Security Bytes: New malware targets Skype users

By SearchSecurity.com Staff 18 Oct 2005 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

New malware targets Skype users
A new variant of the IRCbot Trojan horse is taking aim at users of Skype Technologies S.A.'s VoIP software, according to New York-based e-mail security firm MessageLabs Ltd. As of Monday, the firm said it had blocked more than 150 copies of the Trojan, also known as Fanbot. The malware is being distributed by e-mail disguised as the newest release of the popular Skype software client -- version 1.4, which was released Oct. 10.

"When executed, the attached malware program displays a fake 'installation error' box while, in fact, it is installing itself as %sysdir%remote.exe, altering the registry and shutting down shared access and Windows update services," MessageLabs said. "It then tries to connect to either an IRC server named 'jojogirl.3322.org' or 'smallphantom.meibu.com,' but fails." According to Skype's Web site, its Internet voice-calling software has been downloaded more than 184 million times.

Malicious e-mails include the following characteristics:

Subject lines: Hello. We're Skype and we've got something we would like to share with...; Share Skype.; Skype for Windows 1.4; Skype for Windows 1.4 - Have you got the new Skype?; What is Skype?

Body text: "Dear user, Skype is a little piece of software that lets you talk over the Internet to anyone, anywhere for free. And it just got even better -- download the latest version of Skype: Our call quality is the best ever for talking, laughing and sharing stories. You can forward calls on to mobiles, landlines and other Skype Names. Make calls instantly from Outlook email or Internet Explorer with our new toolbars. Personalize your Skype -- play around with sounds, ring tones and pictures to show the world who you are."

Microsoft patch causes problems
Microsoft has acknowledged problems with one of the patches it issued last week. The problem could, among other things, block users from logging on to Windows, block certain applications from running or installing; keep the Windows firewall from starting; and empty the network connections folder. "Microsoft is aware of reports of isolated issues after deployment with Microsoft Security Bulletin MS05-051," the software giant said in an advisory. "We are working with a limited number of affected customers to help resolve these issues."

Microsoft said the problem appears limited to instances when default permission settings on a Windows directory are changed. The advisory outlines steps users can take to correct the problem. MS05-051 patches vulnerabilities with the Microsoft Distributed Transaction Coordinator (MSDTC) and COM+ service to prevent remote control and privilege escalation by attackers. In addition, the same patch seals important, but not critical, holes in the TIP. Among the affected OS versions are Windows XP with SP1 and SP2, and multiple flavors of Windows Server 2003.

Lynx flaw affects Red Hat, Ubuntu Linux
Attackers could exploit a security hole in Lynx -- a text-based Web browser -- to cause a stack-based buffer overflow and launch malicious code, Danish security firm Secunia said in an advisory. The glitch affects Linux distributions from Red Hat, Ubuntu and possibly others.

"The vulnerability is caused due to a boundary error in the 'HTrjis()' function in the handling of article headers sent from NNTP (Network News Transfer Protocol) servers," Secunia said. "This can be exploited to cause a stack-based buffer overflow by tricking a user into visiting a malicious Web site which redirects to a malicious NNTP server via the 'nntp:' URI handler. Successful exploitation allows execution of arbitrary code."

Secunia said the "highly critical" vulnerability has been reported in Lynx versions 2.8.3, 2.8.4, 2.8.5, and 2.8.6dev.13. Other versions may also be affected. "The vulnerability has been fixed in version 2.8.6dev.14," the advisory said.

Tags: Security Patch Management,  Application Attacks (Buffer Overflows, Cross-Site Scripting),  Alternative OS security: Mac, Linux, Unix, etc.,  Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Patch Management Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat How to manage patches for Adobe When is it suitable to remove Java updates? Application Attacks (Buffer Overflows, Cross-Site Scripting) Adobe warns of critical update for Reader, Acrobat 9.1.3 9 Ways to Improve Application Security After an Incident Developers Need Help with Security Errors Buffer overflow tutorial: How to find vulnerabilities, prevent attacks SQL injection protection: A guide on how to prevent and stop attacks Experts rebuke programmers who use SQL injection as feature SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches SSH key compromise shuts down Apache website IBM finds sharp spike in malicious content on trusted sites Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Alternative OS security: Mac, Linux, Unix, etc. Machiavelli Mac OS X rootkit unveiled at Black Hat How secure is 'Platform as a Service (PaaS)?' Security comparison: Mac OS X vs. Windows Mac OS memory flaws pose challenges for enterprise endpoint protection Rootkit Hunter demo: Detect and remove Linux rootkits Oracle to buy Sun Microsystems for $7.4 billion How to harden Linux operating systems Serious holes in Mac OS X memory, researcher shows What is the best operating system for an FTP server implementation? Black Hat DC 2009: Mac OS attack method Alternative OS security: Mac, Linux, Unix, etc. Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary attack vector  (SearchSecurity.com) back door  (SearchSecurity.com) ethical worm  (SearchSecurity.com) Patch Tuesday  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary