Malware: Archive: April 2004

Malware Week in Review

This week's report from Panda Software on viruses and intrusions focuses on three variants of Bagle -Z, AA, and AB-, two variants of Netsky -AA and AB-, and the Gimared.A and Gaobot.PX worms.

New Variant of Mass-Mailing Worm Discovered

Some security vendors Friday issued alerts for a new variant of the Misodene email worm.

Countering Lack of Security in Wi-Fi Hot Spots

In a report on 'Securing the Mobile Device,' the Burton Group outlines options users tapping the 802.11 protocol have for securing their transmissions and guarding the integrity of their data.

Barnes & Noble.com Fined for Customer Data Leak

The online bookseller settles with the New York AG's office and plans to establish an IT security program to protect sensitive customer information.

Lawmakers Vow Tough Spyware Laws

Commerce chairman says consumers are 'outraged' and promises legislative action by end of year.

Symantec Sideswipes Second Patent Dispute

The Internet security firm settles with Clearswift after fixing its argument with Aladdin and reports record revenues.

Large Numbers of Gaobot Worm Variants Proliferating

McAfee Thursday issued an alert for W32/Gaobot.worm.ali, with the warning that there are more than 900 variants of the Gaobot virus in existence.

AntiOnline Spotlight: Spyware Protection for Networks

Stopping spyware is usually just an easy (and mostly free) download away. Even ISPs are getting into the act by helping their users banish the intrusive code. But where do admins turn when they want to provide the same protection for their networks?

Feds Can Spammers Under New Act

Federal authorities use Can Spam to raid prolific Michigan spam operation, which specialized in spoofing to hawk bogus diet patches.

Bagle Worm Variant Upgraded to Serious Threat

Panda Software Wednesday issued a high threat alert for Bagle.AB, a worm that spreads via e-mail in a message with variable characteristics and through P2P file sharing programs.

Security's 'Perfect Storm' Leaves IT Ragged

While there were actually fewer viruses and vulnerability announcements in April, the alerts that did come out affected more companies than usual, running administrators ragged all month.

Blaster Redux? SSL Worm Threat Rising

Security experts have spotted the first signs of a Blaster-like worm circulating underground, prompting fears that major Internet disruptions could be less than a week away.

Bagle and Netsky Variants Continue to Thrive

Security vendors Tuesday continued to issue alerts for two email worms: Bagle and Netsky.

New Variants of Bagle Worm Continue to Appear

Several security vendors reported the appearance of at least four new variants of the email worm Bagle Monday.

'Critical' Windows Hijack Flaw Reported

Researchers warn that the boundary error vulnerability could cause a buffer overflow and lead to system takeover.

Malware Week in Review

This week's report on viruses and intrusions focuses on four variants of Netsky -W, X, Y and Z-, two variants of Mydoom -I and J-, the Zafi.A worm, Blaster.H, and a spam message designed to download a Trojan to the computer.

Password-Stealing Trojan Tries to Capture Web Keylogs

Troj/Banker-S is a password stealing Trojan that attempts to capture keylogs associated with web browsing, according to Sophos, which issued an alert Friday.

'Osama Captured' e-Mail is Malicious Trojan

The 'Osama Bin Laden Captured' e-mail hammering your in-box today will attempt to download a Trojan if the embedded URL is clicked.

Phishing Scams Increase 1,200% in 6 Months

Beware your email. In the last six months, the number of phishing email scams has increased 1,200 percent, putting end users and major companies at an even greater risk of theft and damage, according to a new study.

Trojan/Worm Opens TCP Ports For Intruders

W32/Agobot-EV is an IRC backdoor Trojan and peer-to-peer (P2P) worm that opens TCP ports to listen for and process commands received from a remote intruder, according to Sophos, which issued an alert Thursday.

Worm Spreads Via Email With Variable Characteristics

Mydoom.J is a worm that spreads via e-mail in a message with variable characteristics, and through peer-to-peer (P2P) file sharing programs, according to Panda Software, which issued a low-level threat alert Wednesday.

Flaw Puts TCP Data Transfer At Risk

Officials say systems that rely on persistent TCP connections, such as routers supporting BGP, could be affected.

PCs Monitored, E-mail Bugged

Research reveals an average of 28 pieces of spyware per computer, and half of spam filled with activity-tracking beacons.

Exploit for Windows SSL Flaw Circulating

Unpatched systems are at risk of DoS attacks but security experts warn the threat level could grow considerably.

Network Worm Allows Remote Control Access

Sophos Tuesday issued an alert for Agobot-ZY, a network worm that also allows unathorized remote access to a computer via IRC channels.

Network Worm Allows Unauthorized Computer Access

Sophos Tuesday issued an alert for W32/Agobot-ZY, a network worm that also allows unauthorized remote access to the computer via IRC channels.

Netsky Variants Continue to Thrive, Wreak Havoc

Several vendors Tuesday reported the detection of the W32/Netsky.X worm, which is designed to spread, using its own SMTP engine, to as many computers as possible.

Worm Ends Antivirus Programs, Firewall Processes

Zafi.A is a new worm that ends processes belonging to antivirus programs and firewalls, among others, according to various security vendors that issued alerts Monday.

FTC Urges Industry Solutions to Spyware

Officials say better tools and intense consumer education are key to protecting users from invasive programs.

Multiple Linux Flaws Reported

The more serious vulnerability could cause buffer overflows and lead to privilege escalation attacks.

University Effectively Using Anomaly Detection

Network monitoring technology initially developed at the University of New Brunswick several years ago eventually helped spawn the formation of Q1 Labs. Today UNB remains a beta tester and customer of the company's anomaly detection software.

AntiOnline Spotlight: Gone Phishing

Best Buy, Symantec, Citibank, eBay... What do these companies have in common? Scammers are banking on their good name to trick users into coughing up valuable information. Protect yourself and your staff.

New Netsky Variant -- No Attachment Needed

Users don't even need to open an attachment to be infected with the latest variant of the virulent Netsky virus. And analysts worry this means the bug could spread far and fast.

Stanford's Linux Supercomputers Compromised

A sophisticated password sniffing program called 'John the Ripper' is behind the attacks, but officials don't see coordinated effort.

Browser-based Attacks 'Surging'

Virulent viruses and worms aren't the only things to watch out for. Security analysts say browser-based attacks are escalating in frequency and damage. And now a new study backs up the warnings.

Hardware Today: Security, After the Breach

You've taken great care to back up your data and secure the server room. But is this always enough? We look at two products -- one to secure the rack and one to protect backup tapes -- designed for after an intruder has picked the lock.

MP3 Trojan Affects Only Mac Platform

Some security vendors Monday issued a low-level alert for MAC_MP3CONCEPT.A, a proof-of-concept Trojan that only affects the Macintosh platform.

Q1 Labs Release Features Threat Management, Behavior Modeling

An updated, renamed version of Q1 Labs' security software includes real-time enhanced threat management, behavior modeling, alerting and reporting.

Malware Week in Review

This week's report will focus on four worms: Bugbear.C, variants S and T of Netsky, and Sober.F.

Worm Allows Remote Access Through IRC

W32.Gaobot.YC is a variant of W32.HLLW.Gaobot.gen that attempts to spread to network shares and allows access to an infected computer through an IRC channel.

AntiOnline Spotlight: Securing Laptops

Unlike their deskbound cousins, portables regularly venture outside of the safe confines of your network. You may not be able to control where they go, but you definitely have some say in what hitches a ride back with them.

The Deadly Duo: Spam and Viruses, March 2004

The spam ratio only grew by 1 percentage point, but the economic damage from malware was staggering.

Mass-Mailing Worm Has Backdoor Component

Several vendors Thursday issued alerts for W32/Netsky-U, a mass mailing worm with a backdoor component, which is functionally identical to W32/Netsky-S.

An Hour with Kevin Mitnick, Part 2

We conclude our talk with Kevin Mitnick as he provides a glimpse into the mindset of a hacker, discusses attitudes toward security spending and gives author Vince Barnes (and everyone else) a reason to think twice before taking caller ID at face value.

Worm Spreads Through Remote Network Shares

W32/Sdbot-HB is a worm that attempts to spread to remote network shares, according to Sophos, which issued an alert Wednesday.

New Bugbear, Netsky Variants Sent Via Email

Security vendors Tuesday issued alerts for new strains of the Bugbear and Netsky mass-mailing worms.

Mass-Mailing Worm Harvests Addresses from Local System

Security vendors Monday issued a low-threat alert for W32/Sober-F is a mass mailing worm that sends itself to addresses harvested from the local computer.

Plan to Counterattack Hackers Draws More Fire

Now that Symbiot, Inc. has released information on its plans to enable companies to counterattack digital threats, some security analysts have stepped up their concerns that it could cause more problems than it solves.

A Mysterious Solution to Your Security?

Imagine a circuit board that fits into a PCI slot of any machine running Windows or Linux, stops virus activity without requiring updated 'signature' files and thwarts hackers and malware. A Ukrainian company claims to have developed just such technology.

Malware: Archive: April 2004

Topic Centers

Articles by Type

Contact Us

More Security