News Stay informed about the latest enterprise technology news and product updates.

Security Bytes: Delf -HA Trojan targets cell phones

New vulnerability in IE discovered, while phishing ramps up a notch and e-voting errors emerge. Conectiva fixes a flaw; spammer faces federal prison.

Trojan targets mobile phones
If a wave of spam is being sent to your cell phone, it may be the work of a new Trojan horse program. Lynnfield, Mass.-based antivirus firm Sophos said Troj.Delf-HA downloads instructions on which spam campaign to run from a Russian Web site, and then pummels cell phone users with unsolicited junk SMS text messages. "Cell phone spam can not only be a nuisance, but it can also cost the phone owner money. In the past we have seen SMS spam campaigns designed to encourage recipients to ring an expensive phone number, or sign-up for a costly chatline service," said Graham Cluley, senior technology consultant for Sophos. "Now SMS spammers are taking a leaf out of the book of e-mail spammers, and using unprotected, innocent PCs to pass on their unwanted messages."

'Access Denied' vulnerability in IE
Researcher Benjamin Tobias Franz has discovered a vulnerability in Internet Explorer malicious Web sites could use to detect the presence of local files, Danish security firm Secunia said in an advisory. "The problem is that an 'Access is Denied' error will be returned if a site in the 'Internet' zone tries to open an existing local file in the search window using the 'res:' URI handler. This can be exploited to determine the presence of specific programs or files in the system directories and on the desktop," Secunia said. The firm confirmed the vulnerability on a fully patched system with Internet Explorer 6 and Microsoft Windows XP SP1. Systems running Windows XP SP2 are not affected. As a workaround, the firm recommends disabling active scripting support.

Application security products to be evaluated
Application security companies F5 Networks, Imperva, NetContinuum and Teros announced an initiative for ICSA Labs Premier Services to carry out an independent third-party evaluation of their products to help define more consistent and reliable standards for customers. The companies issued a statement saying they are "united regarding the minimum criteria that any security product must meet to provide acceptable protection for mission-critical Web applications. We believe these minimums are not being met by many vendors despite marketing claims that strongly imply such protection. The result is a false sense of security that exposes consumers and corporations to a higher risk of identity theft and other similar data loss threats." The group has invited Check Point Software Technologies, Cisco Systems, Juniper Networks, McAfee and Symantec to participate.
For more information, see the ICSA Labs requirements.

Citibank, SunTrust phish schemes gain sophistication
Web- and e-mail-filtering provider SurfControl warns a new phish scheme exploits flaws in Citibank Australia and SunTrust Bank Web sites to change content while retaining the authentic URL address of the financial institutions. The technique makes it impossible for users to distinguish the real site from the fake one designed to steal personal data, according to a news release. Scammers exploit a flaw in the search script to run a Java script page that displays their own bogus site, set up to look identical to the legitimate one. "This is definitely one of the most sophisticated phishing techniques we have ever seen," said Susan Larson, vice president of global content for the Scotts Valley, Calif., company.

Companies can protect employees from these online scams by educating users to never provide confidential information or follow links found in unsolicited e-mail. Make sure antivirus software is updated, systems are patched and monitor employee Internet and e-mail use for signs of trouble.

E-vote errors discovered in Ohio, N.C.
Ohio elections officials said an error in an electronic voting machine gave President Bush almost 4,000 extra votes. The error was found after vote totals were out of line with ballots cast in one Columbus suburb, according to the Associated Press. In North Carolina, more than 4,500 votes were lost due to an overloaded machine. In both cases, the errors did not impact the outcome of the presidential election. E-vote activists have been filing Freedom of Information letters nationwide to help determine the accuracy of ballots cast in various races. Reports are coming in from various states reporting voting irregularities, and all are under investigation.

Spammer remains in jail awaiting sentencing
A $1 million bail was set this week for North Carolinian Jeremy Jaynes after he was convicted of illegal distribution of junk e-mail in the nation's first felony prosecution of spammers. Jaynes, 30, could receive up to nine years in prison for sending junk mail and pornography under the alias "Gavin Stubberfield," according to the Associated Press. His sister, 28-year-old Jessica DeGroot, was given a $7,500 fine for her role. A third defendant, Richard Rutkowski, 30, was acquitted. All three lived in the Raleigh metropolitan area, but the trial was held in northern Virginia, where the charges originated. The state's anti-spam laws make it illegal to send bulk e-mail if the sender masks his or her identity.

Conectiva fixes libtiff, xpdf flaws
Conectiva has fixed several integer overflow vulnerabilities in libtiff an attacker could use to launch malicious code, cause a denial of service or corrupt memory in affected machines. "[Researcher] Chris Evans encountered several problems in the Run Length Encoding decoders that could lead to an arbitrary code execution vulnerability through a specially crafted image," Conectiva said. "[Researcher] Matthias Clasen encountered a division by zero through an integer overflow that could lead to a denial-of-service vulnerability which could be triggered by a specially crafted image." Meanwhile, the Linux vendor said, researcher Dmitry V. Levin "encountered several integer overflows that caused malloc issues which could result in either plain a crash or memory corruption." All libtiff users are advised to upgrade their packages. All applications linked against libff must be restarted after the upgrade to close the vulnerabilities.

Conectiva also fixed xpdf code flaws an attacker could use to launch malicious code. Researcher Chris Evans discovered several integer overflow vulnerabilities in the xpdf code, which can be exploited remotely by a specially crafted .pdf document and "may lead to the execution of arbitrary code," the Linux vendor said. "The vulnerabilities for xpdf 2 and 3 and also for xpdf 3 were also inherited by gpdf, kpdf, koffice and cups. It is recommended that all xpdf, gpdf, kpdf, koffice and/or cups users upgrade their packages."

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.