Security Bytes: Skype dodges attackers

By SearchSecurity.com Staff 22 May 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Skype flaw fixed
Skype Technologies S.A. has fixed a flaw attackers could exploit to compromise Windows machines running the Skype telephony application.

The Luxembourg-based Internet telephony service provider, which enables customers to make free calls between computers or low-cost calls to regular telephones, said the problem is that the parameters passed by the URL handler are parsed incorrectly. "An attacker who constructs a Skype URL that is malformed in a specific way can initiate the transfer of a single named file from one Skype user to another," the vendor said, "provided that the sender follows the malicious link and that the recipient has previously authorized the sender."

The problem affects Skype for Windows, specifically all releases prior to and including 2.0.*.104; and release 2.5.*.0 to and including 2.5.*.78. Skype recommends customers upgrade to version 2.0.*.105 or 2.5.*.79.

Worm hijacks IE, spreads via Yahoo IM
A new worm hijacks the Internet Explorer (IE) homepage, spreads through Yahoo Messenger and leads users to a site that drops spyware on their PCs, Foster City, Calif.-based FaceTime Communications Inc. warned in an analysis on its Web site.

The company has labeled the worm yhoo32.explr. It hijacks the IE homepage, leading users to the spyware site that installs a program called 'Safety Browser'.

"Because Safety Browser uses the IE icon, users can easily mistake it for Internet Explorer," FaceTime said. "This is the first recorded incidence of malware installing its own Web browser on a PC without the user's permission."

The self-propagating worm spreads the infection to contacts on a victim's Yahoo Messenger list. It does so by sending a Web site link that loads a command file onto the user's PC, subsequently installing Safety Browser.

"This is one of oddest and more insidious pieces of malware we have encountered in years," Tyler Wells, senior director of research at FaceTime Security Labs, said in a statement. "This is the first instance of a complete Web browser hijack without the user's awareness. Similar 'rogue' browsers, such as 'Yapbrowser,' have demonstrated the potential for serious damage by directing end-users to potentially illegal or illicit material. 'Rogue' browsers seem to be the hot new thing among hackers."

Ohio University suspends technician over data theft
At least one technician at Ohio University has been placed on paid administrative leave as part of a major reshuffling of the university's computer services department. The reorganization comes on the heels of recent news that thieves hijacked at least three campus servers.

Bill Sams, Ohio University's CIO, initiated the reorganization Friday, according to CNET News.com. It reported that one of the compromised servers, which held the Social Security numbers of 137,000 people, was penetrated by U.S.- and overseas-based hackers for at least a year and possibly longer.

"That's unbelievable," Avivah Litan, security analyst with research firm Gartner told CNET News.com in response to the revelation. "I have never heard of that much of a delay. Why would it take a year to discover this? It doesn't make any sense."

Attackers have gone after university systems with particular zeal. In the past year, schools like Notre Dame, Georgetown and Purdue universities have been hit.

Symantec accuses Microsoft of misusing technology
It's the AV giant vs. the software giant.

According to published reports, Cupertino, Calif.-based Symantec Corp. has filed suit against Microsoft for allegedly misusing technology from Veritas Software, which Symantec acquired last year.

Specifically, Symantec claims Microsoft misused trade secrets it gained through a Veritas licensing deal to create its own products, including features being added to the Windows platform, Michael Schallop, Symantec's director of legal affairs, told eWeek. The trade secrets were related to Symantec's VolumeManager, which the company acquired as part of the Veritas acquisition.

Schallop said Microsoft's actions -- incorporating the technology into its upcoming Vista operating system, for example -- violates the mutual licensing agreement originally signed by the companies in 1996.

Operating systems use VolumeManager to store and extend large amounts of data to help bypass storage hardware limitations. It also has data recovery and recreation capabilities.

Symantec also accuses Microsoft of concealing its misappropriation of the Veritas technology by denying Symantec access to the software giant's source code, access Microsoft is apparently required to give to Symantec under its agreement.

Tags: Malware, Viruses, Trojans and Spyware,  IM Security Issues, Risks and Tools,  Network Protocols and Security,  Identity Theft and Data Security Breaches,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again RSA research underscores problem tracking cybercriminals Conficker analysis finds P2P coding limited, less sophisticated IM Security Issues, Risks and Tools What are effective ways to stop instant messaging (IM) spam? Secure messaging complications result in limited protection Is it possible to ban chat programs on an enterprise LAN? How to lock down instant messaging in the enterprise AOL closes AIM attack vector, but risks remain Researcher says AIM still vulnerable, AOL insists it's fixed Serious security flaw in AOL Instant Messenger Security flaws found in AOL, Yahoo IM programs Flaw found in MSN Messenger AOL, Yahoo, Trillian IM applications under threat Network Protocols and Security Expert calls SSL protocol vulnerability a non issue How to prevent phishing attacks with social engineering tests How SSL-encrypted Web connections are intercepted DNSSEC deployment challenges can be overcome Microsoft issues SMB vulnerability advisory, patch pending Microsoft repairs Windows media, TCP/IP vulnerabilities How to test IPv6 infrastructures DNSSEC deployments gain momentum since Kaminsky DNS bug Kaminsky interview: DNSSEC addresses cross-organizational trust and security How to create secure Windows FTP automation

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary