Security Bytes: Experts skeptical of Internet doom

U.S. top producer of spam; Shruggle targets 64-bit files; DoJ cracks down on cybercrime; Microsoft offers do-it-yourself kit to cope with SP2; Slackware, Fedora, Debian and Sun issues fixes.

Doomsday for the Internet? A Russian news site said terrorists will try to cripple the Internet with a cyberattack Thursday, but security experts are more than a little skeptical. MosNews.com attributed the warning to Aleksandr Gostev of Russia-based security firm Kaspersky Labs, who spoke at a conference hosted by Russian Information Agency Novosti Tuesday. Gostev said information on this terrorist plot was published on special Web...

sites but didn't elaborate, the article reported. The article continued, "First of all, the United States and Western Europe will suffer from the attack, Gostev was quoted by the agency as saying. The head of the labs, Yevgeny Kaspersky, reminded the audience that similar attacks had earlier paralyzed the Internet in South Korea. He added that it would be 'impossible' to stop terrorist organizations if they 'get down to business.'" Rob Rosenberger, editor of Vmyths.com, dismissed the report as "baseless hysteria" on the Full Disclosure site Wednesday. The Bethesda, Md.-based Internet Storm Center posted this comment on its site: "The ISC would like to go out on a limb and predict that the Internet will not vaporize into a cloud of nothingness this Thursday, but if it does, it's been our pleasure to help stave off its inevitable annihilation this long." Kaspersky later issued a statment saying that the comments had been taken out of context and referred to statements posted to a number of Arabic and Hebrew language Web sites that contained an announcement of an 'electronic jihad' against Israel, to start on August 26. Kaspersky stressed that such information was not necessarily trustworthy.

DoJ cracks down on cybercrime
The Department of Justice is cracking down on cybercrime, making arrests, issuing subpoenas and seizing the property of alleged e-mail spammers and online scam artists, according to The Washington Post. The paper attributed the news to law enforcement and industry sources, and said Attorney General John D. Ashcroft has scheduled a news conference for Thursday. "More than half the cases focus on online scams, especially phishing, an increasingly common tactic in which computer users receive e-mails that look as if they are from banks or other legitimate businesses but are used to induce people to provide credit card numbers or other personal information," the report said. "Other cases involve the continuing onslaught of traditional spam." Because the enforcement actions are ongoing, FBI officials declined to provide details.

Microsoft offers do-it-yourself kit to cope with SP2
Need help figuring out if your software is compatible with Windows XP Service Pack 2? Microsoft is offering a do-it-yourself kit to help you cope. Enterprises have been slow to deploy the corporate version of SP2 for fear that it might freeze homegrown applications. Microsoft is offering the compatibility testing manual at its Download Center to help ease the strain. "This guide will assist IT professionals to test and mitigate application compatibility issues arising from these more stringent security technologies," Microsoft said on its Web site. The guide is more than 100 pages long and explains the problems SP2 can cause computers running Windows XP, how to test for compatibility and how to fix problems that arise.

Sun warns of vulnerabilities in Apache Web server, modules
Sun Microsystems issued an advisory Wednesday warning of security vulnerabilities in the Apache Web server and Apache modules. "A local or remote unprivileged user may be able execute arbitrary code on Solaris 8 or Solaris 9 systems running Apache with privileges of the Apache HTTP process, due to several security vulnerabilities in the Apache Web Server and Apache Web Server modules," the advisory said. Describing the vulnerabilities, Sun said, "The Apache HTTP process normally runs as the unprivileged uid 'nobody' (uid 60001). The ability to execute arbitrary code as the unprivileged uid 'nobody' may lead to modified Web content, denial of service or further compromise." Sun said T-Patches are available for Solaris 9. Otherwise, IT security firm Secunia of Copenhagen, Denmark recommended users install an official version of the Apache Web server or disable it until a final resolution is available from Sun.

America is the world's spam king
America is the undisputed spam-producing capital of the world, according to Lynnfield, Mass.-based antivirus firm Sophos. The company published a report on the top 12 spam-producing countries on its Web site Monday. The United States remains by far the worst offender, exporting 42.53% of all spam, the report said. "Almost nine months on from the Can-Spam legislation and the United States' attempt to clean up its act appears to have had little impact. The U.S. is still, by far, the biggest exporter of spam in the world," said Graham Cluley, senior technology consultant for Sophos. "Canada has made some progress, however, cutting the percentage of the world's junk e-mail sent from the country by over half -- from 6.8% six months ago to 2.9% today." Sophos noted that the most broadband-connected country in the world, South Korea, has consolidated its position as a leading spam producer; almost tripling the percentage of spam originating from its shores since February. "Spammers are motivated by watching their bank accounts get fatter and fatter, and many have turned to hacking into innocent third-party computers to send their junk e-mails," said Cluley. "Many of the computers sending out spam are likely to have had their broadband Internet connections exploited by remote hackers. Zombie computers -- PCs which have been compromised by hackers or virus writers -- are sending out approximately 40% of the world's spam, all without the apparent knowledge of the user." The top 12 spam producers are as follows:

  • 1. United States, 42.53%
  • 2. South Korea, 15.42%
  • 3. China (& Hong Kong), 11.62%
  • 4. Brazil, 6.17%
  • 5. Canada, 2.91%
  • 6. Japan, 2.87%
  • 7. Germany, 1.28%
  • 8. France, 1.24%
  • 9. Spain, 1.16%
  • 10. United Kingdom, 1.15%
  • 11. Mexico, 0.98%
  • 12. Taiwan, 0.91%
  • Others, 11.76%

Shruggle targets 64-bit files
Symantec said it has discovered the first "proof-of-concept" virus to target AMD64. Written in AMD64 assembly code and based on the W32.Shrug virus, W64.Shruggle.1318 is a direct-action file infector, similar to W64.Rugrat.3344, which infects AMD64 Windows portable executable (PE) files, the Cupertino, Calif.-based antivirus firm said. AMD64 CPUs are expected to ship in servers, high-end workstations and desktops later this year, the company noted. "W64.Shruggle.1318 is a fairly simple proof-of-concept virus. However, it is the first known virus to attack 64-bit Windows executables on AMD64 systems," said Alfred Huger, senior director of Symantec Security Response. Shruggle's execution method is similar to Rugrat. Shruggle searches 64-bit executable files in the same folder and subfolders. When it finds a 64-bit executable file, the virus appends itself to it, unless it is a .dll file. The virus doesn't infect 32-bit portable executable files, and won't run natively on 32-bit Windows platforms, Symantec said. However, it can be run on a 32-bit computer using 64-bit simulation software.

Qt updates from Slackware, Fedora
Slackware and Fedora have updated their Qt packages to fix vulnerabilities that allow an attacker to launch unauthorized code and crash computers. Slackware's advisory said new Qt packages are available for Slackware 9.0, 9.1 and 10.0 to fix "bugs in the routines that handle .png, .bmp, .gif, and .jpg images." These flaws may allow an attacker to execute unauthorized code when a specially crafted image file is processed or spark crashes that lead to a denial of service. Fedora users can update their Qt packages by going to the download site.

Debian updates icecast server against flaws
Debian recommends users update their icecast internal Web server package to fix a cross site scripting vulnerability an attacker could use to execute arbitrary Java script commands. Debian's advisory said researcher Markus Worle discovered the cross site scripting problem in the status display (list.cgi) of icecast, an Mpeg layer 3 streaming server. "The UserAgent variable is not properly html_escaped so that an attacker could cause the client to execute arbitrary Java script commands," the advisory said. For the stable distribution, known as Woody, the problem is fixed in version 1.3.11-4.2. For the unstable version, known as Sid, it is fixed in version 1.3.12-8.

Sun issues Solaris patch
Sun Microsystems has issued a patch for Solaris, fixing a vulnerability a malicious, local user can exploit to escalate privileges. The Santa Clara, Calif.-based company said the problem is caused by a boundary error within the CDE Mailer (dtmail) and can be exploited to cause a buffer overflow. "Unprivileged local users may be able to gain unauthorized group ID (gid) mail privileges due to a buffer overflow in the CDE Mailer. This would allow users with access to a mail server the ability to read, modify and delete the e-mail of other users in '/var/mail.'" The vulnerability affects CDE 1.4 and 1.5 for Solaris 8 and 9, the advisory said. Sun recommends users apply the patches as soon as possible.

Dig deeper on Email and Messaging Threats (spam, phishing, instant messaging)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close