen the show? What do you think about it?


Also watch for …

  • Symantec Brightmail AntiSpam software apparently uses a common static password, leaving versions earlier than 6.0.2 vulnerable to a remote attack. Users should upgrade to version 6.0.2. The biggest threat is to those who upgraded earlier versions to 6.0, not those who performed a fresh install.
  • Silicon.com reports that Internet domain authority ICANN has approved .xxx as the next top-level domain (TLD). Interest in the online community is reportedly swelling.
  • CipherTrust's recently created ZombieMeter, which tracks the number and geographic location of PCs taken over by spammers, has found that 20 percent of the more than 100,000 new zombies each day are in the United States, 15 percent are in China, and 26 are percent in the European Union.
  • The Microsoft Internet Explorer Blog has confirmed that Microsoft will not release IE 7 for Windows 2000 since the OS is nearing the end of its lifecycle.
  • News.com reports that last year's Witty worm infection may have been the work of an insider at Internet Security Systems (ISS). I haven't seen any response from ISS yet.

Want to stay on top of the latest security updates? Automatically sign up for our free IT Locksmith newsletter, delivered each Tuesday!

John McCormick is a security consultant and well-known author in the field of IT, with more than 17,000 published articles. He has written the IT Locksmith column for TechRepublic for more than four years.

Editor's Picks

Free Newsletters, In your Inbox