It’s Sobering news
as viruses, worms, and Trojans emerge from an apparent vacation—rested and
ready to wreak havoc once more.
Just when you thought virus and worm attacks had finally
slacked off and no longer needed to top your list of concerns, a couple new
attacks are conspiring to bring malware concerns back to the forefront of
security thinking. In addition, the latest version of Sober has surged
across the Web, infecting more than three times as many e-mails in May as
the month before.
Meanwhile, a new version of the
Bagle worm (designated Glieder by
Computer Associates) has spread rapidly, using a new three-horned approach. The
initial attack is the usual mass-mailing e-mail that contains an infected
attachment, which harvests addresses from the address book of infected systems.
The next action is to download a Trojan called Fantibag that blocks automatic
antivirus updates, including links to Microsoft’s Windows Update Web page.
Finally, the worm downloads a second Trojan called Mitglieder,
which disables firewalls and antivirus software. According to the News.com
report, spammers are paying a bounty of five cents per computer for compromised
PCs. With zombies now a commodity market with an economic incentive for
attackers, we can expect increasingly more sophisticated Trojan attacks as well
as a surge in the number of attacks.
Mytob is a dangerous new piece of malware that uses MyDoom
exploit code. According to a NewsFactor.com
report, antivirus firm Trend Micro
believes this new infection often carries spyware and speculates that it may be
a commercial venture. In addition, Mytob shows signs that its creators are
taking caution to spread it carefully in order to avoid media attention.
As many of you know, major media outlets (i.e., television
and newspapers) have a tendency to only mention malware when there’s a
widespread infection hyped by some security vendor—and that’s usually after the
infection has already run its course. However, it appears that Mytob may be the
first malware intentionally kept low-key so it can fly below the radar of the
major media, giving it a chance to spread further among home users and others
who actually rely on getting security news from TV news reports.
At least five new versions of Mytob appeared in the first
two days of this month. For more information, check out the Symantec
report on Mytob.da.
CA AV Vulnerability
SecuriTeam.com reports that there’s a vulnerability in
Computer Associates’ VetE.dll virus library. This affects various CA
products, including the eTrust family and some Zone Labs products, so make sure
you get the appropriate updates. According
to Computer Associates, the risk level is medium for this remote access
For the past several months, virus, worm, and Trojan attacks
have remained pretty mild, which is why you haven’t read about any major outbreaks
in this column. Apparently, black hats were taking a rest and thinking up new
attack modes—I’ve seen a lot of online talk about new infections emerging in
the past week or two.
Since these threats don’t originate from any particular
vulnerability that you can patch, about all you can do is keep your antivirus
software patched and make sure the signature files are up to date. However,
given the issue with CA’s antivirus library, you also need to be careful with security
tools these days.
Of course, many argue that educating end users about
emerging threats can help. As for me, I’ve about given up on trying to educate
end users who apparently never saw a scam e-mail they didn’t think was the
perfect thing to read at the office.
And now, I’d like to leave you with a different sort of commentary.
If you ask me, the end of the world can’t be too far away—all you need to do is
look at the popularity of reality shows to realize just how few people have
their own lives to live. The latest abomination is Beauty
and the Geek, brought to you by Ashton Kutcher and the WB network.
In only two episodes, this reality show has managed to
broadly insult intelligent people, computer programmers, Mensans, and just
about every other highly intelligent but socially awkward individual. It also
insults women, blonds, the mentally challenged, and the uneducated.
The premise of the show is that attractive yet brainless women
pair off with brilliant stereotypical geeks, so the geeks can teach the women that
the state east of West Virginia is Virginia and not Massachusetts, and that
South Dakota is not closer to the equator than North Carolina. At the same time,
the women are supposed to teach the geeks social skills, such as how to dance.
The show has received several positive reviews, but I can
only hope that these people are secretly actors working from a script. Have you
seen the show? What do you think about it?
Also watch for …
Brightmail AntiSpam software apparently uses a common static password,
earlier than 6.0.2 vulnerable to a remote attack. Users should upgrade
to version 6.0.2. The biggest threat is to those who upgraded earlier
versions to 6.0, not those who performed a fresh install.
reports that Internet domain authority ICANN has
approved .xxx as the next top-level domain (TLD). Interest in the
online community is reportedly swelling.
recently created ZombieMeter, which tracks the number and geographic
location of PCs taken over by spammers, has found that 20 percent of the more
than 100,000 new zombies each day
are in the United States, 15 percent are in China, and 26 are percent in
the European Union.
- The Microsoft Internet
Explorer Blog has confirmed that Microsoft will not release IE 7 for Windows 2000 since the OS is nearing the
end of its lifecycle.
- News.com reports that last year’s
Witty worm infection may have been the work of an insider at Internet
Security Systems (ISS). I haven’t seen any response from ISS yet.
Want to stay on top of
the latest security updates? Automatically
sign up for our free IT Locksmith newsletter, delivered each Tuesday!
John McCormick is a
security consultant and well-known author in the field of IT, with more than
17,000 published articles. He has written the IT Locksmith column for
TechRepublic for more than four years.