Malware targets Google programs
A week after Yahoo Mail was targeted by a worm, rival search giant Google Inc. is trying to fight off malware targeting its Google Page Creator Web site hosting service as well as its Orkut service. San Diego-based Websense Inc. issued an advisory on the first issue, saying that a Trojan horse program was uploaded to a Googlepages.com server. It lies dormant on a client system until a user logs on to a banking Web site. The Trojan then tries to steal the person's information by capturing their keystrokes.
According to a published report, Google said it is moving as quickly as possible to address the threat and asked that users notify the search giant when they encounter sites that host or serve malicious files.
Meanwhile, Foster City, Calif.-based security firm FaceTime Communications Inc. said it has discovered a worm capable of stealing bank details and other personal data via Orkut, Google's social networking service. Google's service, while available globally, is wildly popular among Brazilians who make up the bulk of its users, the Reuters news agency noted in a report. The malicious program, which FaceTime calls MW.Orc, works its way onto users' personal computers when they click on infected links on Orkut scrapbook pages.
In a statement, Google said that "Orkut.com users and users of all online services and applications should always be careful when opening or clicking on anything suspicious." The company added that it is aware of this issue and was working to implement a temporary fix, but it's currently unclear if that fix is now in place. "We are working on a more permanent solution for users to guard against these malicious efforts."
Microsoft offers advice on zero-day Excel flaw
Microsoft said Monday it's investigating a recently exploited Excel flaw and recommends customers "always exercise extreme caution when opening unsolicited attachments from both known and unknown sources." Meanwhile, Danish vulnerability clearinghouse Secunia has issued an advisory warning of a new flaw affecting Excel and Microsoft Office.
Of the zero-day Excel flaw discovered last week, Microsoft said in an advisory that it has added detection of exploits to the Windows Live Safety Center for "up-to-date removal of malicious software that attempts to exploit this vulnerability." When its investigation is finished, Microsoft said it will take the appropriate action to help protect customers. "This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs," the company said.
Secunia said attackers could exploit the new flaw affecting Excel and Office to compromise a vulnerable system. "The vulnerability is caused due to a boundary error in hlink.dll within the handling of hyperlinks in Excel documents," Secunia said. "This can be exploited to cause a stack-based buffer overflow by tricking a user into clicking a specially crafted hyperlink in a malicious Excel document." Secunia confirmed the flaw in Microsoft Excel 2003 SP2. The company recommended users avoid opening untrusted Microsoft Office documents and avoid following links in Microsoft Office documents.
Worm exploits World Cup craze
UK-based antivirus firm Sophos said a new worm is spreading by exploiting interest in the World Cup. Sixem-A spreads using a variety of disguises, including subject lines such as "Naked World Cup game set," "Soccer fans killed five teens" and "Crazy soccer fans," Sophos said.
One of the messages sent by the worm reads, "Nudists are organizing (sic) their own tribute to the world cup, by staging their own nude soccer game, though it is not clear how the teams will tell each other apart. Good photos ;)"
"If the attached file is run, it attempts to disable security software on the infected computer and then spread itself to other email addresses," Sophos warned.
Microsoft's French Web site defaced
Hackers made their way onto Microsoft's French Web site over the weekend and splattered part of it with graffiti. The intruders accessed the server that was running http://experts.microsoft.fr/, Microsoft told CNET News.com Monday. Turkish hackers have apparently claimed responsibility for the attack.
The attackers were likely able to penetrate the server running the Web site due to faulty configuration. Microsoft said it took the appropriate action "to resolve the issue and stop any additional criminal activity," CNET News.com reported.
After breaking in, the hackers left the following note: "Hi Master (: Your System 0wned By Turkish Hackers! redLine ownz y0u! Special Thanx And Gretz RudeBoy |SacRedSeer| The_Bekir And All Turkish HacKers next target: microsoft.com date: 18/06/2006 @ 19:06 WE WERE HERE...."