Opasoft-S gains traction in Russia A worm Russian-based Kaspersky Labs first detected Oct. 7 appears to be gaining...
traction in the wild. The antivirus firm said Worm.Win32.Opasoft-S is now showing increased activity in Russia. "The worm uses accessible network resources to spread via local networks," Kaspersky Labs said on its Web site. "It also contacts the site of a Ukrainian mobile services provider to send sms messages containing the IP addresses of victim machines." When launching, the worm copies itself to the Windows directory as srv32.exe and registers this file in the system registry. It also creates an additional registry key to flag its presence in the system, then attempts to copy itself to the Windows root directory on other computers in the local network; modifying the win.ini file to ensure that it gains control when the system is rebooted. More details are available in Kaspersky Labs' advisory.
No 'Fun' for unprotected MSN users
A new worm originating in Asia spreads through Microsoft's instant messenger but doesn't appear to be gaining a lot of traction at the moment. Win32.Funner sends itself to MSN Messenger contacts in the infected user's buddy list. The worm then modifies the Window's Hosts file and adds more than 900 URLs to a new IP address. Funner then can download files from sites such as www.78p.com. AV companies thus far have ranked the malcode a low threat but say its use of IM as an attack vector deserves a close watch. Microsoft said scheduled maintenance and not the worm, as some had speculated, was behind Monday's service outage. However, AV experts warn copy cats are likely and that enterprises should establish or update security policies to include safe instant-messaging usage, including not responding to unsolicited queries or strange messages that appear to be from buddies.
NIST issues guidelines on security controls
The National Institute of Standards and Technology (NIST) has released a new publication that spells out how federal agencies can meet mandatory security controls by December 2005. The 88-page Special Publication 800-53 includes minimum technical, managerial and operational controls needed to protect data and systems within the federal government. Such safeguards are mandated under the Federal Information Security Management Act of 2002. This incarnation of the guidelines will be available for public comment until December. The document was already modified once after a comment period on the first draft.
Trojan's latest incarnation tries to bend it like Beckham
The Hackarmy Trojan's latest celebrity draw is soccer star David Beckham supposedly caught by cameras in a compromising position with someone other than his wife, Victoria (of "Posh" Spice fame). Usenet groups have been peppered with messages touting proof Beckham's been caught with his pants down by photographers, then listing a URL to view the pictures. Malware writers hope enough people care about the couple's marital woes to unleash the Trojan, which previously posed as Osama bin Laden's suicide and Nick Berg's beheading.