A goof in Google could cause Trojan invasion
A malicious Web site designed to capitalize on Google users who misspell the site's name will install a number of Trojans and some adware, according to Helsinki-based AV vendor F-Secure Corp.
"If a user opens a malicious Web site, his/her computer gets hijacked -- a lot of different malware gets automatically downloaded and installed: Trojan droppers; Trojan downloaders; backdoors; a proxy Trojan; and a spying Trojan. Also a few adware-related files are installed," the company said in its advisory.
When the "googkle.com" is opened in a browser, it produces two popup windows that are linked to Web sites that upload exploits and executable files. Among those files is a .jpg that replaces the RealPlayer application and a file F-Secure detects as Trojan-Downloader.Win32.Small.apf that automatically replies to security questions asked by Windows to ensure an Internet connection.
Other downloaded files have been identified by F-Secure as:
F-Secure said it reported the site to authorities, but it continues to pose a threat.
TIAA-CREF fires tech manager that loaded data on her laptop
A woman convicted in September for her role in a financial scam was hired days later at financial services provider TIAA-CREF as a tech manager with access to the company's customer data. Newsweek reports Sonia Howe used a false name to gain employment at the company that manages pension funds for educators. She apparently was out on bail while waiting to serve her sentence. Officials say Howe, using the last name Radencovich, downloaded data on less than 100 clients onto her personal laptop. She was fired two months later when someone realized she was the same woman sentenced to four years in prison for helping a boyfriend scam more than $200 million from insurance companies. The supervisor who hired Howe also was canned and claims he's been wrongly terminated for failing to do a proper background check. Meantime, an internal investigation thus far has found no evidence Howe misused the pilfered information.
Critical flaws in Mozilla on HP-UX
Hewlett-Packard has acknowledged multiple critical flaws that could allow remote system access, expose sensitive information or cause a denial of service. The vulnerability has been identified in HP-UX B.11.00, B.11.11, B.11.22 and B.11.23 running Mozilla versions prior to 1.7.3.02. HP recommends installing revision 1.7.3.02 or subsequent.
Survey: Antispam controls caused missed deadlines
A whopping 42% of respondents to a new survey say they miss deadlines as a result of spam filters blocking legitimate e-mails. Another 51% said such false positives waste time.
The survey, conducted by Infosecurity Europe and Sunnyvale, Calif.-based Mirapoint found that 66% of respondents said their legitimate e-mails were blocked by a spam filter; two-thirds said this happened on a monthly basis and 25% said it occurred weekly.
"This could have been prevented by use of standard features such as 'white lists' and allowing users timely access to spam quarantine folders," Claire Sellick, event director for Infosecurity Europe, said in a statement. The news release on the survey did not include important details, such as how many were surveyed and during what time frame. A call to Mirapoint for that information was not returned Tuesday.
Solaris affected by libtiff flaws
Sun Microsystems said Solaris versions 7 through 10 are affected by multiple security holes in libtiff(3), a library for reading and writing Tag Image File Format (TIFF) files. According to its advisory, "These vulnerabilities may allow a remote unprivileged user to execute arbitrary code with the privileges of a local user if that local user has loaded a TIFF image file supplied by an untrusted user. The remote user may be able to crash the TIFF image viewing program as well. The TIFF image files may be picked up in e-mail or from an untrusted Web site." As a workaround, Sun suggested users avoid loading TIFF images from untrusted sources. The advisory outlines which versions of Solaris have been patched so far.