Security Bytes: Mydoom still a concern; Gmail pawn in phish scheme

In other news, Debian fixes Webmin flaw and a local root hole is found in SUS. Georgian pleads guilty to huge ID theft scheme.

Mydoom-Y on the prowl
Russian-based Kaspersky Labs said a new Mydoom variant is in the wild. Mydoom-Y is similar to its predecessors, spreading through the Internet and local networks as an attachment to infected messages. It also spreads via file-sharing networks and through the LSASS vulnerability in Microsoft Windows and has the ability to propagate by sending URLs by ICQ. These URLs are of sites that contain the body of the worm. The worm is written in Microsoft Visual C++, and is compressed using upx, Kaspersky Labs said in its advisory. Mydoom-Y comes on the heels of four other variants that appeared in the wild late last week: Mydoom-U, Mydoom-V, Mydoom-W and Mydoom-X. They materialized in such rapid succession that some antivirus experts worried it was a possible prelude to a more virulent Mydoom-Z or Mydoom-AA. There was also concern of a big attack to coincide with the anniversary of the Sept. 11, 2001 terrorist attacks, but such an onslaught never materialized.

Meantime, Symantec Corp. in Cupertino, Calif. is a distributed denial-of-service target of Mydoom-X worm, reports ZDNet. An advisory from U.K. antivirus vendor Sophos warns that authors of Mydoom-X will try to take down Symantec's site on Sept. 29; however, it's unlikely to succeed because the worm didn't become widespread. Symantec told ZDNet the threat is being analyzed and it doesn't look to be a "big problem."

Gmail used as pawn in phishing scheme
Scam artists are using Google's Gmail e-mailing service as part of a phishing scheme to extract e-mail addresses and passwords from unsuspecting users, according to CNET News.com. Gmail, a free service not yet widely available, has been steadily growing in popularity, so much so that some have tried to sell their Gmail addresses on eBay. Phishing schemes typically involve e-mail requests for information that appear to be from trusted sources like eBay or Citibank. In this case, scammers send the phishing e-mail to existing holders of Gmail accounts, offering them the opportunity to invite three or six of their friends to join Gmail, CNET News.com said. The body of the e-mail reads "I found this e-mail very weird." The message adds: "The Gmail Team is proud to announce that we are offering Gmail free invitation packages to the existing Gmail account holders. By now you probably know the key ways in which Gmail differs from traditional webmail services. Searching instead of filing. A free gigabyte of storage. Messages displayed in context as conversations. Just fill in the form below to claim your free invitation package." The "Gmail Team" asks users to surrender their Gmail addresses and passwords to get the invites.

Debian fixes Webmin vulnerability
Debian recommends users update Webmin packages to fix a security hole in the Web-based administration toolkit. Researcher Ludwig Nussel discovered the problem in which a temporary directory was used but without checking for the previous owner. "This could allow an attacker to create the directory and place dangerous symbolic links inside," Debian's advisory said. For the stable distribution, known as Woody, this problem has been fixed in version 0.94-7woody3. For the unstable distribution, known as Sid, it has been fixed in version 1.160-1 of Webmin and 1.090-1 of Usermin.

Root vulnerability in SUS 2.0.2
The LSS Security Team has issued an advisory regarding a local root vulnerability in SUS 2.0.2. "There is a very simple format string bug in log() function that allows any local user to gain root privileges," the advisory said. The problem is "a result of an incorrect syslog() function call, and can be exploited directly from the command line." The LSS Security Team considers the flaw a high risk and said exploitation of the bug was successfully tested on SUS version 2.0.2. Gentoo Linux has released a patched version of SUS, and LSS said there is also a fixed version on the SUS home page.

Former help desk employee faces prison for massive ID theft
A Cartersville, Ga., computer technician faces 14 to 50 years in prison for his part in a $50 million identity theft ring while he was working for New York-based Teledata Communications Inc. Philip A. Cummings, 35, pleaded guilty this week to conspiracy, wire fraud and fraud for selling passwords and other sensitive consumer data to numerous co-conspirators, two of whom go on trial in November. The thefts, which authorities say involved 30,000 victims, began in 1999 while Cummings worked on the help desk for the computer software company, which provides consumers online access to their credit records. They continued even after Cummings left because TCI failed to remove Cummings from company network, according to news reports. Sentencing is scheduled for Jan. 11.

Cyberextortion on the rise for SMBs
Cyberextortion threats are on the rise. According to a survey by Carnegie Mellon University and InformationWeek, "extortion attacks are surprisingly common: 17% of the 100 [small and midsize] companies surveyed say they've been the target of some form of cyberextortion." The report said that while 70% of such extortion attempts fail, 68% of small and mid-sized companies considering themselves too small to be targeted. Only 37% have performed security assessments in the last six months and 45% had no confidence in their information technology departments' ability to respond to a security incident. Information Week reported that online gambling site BetCBSports.com, now known as WagerWeb, received such a threat and was knocked offline for about a day at the height of sports betting season. Instead of paying, the company hired an Internet services provider to come to its aid.

Dig deeper on Email and Messaging Threats (spam, phishing, instant messaging)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close