Security Bytes: This Trojan is wacko for Jacko

Elsewhere, an accused superhacker fights extradition to the U.S., while security holes are plugged in Mac OS X and the Linux kernel. Also in this issue: Symantec sues over adware.

This Content Component encountered an error

Jackson suicide note hides Trojan
Attackers are using the media frenzy over Michael Jackson's trial to spread another Trojan horse program, according to Sophos. The Lynnfield, Mass.-based antivirus firm said hundreds of messages have been spammed to users claiming the pop star has attempted suicide.

"The sick minds behind viruses and other malware often exploit celebrity names and news stories in an attempt to infect as many people as possible," Sophos security consultant Carole Theriault said in a statement. "All computer users should be very careful about clicking on Web links in unsolicited e-mail or launching unknown attachments."

The e-mails have the following characteristics:

Subject: Re: Suicidal aattempt

Message text: Last night, while in his Neverland Ranch, Michael Jackson has made a suicidal attempt. They suggest this attempt follows the last claim was made against the king of pop. 46 years old Michael has left pre-suicid note which describes and interpretes some of his sins. Read more...

When users click on the "read more" link they are taken to a Web site that drops the Borobt-Gen Trojan horse.

"If you click on the link the Web site displays a message saying it is too busy, which may not surprise people who think it might contain genuine breaking news about Michael Jackson," Theriault said. "However, this is a diversionary tactic because behind the scenes the Web site is downloading malware onto the user's computer without their knowledge."

Ken Dunham, director of malicious code for Reston, Va.-based iDefense, said the firm tested the Trojan's code in the lab and found it also tries to exploit vulnerabilities in Firefox. Specifically, it attempts to exploit the favicon input validation error flaw. This is the first code that has been discovered in the wild to successfully exploit this vulnerability, Dunham said in a statement.

Symantec takes aim at 'adware' distributor
Symantec has added fuel to the debate over whether adware deserves to be flagged as a form of spyware and who is best qualified to make that decision. The Cupertino, Calif., antivirus giant has filed suit against Hotbar.com Inc., asking the court to support its right to detect certain Hotbar programs as adware and give customers the ability to remove those programs from their computers.

In a statement, Symantec said it seeks no damages as part of the suit. Instead, it wants a declaratory judgment by the court "affirming Symantec's assertion that certain Hotbar program files are indeed adware and can be treated as computer security risks." Joy Cartun, senior director of legal affairs for Symantec, said in the statement, "By asking the court for clarification on this issue in our favor, we hope to continue alerting our customers about the presence of these program files, protecting them against possible security risks. Through this effort, we're trying to ensure that our customers have more control over the programs that run on their computers."

The suit was filed in the United States District Court for the Northern District of California, San Jose Division.

Alleged superhacker faces extradition to the U.S.
A Briton accused of launching the world's biggest computer hack against the U.S. military vows to fight extradition stateside. Gary McKinnon was arrested Tuesday on charges of computer fraud issued in November 2002 by U.S. prosecutors, according to the Reuters news agency. Prosecutors say he illegally accessed 97 U.S. government computers -- including Pentagon and NASA systems -- over a 12-month period beginning February 2002, causing $700,000 worth of damage. He could face up to $1.75 million in fines and 70 years in jail if convicted, Reuters reported.

At a court hearing in London Wednesday, Mckinnon's defense lawyer said his client will vigorously fight extradition to the United States. According to Reuters, the Uunited States has admitted that although Mckinnon -- whose hacker handle was Solo -- accessed sensitive files, there was no evidence he downloaded classified information or forwarded files to foreign governments. At the time of the indictment, Paul McNulty, U.S. Attorney for the Eastern District of Virginia, said, "Mr McKinnon is charged with the biggest military computer hack of all time."

Apple plugs slew of Mac OS X vulnerabilities
Apple has fixed a pile of security holes in Mac OS X attackers could exploit to cause buffer overflows, access sensitive files and launch malicious code. According to the French Security Incident Response Team [FrSIRT], the flaws are:

  • A buffer overflow in the support for legacy clients included with AFP server, which attackers can exploit to launch arbitrary commands.
  • Multiple buffer overflow errors in PHP, which attackers can exploit to cause a denial of service or execute arbitrary commands through specially crafted images.
  • An input validation error in Bluetooth object exchange services could be exploited to conduct directory traversal attacks and access files outside of the default file exchange directory.
  • A NULL pointer dereference in PDFKit and CoreGraphics when handling specially crafted .pdf files, which attackers can exploit to cause the application to crash.
  • Insecure permissions on the CoreGraphics Window Server that could allow unprivileged users to launch commands into root sessions.
  • A file race condition via world- and group-writable permissions on the system's cache folder and dashboard system widgets attackers could exploit to bypass certain security restrictions.
  • A vulnerability in the setuid program "launchd" may allow local users to gain ownership of arbitrary files.
  • An error in file extensions and mime types marked as unsafe but not mapped to an Apple UTI could be exploited to bypass download safety checks.
  • A vulnerability in the MCX Client when logging portable home directory mounting credentials could be exploited by local users to obtain sensitive information.
  • The use of "network" and "mask" parameters on a filesystem listed in the NFS exports file would result in that file system being exported to "everyone."
  • A buffer overflow in "vpnd" could be used by a local user to obtain root privileges if the system is configured as a VPN server.
  • When copying a local file to an AFP Server that is using an ACL-enabled volume for storage, a temporary ACL is attached to the remote object during the copy process, which will override the POSIX file permissions for the file owner.

Two flaws addressed in Linux kernel
Attackers could exploit two security holes in the Linux kernel to cause a denial of service or gain elevated user privileges, Danish security firm Secunia said in an advisory. The first problem is insufficient address validation in "ptrace()" on the AMD64 platform that can be exploited to crash the kernel by setting an invalid segment base. The second is an error in the "mmap()" function that could be used to create memory maps with a start address after the end address. This can be exploited to cause a denial of service or potentially gain escalated privileges. Users are advised to update to version 2.6.11.11.

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close