Security Bytes: New medium-risk Netsky worm circulating

Also in this issue: A Trojan masquerades as a Michael Jackson home movie; LibTiff flaws revealed; CA joins NAC program; medical microchip sparks HIPAA concerns.

More Netsky sightings in the wild
Santa Clara, Calif.-based antivirus firm McAfee Inc. has issued a medium-risk advisory for the newest member of the Netsky family. Like its ancestors, W32/Netsky-AG@mm spreads by e-mail and by copying itself to folders on the local hard drive as well as on mapped network drives if available. It does not scan for open shares, according to McAfee. This variant is also like its predecessors because it constructs messages using its own SMTP engine, harvests e-mail addresses from the victim machine and spoofs the From address of messages. When run, McAfee said the worm displays a message box that says "File corrupted replace this!" The worm then plants itself on the victim machine as MsnMsgrs.exe in the Windows directory. The worm copies itself to the Windows directory as the following files: Agradou.zip, agua!.zip, AIDS!.zip, aqui.zip, banco!.zip, bingos!.zip, botao.zip, brasil!.zip, carros!.zip, circular.zip, contas!!.zip, criancas!.zip, diga.zip, dinheiro!!.zip, docs.zip, email.zip, festa!!.zip, flipe.zip, grana!!.zip, grana.zip, imposto.zip, impressao!!.zip, jogo!.zip, lantrocidade.zip, LINUSTOR.zip, loterias.zip, lulao!.zip, massas!.zip, missao.zip, MsnMsgrs.exe, revista.zip, robos!.zip, sampa!!.zip, sorteado!!.zip, tetas.zip, vaca.zip, vadias!.zip, vips!.zip, Voce.zip, war3!.zip, and Zerado.zip. McAfee, said it raised the risk level because of the worm's increased presence in the wild.

Trojan hides in fake Jackson home movie message
Lynnfield, Mass.-based antivirus firm Sophos issued an advisory Thursday warning that a Trojan horse is hiding in a file posing as a Michael Jackson home movie. "Thousands of sick messages posted to Internet newsgroups last night encourage computer users to download a file supposedly containing pictures of Jackson abusing a young boy," the advisory said. "In reality, no such photographs are present but the file can open computers up to attack from hackers." The subject line is "Michael Jackson Home Movie Horror." The message body reads: "Posted here are the pictures that are going to put Michael Jackson behind bars for a very long time. Disturbing stills taken from the home movies shot by Mr. Jackson are now circulating the Net. In these pictures here, it can be clearly seen that Mr. Jackson is performing un-natural acts with the boy in question." The latest message follows another attempt to hit users with the Hackarmy Trojan earlier this week. In that attempt, the message claimed to contain compromising pictures of soccer star David Beckham.

Multiple flaws in LibTiff
Multiple vulnerabilities have been found in LibTiff, which an attacker could use to cause buffer overflows and launch malicious code. Boundary errors within the "rle" decoding in "tif_next.c," "tif_thunder.c" and "tif_luv.c" can be exploited to cause heap-based buffer overflows, researcher Chris Evans discovered. This can be exploited with a specially crafted .tiff image file to launch malicious code through an application linked to the vulnerable library, according to Copenhagen, Denmark-based security firm Secunia. Meanwhile, researcher Dmitry Levin has discovered some unspecified integer overflows that could allow malicious code to be launched on a user's system. Secunia said the vulnerabilities have been reported in version 3.6.1. Other versions may also be affected. Secunia isn't aware of an official updated version to address the first set of problems, but said the second problem has been fixed in version 3.7.0beta2.

CA joins NAC program
New York-based Computer Associates International Inc. announced Thursday it has joined the Network Admission Control (NAC) program and is integrating the Cisco Trust Agent with its eTrust PestPatrol antispyware and eTrust antivirus products. The company said in a statement that when the products become generally available in November, it will be the first security software vendor to provide both NAC-compliant virus and spyware protection. "By integrating with the Cisco Trust Agent, CA's eTrust solutions further safeguard enterprise environments by helping ensure that only systems in compliance with corporate security policies can connect to the network, thereby preventing individual noncompliant systems from compromising other critical computing resources," the statement said. "Network Admission Control is a Cisco-sponsored industry initiative that uses network infrastructure to enforce security policy compliance on all networked resources. Using NAC, organizations can identify noncompliant devices and deny them access, place them in a quarantined area and/or give them restricted access to computing resources."

Medical microchip sparks privacy concerns
Privacy advocates worry an implantable microchip designed to help doctors tap into a patient's medical records could undermine confidentiality or even be used to track the patient's movements. "If privacy protections aren't built in at the outset, there could be harmful consequences for patients," Emily Stewart, a policy analyst at the Health Privacy Project, told The Associated Press. The Food and Drug Administration agreed this week to let Applied Digital Solutions of Delray Beach, Fla., market the VeriChip, a rice-sized implantable computer chip for storing medical information that is shot beneath the skin in a procedure that takes less than 20 minutes and requires no stitches. The chip stores a code that releases patient-specific information when a scanner passes over it, The Associated Press reported. The VeriChip itself contains no medical records, just codes that can be scanned and revealed in a doctor's office or hospital. With that code, doctors can unlock part of a secure database that holds the patient's medical information, including allergies and prior treatment. The electronic database, not the chip, would be updated with each medical visit. The chips have already been implanted in 1 million pets. But the chip's possible use to track people's movements -- in addition to speeding delivery of medical information to emergency rooms -- has raised alarm. The company's CEO, Scott R. Silverman, said chips implanted for medical uses could also be used for security purposes, like tracking employee movement through nuclear power plants. Stewart said that to protect patient privacy, the devices should reveal only vital medical information, like blood type and allergic reactions, needed for health care workers to do their jobs.

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close