Latest Mydoom spreads a year after original appeared
A new variant of Mydoom is spreading in the wild, a year after the original came on the scene, spreading chaos across cyberspace.
Antivirus firm Symantec said W32.Mydoom-AM is a mass-mailing worm that uses its own SMTP engine to send itself to e-mail addresses it finds on the compromised computer. It also propagates through file sharing networks. It disables antivirus and firewall applications and blocks access to security-related Web sites, Symantec said.
The latest variant arrives on the one-year anniversary of the first Mydoom attack, which pummeled millions of computers around the world. The original is considered one of the most prolific in history.
Apple fixes multiple Mac OS X flaws
Apple has fixed a range of Mac OS X vulnerabilities an attacker could use to cause a denial of service and launch malicious code, among other things.
According to Danish security firm Secunia, the problems are that:
- The "at" family of utilities ["at," "atrm," "batch," "atq" and "atrun"] do not drop privileges properly. "This can be exploited to delete arbitrary files, execute arbitrary commands with escalated privileges or read the contents of arbitrary files," Secunia said.
- A boundary error in the ColorSync component when processing ICC color profiles can be exploited to cause a heap-based buffer overflow, allowing arbitrary code execution through a specially crafted ICC color profile.
- Various vulnerabilities in the libxml2 component can potentially be exploited to compromise a vulnerable system.
- An information disclosure weakness in the mail component makes it possible to determine the system from which an e-mail has been sent. "The problem is that an identifier associated with the Ethernet networking hardware is included in the 'Message-ID' header,'" Secunia said.
- Multiple vulnerabilities in PHP can be exploited to cause a denial of service or launch malicious code.
- Malicious people could exploit a vulnerability in Safari to spoof the content of Web sites.
- Attackers could exploit a vulnerability in SquirrelMail to conduct script insertion attacks.
Trojan makes use of Internet role-playing game
A new Trojan horse is using an Internet role-playing game to spread, according to Lynnfield, Mass.-based antivirus firm Sophos.
Troj.Legmir-Y is designed to steal usernames and passwords from players of the massive medieval fantasy role-playing game "Lineage." The game has millions of subscribers around the globe, many of them in South Korea, Sophos said.
"It is more and more common for the analysts in our virus lab to discover that, as well as causing disruption, a piece of new malware is designed to steal registration keys, passwords and data from players of computer games," Graham Cluley, senior technology consultant for Sophos, said in a statement. "It's sad to think that people will be so desperate to do better in a virtual world that they're actually prepared to commit a real crime. We expect to see more Internet skirmishes between rival Internet gamers and malicious code to assist this kind of Internet robbery in the future."
He added: "Disturbingly, the Legmir-Y Trojan horse also attempts to turn off antivirus software and security-related applications, leaving the door open for future hacker attacks. Everyone should remember that viruses, worms and Trojan horses aren't a game -- they are a costly nuisance to computer users around the world."