Article

Security Bytes: This worm lures Hollywood gossip lovers

SearchSecurity.com Staff

Worm targets the starstruck with 'news' on Pitt, Jolie
Ahker-F is using the public's hunger for Hollywood gossip to widen its reach. It hides in messages that promise "sexy" scenes of Brad Pitt and Angelina Jolie, as well as celebrities like Britney Spears, Pamela Anderson and Paris Hilton.

Lynnfield, Mass.-based antivirus firm Sophos said Ahker-F's author, who apparently calls himself "Agent Hacker," is trying to take advantage of recent media hype over possible romance between Pitt and Jolie. Many believe the relationship contributed to the breakdown of Pitt's marriage to actress Jennifer Aniston.

E-mail messages the worm uses include:

  • Watch Angelina Jolie and Brad Pitt cought on TAPE! SEXY CLIP! WATCH IT!"
  • Hey buddy, Check out this new porn clip of Britney Sprers! Very Short but HOT!! DOWNLOAD IT and WATCH IT!
  • Hello! Paris Hilton new SEX TAPE has been released! In the attachment you will find some short quick scenes(HOT!!) that I liked the most!! Download it! I know its SHORT but at least youve watched the HOTTEST parts of it!
  • Hell yeah...it's Pam! Watch this latest clip of Pamela Anderson! You will find the clip in the attachment! Enjoy!

"People's appetite for salacious gossip is insatiable, and some may be tempted to run what appear to be pornographic movie files distributed across the Internet," Graham Cluley, senior technology consultant for Sophos, said in a statement. "However, virus writers have

    Requires Free Membership to View

a long history of disguising their malicious code as this kind of content. Everyone should be very careful about what they choose to run on their computer."

If the user opens the attached file, Clip.zip, the worm will attempt to spread to other e-mail users.

Besides e-mail, the worm attempts to spread through file-sharing networks using a variety of salacious-sounding filenames like PORNO.exe, XXX.exe, Naked WWE Divas.exe, Naked Britney.exe, Naked Celebrity.exe, and Celeb uncensord.exe. It also attempts to launch a distributed denial-of-service attack against Microsoft's security update Web site. It also tries to disable security-related software on Windows computers and block access to antivirus Web sites, Sophos said.

Sophos added that the virus writer has embedded a number of secret messages inside his code, including "Agent Hacker rules!" and "Genes don't contain any record of humain history, you'll NEVER catch me!(Agent Hacker – Bazzi)."

Security holes fixed in PHP
PHP has been updated to address several flaws attackers could exploit to cause a denial of service and consume all the CPU (central processing unit) resources on targeted systems.

PHP is a popular general-purpose scripting language in Web programming that can be embedded into HTML. It is freely available and used primarily on Linux Web servers.

Reston, Va.-based security firm iDefense said a php_handle_iff() denial of service flaw and a php_handle_jpeg() denial of service flaw are the main problems addressed in the update.

"Remote exploitation of multiple denial-of-service vulnerabilities in the PHP Group's PHP scripting language allows attackers to consume CPU resources," iDefense said. "The vulnerable routines, php_handle_iff() and php_handle_jpeg(), are reachable from the PHP function getimagesize(), which is used to determine the size and dimensions of multiple image formats, including .GIF, .JPG, .PNG, .TIFF, etc."

The firm added: "Exploitation of either vulnerability could allow unauthenticated remote attackers to consume 100% CPU resources on vulnerable systems. Exploitation requires that an attacker supply a malicious image to the getimagesize() PHP routine. The getimagesize() routine is frequently used when handling user-supplied image uploads, which increases the feasibility of remote exploitation."

In its advisory, the PHP Group said other bugs have been addressed in version 4.3.11 as well.

Microsoft sues 117 alleged phishers
Microsoft is suing 117 unknown Internet site operators it accuses of using phishing schemes to dupe consumers out of their personal and financial information.

The software giant said Thursday it was filing "John Doe" defendant lawsuits in U.S. District Court in Washington state to try and establish connections between worldwide phishers and discover the largest-volume operators. "We must work together to stop these con artists from misusing the Internet as a tool for fraud," Aaron Kornblum, Internet safety enforcement attorney at Microsoft, said in a statement.

The Federal Trade Commission and National Consumers League have joined Microsoft's crusade, using the lawsuits and the fact that Friday is April Fool's day to warn computer users of online schemes.

The announcement came a couple days after the software giant announced it's developing new ID management technology for Windows that would store users' personal information on desktops and keep them secure when they shop or access services online.

Researcher collects Mozilla bug bounties
German vulnerability researcher Michael Krax has collected $2,500 in bug bounties from the Mozilla Foundation for uncovering five security holes in its free Firefox browser.

"We developed the bug bounty program to encourage and award community members who identify unknown bugs in the software," Chris Hofmann, director of engineering for the Mozilla Foundation, said in a statement. "This program is one of the many ways the Mozilla Foundation produces safe and secure software for its users."

The bug bounty program was founded last year with funding from Linspire and Mark Shuttleworth. Since its inception the Mozilla Foundation has awarded bug bounties to five participants. The foundation credited Krax with uncovering chrome privilege flaws attackers could exploit to alter the browser interface and cause it to access malicious programs. He collected $500 for each flaw he found.

Last week Mozilla patched several vulnerabilities with the release of Firefox 1.0.2, including a .GIF processing error when parsing the obsolete Netscape extension 2. Mozilla said the flaw could lead to an exploitable heap overrun, allowing an attacker to run arbitrary code on the user's machine.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: