Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same

Another Love bug

Well, Valentine’s Day definitely comes as an opportunity for hackers across the world. We have seen all the sorts of viruses using terms related to love. Once again, during this Valentine’s Day season, many different variants of worms were detected. F-Secure detected a new Valentine storm worm which can easily break a computer’s heart. This time it is a rerun of the Valentine’s Day theme and of course, with new subject lines like “Love Rose”, “Rockin’ Valentine”, “Just You”. The Web site produces random images with each visit and then let’s not forget the filename—valentine.exe. Less than a month ago, we saw the first run and with Cupid preparing his bow for Valentine’s Day, they have resumed their campaign. This worm has been detected as Email-Worm: W32/Zhelatin.TQ.

17 more patches for Microsoft

Microsoft released 11 patches on Tuesday in order to fix vulnerabilities in its software which included three critical flaws in the Web browser, Internet Explorer 7. The three critical security holes in Internet Explorer included memory corruption issues in the browser’s HTML rendering capabilities for certain layouts, the browser’s processing of arguments when processing images and the handling of a property method. Microsoft rated all three flaws as Critical, its highest severity rating for Internet Explorer 7 running on both, Windows XP Service Pack 2 systems and Windows Vista systems. A fourth flaw fixed by the patch is rated Important on the most common versions of Windows.

These patches hint towards the fact that one needs to be aware when opening files and the risk of surfing the Web unprotected. Many of the vulnerabilities addressed by the fixes could be exploited if a Windows user simply opens a file or visits a malicious or compromised Web site, a favored attack method amongst cybercriminals. Microsoft’s other Critical-rated bulletins include four patches for security issues in Microsoft’s Office productivity suite and a patch to close a serious security hole in a component of Microsoft Windows that handles Web Distributed Authoring and Versioning (WebDAV) file commands. The regular patch updates published by Microsoft has already reached 20 for this year. In January, the company issued two bulletins to fix three flaws. Last year they released 69 bulletins. Microsoft rated five of the patches “Important,” its second highest severity rating, fixing issues in the file conversion feature of Microsoft Works and Microsoft Office as well as two vulnerabilities in Microsoft’s Internet Information Services (IIS) Web server software, a flaw in Microsoft’s ActiveDirectory software, and a security issue in the way Windows handles TCP/IP packets.

Attacking via Browsers

Of late, cybercriminals are pulling up their socks to exploit vulnerabilities in Web browsers to spread malware using drive-by download techniques.

According to a research by Google’s anti-malware team on three million unique URLs on more than 1,80,000 Web sites automatically installed malware onto vulnerable PCs.

Hackers are increasingly trying to trick search sites into pointing surfers onto maliciously constructed sites. More than one per cent of all search results contain at least one result that points to malicious content. Incidents of such attacks have grown steadily in recent months and will continue to rise.

It is also reported that two percent of malicious Web sites are delivering malware with the help of tainted banner ads. According another report, cybercriminals are stealing the identities and controlling the computers of consumers at a rate never before seen on the Internet. With all this, a complex underground economy has developed in services designed to make exploits more potent, involving tools to disguise attacks on browsers.

In 2006, a small percentage of attackers made use of masking techniques, but this number soared to 80% during the first half of 2007 and increased to nearly 100% by the end of the year. It seems that the criminal element will contribute to a proliferation of attacks in 2008. Hackers are stealing online credentials from compromised machines or making use of them as means to send spam or mount hacking attacks.

Malware increasing rapidly

According to researchers at the F-Secure Security Laboratory, malware detection continues to grow at a quick pace. According to Wing Fei Chia, Security Response Team Manager, F-Secure Security Labs, at the end of 2006 the company had about 250,000 detections in toto that took 20 years to accumulate (from 1986 to 2006). At the end of 2007 the company had doubled the total number of detections to just over 500,000. It only took one year to double the previous twenty years’ accumulation. Taking a look at today’s numbers, F-Secure had close to 560,000 detections by February 12. That’s an additional 59,000 detections added in 43 days at an average of 1372 per day. This is certainly an astonishing figure and is definitely raising questions over the future of security. Maintaining that pace (with no guarantee that it will not increase further) there will be at least another 500,000 detections this year for a grand total of one million or more by end 2008.

Hillary Clinton used in spam

In another twist in the US presidential elections, the Hillary Clinton election campaign is being exploited in a spam message that tries to trick users into downloading a Trojan to their desktops by pretending to offer a link to a video of a campaign speech. According to some experts, it is the first time spam like this targeting a candidate has been seen. The recently spotted spam message has not been seen in large volumes yet.

The spam, which has the subject line “Hillary Clinton Video!!” offers users a link promising a video of the presidential candidate giving a speech. In reality, clicking on it would cause a Trojan to be downloaded to compromise the victim’s machine for the purpose of sending more spam.

The US presidential campaign is in full swing, but other than Hillary Clinton, the only other candidate’s name being abused for malware purposes in this way is Ron Paul.