News Stay informed about the latest enterprise technology news and product updates.

Security Bytes: Worm uses spycam

Red Hat, Gentoo and Mozilla issue update; workaround for Novell flaw.

New worm uses Web cameras to spy on users
A new worm uses Web cameras to spy on computer users in their home or workplace, Lynnfield, Mass.-based antivirus firm Sophos said. W32.Rbot-GR spreads via network shares, exploiting a number of Microsoft security vulnerabilities and installing a backdoor Trojan as it travels. Once installed, a remote attacker could easily gain access to the information on the PC's hard drive and steal passwords, all the while spying on users through Web cameras and microphones. "More and more hackers are interested in spying on the people they manage to infect with their worms and Trojan horses. In the workplace, this worm opens up the possibilities of industrial espionage. At home it is equivalent to a Peeping Tom who invades your privacy by peering through your curtains," said Graham Cluley, senior technology consultant for Sophos.

Multiple flaws in Mozilla, Firefox and Thunderbird
Gentoo urges users to upgrade to the latest versions of Mozilla, Mozilla Firefox and Mozilla Thunderbird to correct vulnerabilities an attacker could exploit to cause buffer overflows, denial of service or execute malicious code. The advisory said Mozilla and Mozilla Firefox contain a bug in their caching that could allow the SSL icon to remain visible even when the site in question is insecure. An attacker could force the browser to execute arbitrary code from a malicious Web site by using Mozilla's predictable cache file locations and its ability to execute local files within the local zone. The advisory points to additional problems in Mozilla, Mozilla Firefox and Mozilla Thunderbird: All Mozilla tools use libpng for graphics. This library contains a buffer overflow that could lead to arbitrary code execution. If a user imports a forged certificate authority (CA), it may overwrite and corrupt the valid CA already installed on the machine. Users of Mozilla and Mozilla Firefox are susceptible to SSL certificate spoofing, a denial of service against legitimate SSL sites, crashes and arbitrary code execution. Users of Mozilla Thunderbird are susceptible to crashes and arbitrary code execution via malicious e-mails.

Red Hat, Gentoo update Qt, patching vulnerability
Red Hat and Gentoo have both updated Qt software to patch vulnerabilities an attacker could exploit to launch arbitrary code on an affected system. Red Hat's advisory said the bugs affect Desktop 3, Enterprise Linux AS 2.1and 3; Enterprise Linux ES 2.1 and 3; Enterprise Linux WS 2.1 and 3; and Linux Advanced Workstation 2.1 for the Itanium Processor. Qt is a software toolkit that simplifies writing and maintaining graphical user interface (GUI) applications for the X Window system. Researcher Chris Evans found a heap overflow in the .bmp image decoder in Qt versions prior to 3.3.3 during an audit, the advisory said, adding, "An attacker could create a carefully crafted .bmp file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim." Several flaws were also discovered in the .gif, .xpm and .jpg decoders in Qt versions prior to 3.3.3. Red Hat said Qt users should switch to the updated packages, which contain "backported" patches that are not vulnerable. Gentoo's advisory said the vulnerabilities affect Gentoo Linux 1.x.

Vulnerability in Novell Web Manager
An unspecified vulnerability with an unknown impact has been reported in Novell Web Manager on the Novell NetWare 6.5 operating system, Secunia said. The Copenhagen, Denmark-based security firm said in an advisory that while Novell doesn't have a fix at this time, "The threat may potentially be mitigated by restricting access to the Web Manager interface and granting only trusted users access to affected systems." Novell said in its advisory that the issue has been reported to its engineers for investigation.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.