News Stay informed about the latest enterprise technology news and product updates.

Security Bytes: New Cellery worm no fun and games

Two new worms, including one masquerading as Tetris, hit the wild; ID thief gets 14 years in prison; Opera flaw unveiled; patches provided for a Netscape hole.

Sophos says two new worms are in the wild
Lynnfield, Mass.-based antivirus firm Sophos said two new worms are in the wild, one carrying a crude New Year's message; the other posing as the Tetris computer game. Both should be stopped from infecting networks if enterprises update their AV software.

W32.Cellery-A poses as a playable version of the classic Russian computer game Tetris as it attempts to spread across networks, Sophos said. It gets its name from a message it displays saying "Chancellery" and makes changes to Windows settings to ensure it automatically runs when the operating system starts up. "Whilst the Tetris-like arcade game is running it plays a MIDI music tune and searches for other network drives and attached computers to also try and infect," the firm said.

Cellery isn't the first virus or worm to allow infected users to play games on their PCs, Sophos noted. The Bibrog worm posed as a shooting game and the Coconut worm, written by the female Belgian virus writer Gigabyte, gave users the opportunity to throw coconuts at photographs of AV experts like Graham Cluley, Sophos' senior technology consultant.

W32.Wurmark-D, meanwhile, travels as an e-mail attachment and pretends to be a seasonal greeting with an "amusing" attachment. "When the attached virus is launched, the worm displays a graphic image of nude men and women contorting to form the words "HAPPY NEW YEAR," Sophos said. "However, the malicious worm is secretly installing itself behind the scenes and forwarding itself to other computer users."

Identity thief sentenced to 14 years in prison
A hacker with a massive appetite for identity theft was sentenced to 14 years in prison for his part in the biggest case of credit card fraud in American history, SC Magazine reported Wednesday. Philip Cumming of Cartersville, Ga., received the sentence in a New York courtroom Tuesday after pleading guilty to conspiracy, wire fraud and fraud offences last September. He stole over 30,000 credit histories from Long Island-based Telecommunications Inc., where he worked as a help desk employee. He then sold the histories to criminal gangs based in Nigeria for $30 a piece, SC magazine reported. The gangs then used the histories to apply for credit cards, loans and bank accounts. Losses from the scam have been estimated at $50 to $100 million. Presiding U.S. District Judge George Daniels turned down leniency pleas from the defense, who said the morbidly obese Cumming had a heart condition. He is currently on bail but will have to report to prison March 9.

'Moderately critical' Opera flaw
Attackers could use a security hole in Opera to trick people into executing malicious files, Danish security firm Secunia said in an advisory. Researcher Michael Holzt discovered the vulnerability, caused by an error in the processing of "data:" URIs. The glitch causes the wrong information to be shown in a download dialog, Secunia said. This "can be exploited by a malicious Web site to trick users into executing a malicious file by supplying a specially crafted 'data:' URI," the firm added. The flaw was confirmed on version 7.54u1 for Windows. Other versions may also be affected. Secunia deems the problem "moderately critical" and recommends users not open files from untrusted sources.

Patches available for Netscape Directory Server
Red Hat has released patches to plug a vulnerability in the Netscape Directory Server an attacker could exploit to cause a denial of service and launch malicious code. "A stack buffer overflow was found in the access control code in Netscape Directory Server 6.21 and earlier," Red Hat said in an advisory. "A remote attacker who can communicate with the LDAP service could trigger this flaw by creating a carefully crafted attribute change request. A successful exploit would lead to a denial of service (crash) or potentially to remote code execution on the server." Red Hat acquired the Netscape Directory Server from America Online Inc. last month.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.