Several new Bagle variants on the march Antivirus firms say several new variants of the prolific Bagle worm are...
on the prowl. By Finnish security firm F-Secure's count, there are seven new variants -- Bagle-CB, -CC, -CD, -CE, -CF, -CG and -CH. "These are minor variants of each other, sending e-mails with attachments related to taxation, such as 'The_reporting_of_taxes.zip' or 'To_reduce_the_tax.zip,'" the firm said on its daily blog. "Once again, these archives contain executable files with misleading icons." The firm said some of the archives are .zip files, some are .rar files and some of them are .zip files with a .rar extension.
Kaspersky Lab of Russia has seen four new variants -- Bagle-BZ, -CA, -CB., and -CC. "They are all similar, but packed using different packers," the firm said on its Web site. "They all include a list of URLs which will be periodically checked. Files placed on these sites may be new versions of Bagle, or other malicious programs which can be downloaded and installed on victim machines."
The lab said a preliminary analysis shows Bagle-CC is functionally similar to Bagle-BJ. "It is incapable of replicating independently, and was widely spammed as an attachment to infected messages," the lab added. "Infected messages either have an empty message subject and body, or one which contains random text. The attachment name is 'to_reduce_the_tax.zip' and it is a .zip file approximately 18KB in size."
When launched, Kaspersky said the worm will cause the default text editor (usually Notepad) to open and display a blank window.
A HoneyMonkey on their back
It only took a month for Microsoft researchers to find hundreds of malicious Web sites through its Strider HoneyMonkey project, according to a technical report the software giant has released. The project is designed to push the concept of an automated Web scanner that uses multiple Windows XP machines -- some fully patched, some unpatched -- to find zero-day Web-based exploits faster and more efficiently.
Yi-Min Wang, group manager of the Cybersecurity and Systems Management group in Microsoft Research, told Ziff Davis Internet News that a total of 752 unique URLs hosted on 287 sites were identified in the first month of the project. The system was able to take those URLs and confirm that active exploits were penetrating computers with Windows XP, including fully-patched machines running XP SP2. Wang told Ziff Davis that his researchers managed to capture connections between the exploit sites based on traffic redirection and pinpoint "several major players" who are responsible for a large number of exploit pages.
What's next -- phaxes?
Lynnfield, Mass.-based antivirus firm Sophos says a new phishing campaign is trying to dupe users into faxing their credit card and bank information directly to the phishers rather than visiting a bogus Web site. E-mails claiming to come from Paypal, the payment system used by the popular eBay auction Web site, tell users that someone tried to reset their password. The e-mail urges the user to fax back information to help in the investigation of the alleged security breach, Sophos said. The e-mails also point to a Microsoft Word document hosted on a Polish Web site that the recipient is instructed to download and complete with their bank account details -- including PIN information, credit card numbers and login details -- before faxing back.
The e-mail appears as an urgent message from the fraud department.
FBI tries again for a file management system
Five months after it was forced to scrap a replacement for its case-file management system, the FBI is taking another stab at getting a model for the 21st Century. The FBI says its Office of IT Program Management has launched a "formal solicitation for proposals to develop the FBI's next generation electronic information management system, Sentinel." The agency said the solicitation was sent to more than 40 eligible companies under a National Institutes of Health (NIH) government-wide contracting vehicle.
"Sentinel will consolidate and replace the FBI's legacy case management capabilities with an integrated, paperless file management and workflow system," the FBI said in a statement. "It will significantly contribute to the ongoing modernization of the FBI's Information Technology capabilities and help the FBI achieve its mission transformation goals."
It added that Sentinel will further enable the FBI "to achieve its mission priorities by enhancing information access and promoting information sharing with law enforcement and intelligence community members, to include the Department of Justice and the Department of Homeland Security. The program will incrementally deliver capabilities to FBI users over the life of the project."
The FBI plans to award a contract by year's end.
Exploit for Veritas Backup Exec Agent for Windows
Vulnerability watchers are warning of exploit code targeting the Veritas Backup Exec Agent for Windows. Attackers could use the code to gain unauthorized access, the French Security Incident Response Team (FrSIRT) said in an advisory. The Bethesda, Md.-based SANS Internet Storm Center made mention of the exploit code on its Web site. "The ISC has already seen an increase in scans for port 10000, and advise [that] any users of Backup Exec deny access to that port from all untrusted networks.