New Bagle variants spammed to millions
Antivirus firms say several new Bagle variants have been spammed out to millions of e-mail addresses around the world. Lynnfield, Mass.-based Sophos said those who open infected e-mail attachments will get a Trojan horse that makes changes to the registry, runs Windows Notepad as a decoy and attempts to turn off antivirus and security-related software, opening the door for attack by remote hackers. It also tries to download further code from the Internet, Sophos said. The malicious e-mail messages have no subject line, typically carry the message text "new price" and an attached file with one of several names, including 09_price.zip, price_new.zip, and price2.zip. The attached .zip files all contain a malicious file called price.exe, which is the Troj.BagleDl-U Trojan horse, Sophos said. Finnish firm F-Secure said it had seen the following variants by Monday night: Bagle-CY, or Bagle-BI; Bagle-CZ; Bagle-DA; Bagle-DB; Bagle-DC; Bagle-DD; Bagle-DE; and Bagle-DF.
New IE flaw impacts Windows XP machines running Service Pack 2
Researchers have found a new flaw in Internet Explorer that allows a remote attack on Windows XP machines with Service Pack 2. Aliso Viejo, Calif.-based eEye Digital Security posted an early advisory on its Web site over the weekend to let everyone know the hole exists. However, it did not provide much detail to prevent the information from being used to create an exploit before a patch is released. The vulnerability management provider rated the severity of the flaw as "high." A Microsoft spokesman told CNET's News.com that the company was looking into the vulnerability. The August security update from Microsoft included fixes for three holes in their popular Web browser. No patches were issued this month to allow more time for testing.
Google-spoofing worm knows how to carry its 'Load'
Glendale, Calif.-based PandaLabs reports a new worm it calls P2Load-A that modifies the HOSTS file on an infected computer so that any time users call up Google, they're redirected to a malicious site that looks exactly like the search engine's homepage. But this one's hosted by a German server. It even redirects users if they misspell the URL, such as typing in www.gogle.com or www.googel.com, according to a Panda Software news release. Panda is categorizing the scam behind P2Load as adware, since it appears searches on infected machines come up with altered site rankings that boost traffic to those Web sites. That, in turn, boosts rankings on the real Google search engine. The good news for enterprises is that infections spread through P2P programs Shareaza and Imesh by copying itself to the shared directory as an executable file called Knights of the Old Republic 2. Most companies discourage gaming on the job. For those that don't police employee use, once the file is opened, an error page appears asking them to download an embedded URL. That unleashes the worm, which also changes the start page to show certain ads. Panda added that it would be easy for the worm to change content to other popular Web sites. The company said in its statement that it has contacted the Internet service provider hosting the malicious page and Google.
Banks losing billions to fictitious customers
A new Gartner report says cybercriminals don't need to steal real identities to commit fraud. Apparently they're making more money by making them up. Research director Avivah Litan told The Register that U.S. banks' aggressive push to move from paper-based banking to electronic accounts is providing crooks the means to assume false identities, obtain credit and then run up debt and cash advances to the tune of $50 billion this year. By comparison, identity theft of 'real victims' is expected to costs financial institutions $15 billion. Litan explained that thieves set up online bank accounts using mobile phone numbers on pre-paid cellphones and fake Social Security numbers. After about 18 months of paying their bills on time and earning higher credit limits, the fraudsters drain the accounts.
Miami of Ohio latest school to flunk data privacy test
Miami University of Ohio is among the most recent schools having to notify students and alumni that their private information was inadvertently made public. In this instance, the 21,762 students enrolled the fall 2002 semester had their names, Social Security numbers and grades placed in a public file assigned to a former faculty member that remained accessible via the Internet until recently. The business school professor later retired, but his file holding sensitive grade information apparently remained on the Internet until an alumna performing a "vanity search" found the file by typing in her name into a search engine. The school immediately took down the file and began sending letters of apology to students and alumni. Officials said in a prepared statement that there is no evidence the exposed data has been used illegally. The school dropped the practice of using Social Security numbers as student identifiers shortly after that semester.