Antivirus vendor Sophos is warning of a new variant of the Dumaru worm. Like previous variants, Dumaru.E disguises itself as a security patch from Microsoft. The Swen worm, which likewise masquerades as a patch from Microsoft, also continues circulating (though numbers appear to be dropping). Unlike the Dumaru worms that have one composed message, Swen often sends itself as a fake "bounced" message as well.
12:09 AM#
A recent report, provocatively named "CyberInsecurity, bears the name of seven high-profile security professionals eager to use the newest rash of worms and Trojans to force governmental regulation of Microsoft. The controversial report is rumored to be responsible for the subsequent departure of @Stake’s CTO Daniel Geer, one of the authors.
Full Story 01:53 PM#
Plagued by so-called drive-by-downloads or rogue applications taking control of your browser? Surfbar, Xupiter, and Internet Optimizer are just a few of the unwelcome parasites that can attach to your browser seemingly without invitation. The fact is, your Internet settings are sending out a homing beacon and advertising your availability to be suckered into playing host.
Full Story | Secure IE
State Department's Visa-Checking System Crippled by Computer Virus
ABC News in Charleston, SC has reported a possible Welchi infection disrupted the State Department, forcing a shutdown of computer systems used for checking visa applicants against lists of suspected terrorists. The alleged infection reportedly caused the systems to be offline for nine hours.
Full Story | Welchi | Blaster Resources 10:54 AM#
GFI is offering a free version of GFI DownloadSecurity for ISA Server 6, its content security product that handles the security risk of file downloads without
resorting to blocking them all at firewall level. The freeware version scans HTTP and FTP downloads at the network perimeter using a single anti-virus engine, and can be used as additional protection by companies who do not yet perform virus scanning at firewall level.
Press Release 10:22 AM#
Analysis of Symantec's Stance on Censorship
John Schwarz, Chief Operating Officer for Symantec, is calling for tougher laws on disclosure of security vulnerabilities. Jonathan A. Zdziarski of Nuclear Elephant takes a closer look at the frightening ramifications of Schwarz's proposal. A must read for anyone interested in computer security - or, indeed, anyone with an interest in preserving basic, fundamental, and constitutional rights to defend themselves.
Full analysis 11:48 PM#
Porn dialers
Commonly known as "porn dialers", these Trojaned services hijack your dial-up connection, changing it to a pay-per-minute service that quickly adds big charges to your phone bill. Andreas Marx of AV-Test.org reports on this alarming trend. Report is in .PDF format and requires the free Adobe Reader to view.
View report: Porn Dialers: Another Class of Malware? 02:20 PM#
Also known as Gibe.F, the Swen worm spreads via email, KaZaA, and IRC. Swen attempts to disable security software running on infected systems and modifies the system registry to ensure it is run prior to various executables. As is the case with the Dumaru worm, Swen emails can be disguised as a Microsoft security bulletin. Others are disguised as bounced email messages.
Example of Swen email | Sophos description 09:06 AM#
Trojan trading Teekid pleads innocent
Jeffrey Lee Parson entered a not-guily plea to charges he intentionally caused "damage to a protected computer". Previously, Parson had admitted writing the Blaster variant that subsequently infected as many as 7000 computers. (Trend Micro alone has recorded over 2,800 infections by Parson's variant, implying that the 7000 infection number might actually be much higher). In a recent interview, Parson presents himself as a misunderstood teen and shifts focus from his actions to those of the original Blaster worm. Aside from his earlier confession, Parson leaves an unsavory trail of breadcrumbs on the Internet and in his worm. Online, Parson used the name Teekid and routinely engaged in peddling of IRCBots and Trojans on forums best descibed as watering holes for script kiddies. His worm included one of those Trojans, which sent sensitive information to his personal website - t33kid.com. The worm also included a file named teekid.exe. If convicted, Parson faces up to 10 years in prison and a $250,000 fine. His next court date is set for November 17th.
Blaster resources | Parson warrant | Think virus writing is kewl? 07:58 PM#
No one likes the idea of Big Brother spying on our every move. Or Trojans monitoring our keystrokes. But these may not be the things we have to worry about. It may just be the cupcakes we pack in our kids lunches.
Full Story 10:55 AM#
Much has been made of the need to protect our children from the evils of the Internet. What may have been overlooked is the need to protect the Internet from the evils of our children.
Full Story 09:02 PM#
Another Blaster-type flaw discovered
More flaws have been discovered in RPC/DCOM which, if exploited, could lead to another Internet worm like Blaster. Microsoft Security Bulletin MS03-039 is rated as critical and affects Windows NT Workstation 4.0, NT Server 4.0, NT Server 4.0 Terminal Server Edition, Windows 2000, Windows XP, and Windows Server 2003. The vulnerability is a buffer overrun condition in the RPCSS service that could allow attackers to run the code of their choice on unpatched systems. Home users not on a network may wish to disable DCOM to prevent compromise by this exploit. The previous patch to protect against the Blaster worm will not protect against new exploits targeting this latest vulnerability. Visit Microsoft's Windows Update to obtain the latest patches for your system.
Blaster worm resources | Disabling DCOM | MS03-039 01:59 PM#
Sobig.f is programmed to stop sending itself today. For those plagued with hundreds or thousands of the Sobig email flooding their inboxes, this will be a tremendous relief. But what of other worms that don't self-destruct? The Klez.H worm is well over a year old and still topping prevalency lists. A few days ago, I received a copy of three year-old Hybris. Are these worms that tenacious or are users just that lax about using protection? The answer may depend on the virus. Certainly Klez.H has a few tricks up its sleeves that can make detection and removal difficult. But Sobig.f, Hybris, and most of the other circulating threats do not. Worms like these seem to survive purely on dumb luck, striking pay dirt on unprotected systems. Online scanners are always up to date and offer a quick, easy, and free method of checking your system for viruses. Have you had your scan today? 09:25 AM#
Talk about deja vu...
...the Hybris virus first debuted during the 2000 holiday season. Three years later, I've just received a copy in my inbox, sandwiched between emails carrying the Dumaru and SoBig.F infections. Want to know what these viruses have in common (besides cluttering my inbox)? They're all preventable. Maybe it's just me, but it seems incomprehensible that easily detectable viruses continue to circulate. Pssst...if you're reading this, check to make sure your antivirus software is up to date. If you don't have antivirus software, do us all a favor and get some. Check out the top picks for some excellent choices.
09:37 PM#
Several email users have found their browsers hijacked after receiving a piece of spamware that dropped hundreds of porn site shortcuts to their desktop and installed a "toolbar" pointing to dozens more. The email is a malicious spam Trojan, exploiting a vulnerability in Internet Explorer that allows executable files to be downloaded as easily (and silently) as if they were a background graphic on a web page.
Full Story 12:31 PM#
BitDefender claims that a Romanian student had been arrested for creating the Blaster.F variant have been denied by Romanian police authorities. Police acknowledge only that they have a suspect in the case.
Full Story | Blaster Resources | Blaster Patch 12:31 PM#
Talk about slander! In May 2002, someone began circulating an email accusing the JDBGMGR.EXE file of being infected with a virus. Hysterically it warned that neither McAfee nor Norton could see this new threat! That's because it's not a threat. Before you follow the dire warning to delete this perfectly innocent - and legitimate file - take a moment to check out the truth.
08:49 AM#
Antivirus vendors routinely provide free fixes to eradicate high profile threats. McAfee has taken several leaps forward with its McAfee AVERT Stinger, a must-have tool for any antivirus arsenal.
Full Story | Blaster Resources | SoBig Resources 07:43 AM#
| 