Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same

IE and Firefox vulnerable: hard drive content theft possible

The latest offerings from Microsoft and Mozilla in their browser services, Internet Explorer (IE7) and Firefox 2.0 respectively are reported to be vulnerable to attacks which could expose the contents of the sensitive files on the hard drives of the victims.

The functionality, which allow the browsers to upload files to a remote server are where these vulnerabilities reside. When the victim visits a booby-trapped Web site and enters some text in a comment interface or other input field the vulnerability strikes.

Some of the demonstrations have exploited how typing a simple string could reveal a Windows user’s boot.ini file using IE or Firefox.

Trojan hits Instant Messengers

According to some researchers, the Trojan which increased the spam count in January is now spreading to Instant Messengers.

Symantec researchers say that the “Storm Trojan,” also known as “Peacomm,” is now passing through Google Talk, Yahoo Messenger and AOL Instant Messenger (AIM).

This new infection vector is menacing because the message such as the cryptic “LOL ;)” and the included URL can be dynamically updated by the attacker. To make the situation worse, it injects a message and URL only into already-open windows and its not just some arbitrary message that pops up, but it appears only to people with whom you are already chatting. That makes the approach very effective.

In addition to this, the server which puts the malware on a user’s machine can be changed quickly by the attacker with the use of the Trojan’s peer-to-peer control channel and thus everything can be constantly changed. According to Joe Stewart, a SecureWorks senior security researcher’s analysis, peacomm is nothing but a spinoff of last year’s worm called Nuwar with almost the same code.

It has been noted that the Trojan is behind several distributed denial-of-service (DDoS) attacks against antispam Web sites and servers supporting rival malware.

The DDoS module can be enabled at will by the attacker and aimed at any site. spamnation.info was included in the January target list and it was knocked offline for eight days from January 12 onwards. The better-known spamhaus.org was an indirect victim, too.

It was observed that this spam group will attack anyone who interfaces with its business model irrespective of him being an antispammer or a spammer. Symantec's data shows that the bulk of DDoS activity is because of hacker internecine warfare as one group tries to blunt another's attempt to corral large numbers of PCs in botnets.

Disagreement comes in pegging Peacomm with a label. Steward feels that the person doing this is simply playing it by the book and following the best techniques and using off the shelf protocols. He even says that this malware’s maker is just persistent and not technically sophisticated; instead he is just using the basic stuff which is working very well for him.