Security Bytes: New worm spoofs your AIM buddies

By SearchSecurity.com Staff 03 Jun 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Worm targets AIM users with bogus URL
If your IM buddy is sending you a photo link through AOL Instant Messenger, you better check with them to make sure they really sent it. A new worm is spreading through AIM using spoofed addresses.

Gpic-AOL tries to dupe users into clicking on a malicious URL, Waltham, Mass.-based IM security firm IMlogic said in an advisory. The firm said Gpic-AOL spreads itself to all users on the AOL buddy list and sends the following message: "damn this looks just like me: lol." The message is followed by the bogus URL: http://pictures.google.com/common/pictures/user-097.JPG.

IT administrators can block the worm using the content filtering feature of IM Manager, IMlogic said. Administrators should also make sure they have the latest updates from their antivirus provider, the firm added.

As businesses become more dependent on instant messaging, attackers are spending more time targeting it with malicious code. In a recent report, the IMlogic Threat Center said instant messaging exploits in the first three months of 2005 surged more than 270% over the same period last year.

Israeli business community shaken by Trojan horse scandal
Carefully placed Trojan horse attacks have mushroomed into a massive scandal, leaving Israel's business community with a black eye. According to the Associated Press, the scandal has tainted some of the country's most powerful corporate suites. The news agency reported that top Israeli blue chip companies -- including a high-tech giant that trades in New York -- are suspected of using Trojan horse programs to steal information from rivals and enemies.

The list of victims ranges from a cigarette importer to the local operations of the Ace hardware chain and Hewlett-Packard Co. A prominent TV reporter is also caught up in the affair, claiming hackers compromised his computer to get phone numbers of celebrities. The AP said the scandal has shed an unflattering light on the Israeli business world, where cut-throat competition in a small market, high-tech sophistication and the secretive traditions of the army form a volatile mix. The case is also attracting the attention of top security software makers, who have been updating their products to defend against similar outbreaks in the U.S.

Twenty-two people have been arrested so far in what the Israeli media has dubbed the Trojan Horse scandal. More arrests are expected. Police apparently stumbled upon the case after author Amnon Jackont discovered excerpts on the Internet of a book he was still writing, the AP said. More documents from his computer began appearing on the Internet and someone tried to use his bank details to make transactions. Jackont realized his computer had been invaded and told police he suspected the spy was his stepdaughter's ex-husband, Michael Haephrati. In a newspaper interview, he said Haephrati became "vengeful and obsessive" after the collapse of his marriage. Police subsequently found the surveillance software on Jackont's machine.

According to the AP, those implicated in the affair include Amdocs Ltd., a business-software maker that trades on the New York Stock Exchange; the Cellcom phone carrier and three subsidiaries of the Bezeq phone monopoly.

HP fixes OpenView flaws
The French Security Incident Response Team [FrSIRT] recommends users of HP OpenView Radia Management Applications 2.0, 3.0 and 4.0 patch their programs against two security holes attackers could use to cause a denial of service or launch malicious code.

"These flaws are due to stack overflow errors in the 'nvd_exec()' function in the Radia Notify Daemon when handling specially crafted requests or command variable extensions, which may be exploited by attackers to execute arbitrary commands or cause a denial of service," FrSIRT said in an advisory.

FrSIRT considers the flaws a high risk because attackers can exploit them from remote locations.

Microsoft: MSN site was hacked
Attackers booby-trapped Microsoft's MSN Web site in South Korea in an attempt to rob visitors of their passwords. It remains unclear how many users have been affected. Microsoft told the Associated Press it cleaned the Web site and removed the dangerous software code that unknown hackers had added earlier this week. A spokesman, Adam Sohn, said Microsoft was confident its English-language Web sites were not vulnerable to the same type of attack.

The news agency noted that South Korea is a leader in high-speed Internet users worldwide. Microsoft's MSN Web properties -- which offer news, financial advice, car- and home-buying information, among other things -- are among the most popular across the Web.

Unlike its U.S. counterparts, the Korean site was operated by another company Microsoft did not identify, the AP said. Microsoft's own experts and Korean police authorities were investigating, but Microsoft believes the computers were vulnerable because operators failed to apply necessary software patches.

McAfee acquires wireless security firm
McAfee Inc. has acquired Wireless Security Corp., a private company specializing in Wi-Fi security tools for home and small business networks. The Santa Clara, Calif., antivirus giant said the company's technology will bolster the effectiveness of its product line, which includes Internet Security Suite, VirusScan and Personal Firewall. Under the terms of the agreement, McAfee has acquired all the outstanding stock of Wireless Security Corp., including all associated technologies and assets.

"McAfee is committed to providing innovative, comprehensive solutions that protect customers from security threats at all access points," George Samenuk, chairman and chief executive officer of McAfee, said in a statement. "The world we live in has become increasingly wireless, yet most users do not have the proper security enabled and additional protection installed to secure their wireless networks. This acquisition builds on our existing security technology and enables us to further protect the growing wireless environment."

Wireless Security's technology supports WEP, WPA-PSK and virtually 100% of network cards, McAfee said. It also supports the most popular routers from the largest vendors such as Linksys, D-Link, and Netgear, along with support for some devices from Buffalo, Belkin, Proxim, ZyXEL and 3COM, the company added.

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary