Security Bytes: McAfee sees growing mobile threat in 2006

In other news, IBM addresses Java flaws; patches don't get along with IE 7; and hackers force game maker to shut down.

McAfee sees growing mobile threat in 2006 Mobile malware could grow into the big scourge of 2006, Santa Clara, Calif.-based McAfee Inc. warned Monday. "Mobile malware was first sighted in June 2004 when a group of professional virus writers created the first proof-of-concept virus for smartphones demonstrating that malicious code could be created for Symbian operating systems," McAfee said in a statement Monday. "Soon after, 'Duts'...

was released. [It was] the first virus for Pocket PC systems and the first file infector for smartphones. Since then, several mobile Trojans have appeared, resulting in an alarming growth of mobile malware."

McAfee AVERT Labs expects that activity to spike significantly in 2006. "The use of smartphone technology has played a pivotal role in the threat's transition from multifunction, semi-stationary PCs to palm-sized 'wearable' devices," McAfee said. "And as a result of the increased connectivity of smartphones, McAfee AVERT Labs expects these threats to make a quick transition to converged devices."

The potential damage could be more extensive than what today's PC-oriented threats have inflicted because of the large volume of smartphones and the small percentage that are protected by mobile security, McAfee said. For example, the company said, "in 2004, the 'I Love You' virus penetrated tens of millions of PCs in just a couple of hours, despite the fact that half of all PCs had Internet security software installed. By comparison, a mobile threat targeting several operating systems could infect up to 200 million connected smartphones simultaneously because the majority of these devices do not currently have mobile security protection installed."

Since its inception, mobile malware has grown almost 10 times faster than PC malware over a comparable period of one year, the company said.

IBM addresses Java flaws
IBM has addressed three security holes that occur when "reflection" APIs are used in the Java Runtime Environment (JRE). The company warned that these flaws could allow an untrusted applet to elevate its privileges.

According to the company's advisory:

  • The first issue is due to three errors related to the use of "reflection" APIs in JRE, which attackers could exploit to read and write local files or execute local applications by convincing a user to visit a specially crafted Web page.
  • The second vulnerability is due to an error in Java Management Extensions (JMX) when handling specially crafted applets, which attackers could exploit to read and write local files or execute local applications with the privileges of the user running the untrusted applet.
  • The third flaw is due to an unspecified error when handling specially crafted applets, which attackers could exploit to read and write local files or execute local applications with the privileges of the user running the untrusted applet.

"All these vulnerabilities are only for applet containers, which execute malicious code downloaded from server applications," IBM said. "So, all these vulnerabilities do not apply to most of the applications running in WebSphere Application Server, because the code in application server is trusted code."

The flaws are related to one reported Nov. 29 in JRE. At the time, Sun Microsystems Inc. fixed multiple security holes in programs computers rely on to run Java applications. The Santa Clara, Calif.-based company warned attackers could use malicious applets on vulnerable PCs to obtain the elevated user privileges needed to read and write local files or execute local applications.

Patches don't get along with IE 7
Microsoft has confirmed that the most recent security update for Internet Explorer is causing problems for those testing out the latest version of the browser. Jeremy Dallman, project manager for Internet Explorer security at Microsoft, said in the company's IE blog that there have been "scattered reports of users experiencing odd browser behavior after installing our most recent security update." He added, "Some have reported opening a browser window that promptly hangs IE, others have reported opening links that render blank, and finally we have reports of multiple windows opening when initiating a browser session."

After investigating several of these reports, he said, the problem was traced to a common source: "If a user has ever attempted to run IE 7 Beta 1 in an unsupported side-by-side configuration with a version of IE 6, IE 7 Beta 1 puts a registry key on the machine the first time a user executes the IE7 version of IEXPLORE.EXE," he said. "This key is part of a normal IE7 installation on XP, and will not be configured correctly if an unsupported side-by-side install is used. When IE7 is installed using the installer, the key should be removed properly upon uninstall. A machine can also load this registry key and not remove it during a failed IE 7 installation."

To address this issue on a machine running IE 6 SP1 with the most recent security updates, he recommended users locate and delete the following key from the registry of the affected machine: HKEY_CLASSES_ROOTCLSID{c90250f3-4d7d-4991-9b69-a5c5bc1c2ae6}. Those running IE 7 Beta 1 in a side-by-side scenario with another version of IE should uninstall and reinstall IE 7 Beta 1 in the manner outlined above, he added.

Hackers force game maker to shut down
Malicious hackers forced the maker of popular role-playing games to shut its online store down for four days after compromising e-mail addresses, user names and encrypted passwords, CNET News.com reported. White Wolf Publishing, creator of video and table-top games such as "World of Darkness" and "Vampire: The Requiem," received a message from an "international group of hackers" Dec. 11 saying it had penetrated the company's online security defenses, company spokeswoman Kelley Herman told News.com.

The attackers said they would post user data on the Internet unless the company paid an undisclosed sum of money. The Atlanta-based company refused to pay, and the hackers responded this week by e-mailing individual White Wolf customers to tell them they can buy the stolen information for $10. Herman wouldn't say how many customers might have been affected, News.com reported.

This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close