News Stay informed about the latest enterprise technology news and product updates.

Security Bytes: Botnet threat rises

Also, NatWest bank hit by phishing; Gentoo fixes Squirrelmail flaw; and Red Hat issues Samba update.

Botnet threat continues to rise
Spammers and virus writers continue to expand their reach, using botnets to quietly build an army of zombie PCs to do their bidding, New York-based MessageLabs said.

In October, 76.76% of all e-mail MessageLabs scanned was spam. During the same period, the company said it stopped 3.1% of the e-mails it scanned because they contained viruses, Trojans and other malicious content.

The company said in a statement that PCs controlled by zombie botnets are one of the largest sources of spam and viruses -- remotely controlled by spammers and virus writers to anonymously distribute their wares. "Earlier this year, the botnet problem gained global attention when Comcast, one of the largest residential broadband providers, was found to be single-handedly responsible for the biggest proportion of spam on the Internet," MessageLabs said. "Comcast subscribers were sending out more than 800 million e-mails per day, according to the statistics at Senderbase, while only around 12% were sent through the company's e-mail servers. The vast majority was spam being relayed through zombie computers that had been compromised to send the unwanted messages."

Phishing scam targets NatWest bank
NatWest bank was forced to suspend some of its online banking services Wednesday after it was targeted by a phishing scam. The British bank tells customers logging on to its online banking service that they can't create or amend third-party payment mandates or create standing orders because of a malicious e-mail disguised as an official software update from the bank.

The e-mail is part of a scam designed to trick online customers into divulging their passwords and providing access to their bank accounts, according to Lynnfield, Mass.-based antivirus firm Sophos. "Phishing attacks are nothing new -- millions of bogus e-mails are sent every day trying to empty the bank accounts of innocent customers. However, it's rare that these scams result in a bank deciding to shut down some of its online services. It's good to see a financial institution has taken quick action to protect its customers from potential fraud although there may be some inconvenience," Graham Cluley, senior technology consultant for Sophos, said in a statement. "NatWest customers, and indeed anyone banking online, should remember to be extremely suspicious of unexpected e-mails that appear to have come from their bank, and never to click on links contained within them."

Gentoo fixes Squirrelmail flaw
Gentoo has fixed a vulnerability in its SquirrelMail Web mail package an attacker could use to launch malicious scripts. The Linux vendor's advisory said SquirrelMail fails to properly sanitize user input, which could lead to a compromise of Web mail accounts. "SquirrelMail fails to properly sanitize certain strings when decoding specially crafted headers," Gentoo said. "By enticing a user to read a specially crafted e-mail, an attacker can execute arbitrary scripts running in the context of the victim's browser. This could lead to a compromise of the user's Web mail account, cookie theft, etc." Gentoo said there is no known workaround, and that SquirrelMail users should upgrade to the latest version.

Red Hat issues Samba update
Red Hat has updated its Samba packages, fixing vulnerabilities an attacker could use to launch malicious code or cause a denial of service.

During a code audit, researcher Stefan Esser found a buffer overflow in Samba versions prior to 3.0.8 when handling unicode filenames, the Linux vendor said in its advisory. "An authenticated remote user could exploit this bug, which may lead to arbitrary code execution on the server."

Another vulnerability was found in the input validation routines in versions prior to 3.0.8 that caused the smbd process to consume abnormal amounts of system memory. "An authenticated remote user could exploit this bug to cause a denial of service," the advisory said.

Dig Deeper on Emerging cyberattacks and threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.