Security Bytes: New malware targets Skype users

By SearchSecurity.com Staff 18 Oct 2005 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

New malware targets Skype users
A new variant of the IRCbot Trojan horse is taking aim at users of Skype Technologies S.A.'s VoIP software, according to New York-based e-mail security firm MessageLabs Ltd. As of Monday, the firm said it had blocked more than 150 copies of the Trojan, also known as Fanbot. The malware is being distributed by e-mail disguised as the newest release of the popular Skype software client -- version 1.4, which was released Oct. 10.

"When executed, the attached malware program displays a fake 'installation error' box while, in fact, it is installing itself as %sysdir%remote.exe, altering the registry and shutting down shared access and Windows update services," MessageLabs said. "It then tries to connect to either an IRC server named 'jojogirl.3322.org' or 'smallphantom.meibu.com,' but fails." According to Skype's Web site, its Internet voice-calling software has been downloaded more than 184 million times.

Malicious e-mails include the following characteristics:

Subject lines: Hello. We're Skype and we've got something we would like to share with...; Share Skype.; Skype for Windows 1.4; Skype for Windows 1.4 - Have you got the new Skype?; What is Skype?

Body text: "Dear user, Skype is a little piece of software that lets you talk over the Internet to anyone, anywhere for free. And it just got even better -- download the latest version of Skype: Our call quality is the best ever for talking, laughing and sharing stories. You can forward calls on to mobiles, landlines and other Skype Names. Make calls instantly from Outlook email or Internet Explorer with our new toolbars. Personalize your Skype -- play around with sounds, ring tones and pictures to show the world who you are."

Microsoft patch causes problems
Microsoft has acknowledged problems with one of the patches it issued last week. The problem could, among other things, block users from logging on to Windows, block certain applications from running or installing; keep the Windows firewall from starting; and empty the network connections folder. "Microsoft is aware of reports of isolated issues after deployment with Microsoft Security Bulletin MS05-051," the software giant said in an advisory. "We are working with a limited number of affected customers to help resolve these issues."

Microsoft said the problem appears limited to instances when default permission settings on a Windows directory are changed. The advisory outlines steps users can take to correct the problem. MS05-051 patches vulnerabilities with the Microsoft Distributed Transaction Coordinator (MSDTC) and COM+ service to prevent remote control and privilege escalation by attackers. In addition, the same patch seals important, but not critical, holes in the TIP. Among the affected OS versions are Windows XP with SP1 and SP2, and multiple flavors of Windows Server 2003.

Lynx flaw affects Red Hat, Ubuntu Linux
Attackers could exploit a security hole in Lynx -- a text-based Web browser -- to cause a stack-based buffer overflow and launch malicious code, Danish security firm Secunia said in an advisory. The glitch affects Linux distributions from Red Hat, Ubuntu and possibly others.

"The vulnerability is caused due to a boundary error in the 'HTrjis()' function in the handling of article headers sent from NNTP (Network News Transfer Protocol) servers," Secunia said. "This can be exploited to cause a stack-based buffer overflow by tricking a user into visiting a malicious Web site which redirects to a malicious NNTP server via the 'nntp:' URI handler. Successful exploitation allows execution of arbitrary code."

Secunia said the "highly critical" vulnerability has been reported in Lynx versions 2.8.3, 2.8.4, 2.8.5, and 2.8.6dev.13. Other versions may also be affected. "The vulnerability has been fixed in version 2.8.6dev.14," the advisory said.

Tags: Security Patch Management,  Application Attacks (Buffer Overflows, Cross-Site Scripting),  Alternative OS security: Mac, Linux, Unix, etc.,  Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Patch Management Adobe fixes critical Shockwave Flash Player flaw Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates Adobe issues first quarterly patch release fixing 13 flaws Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Adobe shifts to Microsoft patching process, incident response plan Software delivery could fix software patching issues Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw Firefox update addresses several security flaws Application Attacks (Buffer Overflows, Cross-Site Scripting) Month of Twitter Bugs project to document Twitter flaws Adobe issues first quarterly patch release fixing 13 flaws Balancing security and performance: Protecting layer 7 on the network Adobe issues Reader update fixing zero-day flaw The Pipe Dream of No More Free Bugs Security Squad: Federal cybersecurity defenses Oracle issues 43 updates, fixes serious database flaws Attackers target new Microsoft PowerPoint zero-day flaw How to detect input validation errors and vulnerabilities Vulnerability test methods for application security assessments Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Alternative OS security: Mac, Linux, Unix, etc. Mac OS memory flaws pose challenges for enterprise endpoint protection Rootkit Hunter demo: Detect and remove Linux rootkits Oracle to buy Sun Microsystems for $7.4 billion How to harden Linux operating systems Serious holes in Mac OS X memory, researcher shows What is the best operating system for an FTP server implementation? Black Hat DC 2009: Mac OS attack method New hacking method stealthily attacks Macs with malware Apple fixes critical QuickTime flaws User provisioning and SSO for PeopleSoft- and Unix-based products Alternative OS security: Mac, Linux, Unix, etc. Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary attack vector  (SearchSecurity.com) back door  (SearchSecurity.com) ethical worm  (SearchSecurity.com) Patch Tuesday  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary