Security Bytes: New Sober on worldwide rampage

Also, phishing keyloggers and malicious Web sites see huge increase; Adobe and Apple fix flaws; Symantec revenue up; and Loveletter turns five.

Sober explodes in 40 countries
The latest Sober variant has spread through 40 countries since its initial appearance Monday, and Lynnfield, Mass.-based antivirus firm Sophos said it shows no signs of slowing down. By Thursday morning it had accounted for 79.29% of all viruses and worms seen by Sophos's monitoring stations around the world. The firm estimated that the worm is now accounting for 4.5% of all e-mail sent across the Internet.

"One in every 22 e-mails sent across the Internet is currently infected by the Sober-N worm, making this one of the biggest virus outbreaks of the year," Graham Cluley, Sophos' senior technology consultant, said in a statement. The worm tricked users into opening its e-mail attachment using various messages in English and German. "In particular, this worm appears to have caused problems by posing as an offer of free tickets for the soccer World Cup tournament in Germany next year," Cluley said. "Many people found the prospect of free tickets to the prestigious sporting event just too hard to resist."

Report: Phishing attacks rising sharply
The number of phishing attacks is dramatically increasing, especially those with code targeting the Portuguese language, according to a report from San Diego-based Websense Security Labs.

The code is designed to run on a machine and log keystrokes when a connection is made to certain Web sites, the report said, adding, "The keylogger sends that information to a remote location for the purpose of identity theft." From November through December 2004, Websense Security Labs said it identified an average of one to two new phishing keylogger variants and 10 to 15 new malicious Web sites hosting this code per week. From February through March, the firm identified eight to 10 new keyloggers and more than 100 malicious Web sites per week.

Adobe flaws fixed
An attacker could use two flaws in the Adobe SVG viewer to enumerate files on a user's system or launch malicious code, according to Danish security firm Secunia. The first problem is an error in the ActiveX control that makes it possible for malicious Web pages to determine if a particular file exists on a user's system. This affects versions 3.02 and prior. The second problem is an error in libpng that could be exploited to launch malicious code using a specially crafted .png image. This affects version 3.01 and prior. Secunia recommends users update to version 3.03.

Apple patches a mountain of Mac OS X flaws
Apple has patched multiple flaws in its Mac OS X operating system attackers could exploit to cause a buffer overflow and launch malicious code, among other things. Twenty patches were released in all for vulnerabilities affecting Mac OS X 10.3.9 and Mac OS X Server 10.3.9. Problems include a vulnerability in the OS X AppKit related to the handling of .tiff graphics files, and an AppleScript flaw. Users who visit a Web site and accept AppleScript from that site could find it executing malicious code. Another vulnerability is in the Apache Web server. This could be exploited to cause a buffer overflow in the htdigest program. If misused in a CGI application, this could be exploited for a remote system attack.

No love for this anniversary, unless you're a worm
Yesterday was the five-year anniversary of the Loveletter worm, one of the most prolific e-mail worms of all time. Its remarkable social engineering is the primary reason for its success, said Steven Sundermeier, vice president of products and services at Central Command Inc. By capitalizing on its cleverly named attachment, "Love-Letter-For-You.txt" and appearing to come from friends and family, Loveletter gave users a compelling reason to open it. Since the Loveletter outbreak, Sundermeier said, "The overall sophistication of some worms have gradually increased and … virus authors today are still heavily relying on … naming their files creatively in an attempt to peek user curiosity and trick them into running their creations." Often, those file names tend to use celebrities -- like Paris Hilton -- current events, and popular movies and games to spread. And, Sundermeier said, users continue to blindly open attachments. The most recent evidence: the success of the latest Sober variant, which professes to be a chance to win World Cup tickets.

Symantec's quarterly revenue up 28%
Symantec enjoyed $713 million in revenue for the first quarter of 2005, a 28% increase over the $556 million it posted for the same quarter last year. The Cupertino, Calif.-based antivirus giant said revenue for fiscal year 2005 was $2.6 billion, a 38% increase compared to $1.9 billion for fiscal year 2004. "Our team remains focused and continues to deliver outstanding results around the world," John W. Thompson, Symantec chairman and CEO, said in a statement. "Double-digit growth rates in all segments and all geographies underpinned the success of the quarter and the fiscal year."

For the quarter, Symantec's worldwide enterprise business, including enterprise security, enterprise administration and services, represented 49% of total revenue and grew 22% year-over-year. Symantec said its enterprise security business represented 36% of total revenue and grew 23%; the enterprise administration business represented 11% of total revenue and grew 14%; and the services business represented 2% of total revenue and grew 60%. Symantec's consumer business represented 51% of total revenue and grew 34%.

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close