New exploit targets corporate CA users
An exploit specifically targeting corporate Computer Associates users has been created some three weeks after a critical vulnerability was identified. The attack uses an ActiveX Control buffer overflow vulnerability present in 21 CA products, including BrightStor ARCServe Backup for Laptops and Desktops, Unicentre Remote Control, Software Delivery, Asset Management, Desktop Management Bundle and Desktop Management Suite. Computerworld, 04/01/08.
**********

Mandriva, Gentoo patch CUPS vulnerabilities

Multiple flaws have been found in CUPS, the most serious of which could be exploited to run malicious code on an affected machine. Both Gentoo and Mandriva are out with patches for the problem.

Mandriva

Gentoo
**********

Two new patches from Debian:

xine-lib (multiple flaws)

iceweasel (multiple flaws)
**********

Two new updates from rPath:

lighttpd (denial of service)

Firefox (multiple flaws)
**********

Today's malware news:

Mebroot Spreading through High-Traffic, Compromised Web Sites
Symantec is tracking more and more high-traffic Web sites that become compromised and then used to spread malicious code. After the breach our MSS team spotted out on Tata, we have been notified of another Web site with a similar issue. Symantec Security Response blog, 04/02/08.

Office exploit hits the street
Attack code that targets a recently patched vulnerability in Microsoft Corp.'s Office suite has gone public, a security company said today as it urged users to update immediately. Computerworld, 03/31/08.

Stormy April Fool's Day
A wave of April Fool's Day related Storm mails have just been sent out. Similar as the other times with a link that points to an IP address. F-Secure blog, 03/31/08.

Unusual banking trojan found today
We've seen tons of banking trojans lately, but now we've run into something quite unique. This new banking trojan was found today from a drive-by-download site. We've added detection for it as Win32.Pril.A. It not only infects the MBR of the machine, but also reflashes the boot code in the Flash BIOS, making disinfection problematic. F-Secure blog, 04/01/08.

Sophos warns of Mac Trojan malware
Security consultant Sophos is warning of the appearance of money-grabbing Trojan horse malware aimed at Macs. The firm isn't being alarmist with news of the Imunizator Trojan, which makes false claims that Macs have privacy problems as part of its attempt to install itself. Sophos advises users not to panic. Mac World, 03/31/08.
**********

From the interesting reading department:

"Deep Throat Fight Club" to pummel Web filters
Untangle, a company that makes a security gateway based on open source, next Wednesday plans what it's calling the "Deep Throat Fight Club" in a San Francisco bar to beat on Web filters of six competing vendors. Network World, 04/02/08.

Vermont ski area reports Hannaford-like theft of payment card data
In a security breach that sounds similar to the one disclosed by Hannaford Bros. Co. last month, the Okemo Mountain Resort ski area in Vermont announced this week that data from more than 46,000 credit and debit card transactions may have been compromised during a system intrusion over a 16-day period in February. Computerworld, 04/02/08.

EBay yanks sale of laptop with Vista attack code
Shane Macaulay's attempt to sell a hacked laptop complete with Windows Vista attack code did not last long. EBay pulled the listing within hours of its appearance Monday, saying that it could have harmed users. IDG News Service, 04/01/08.

Also: PWN 2 PAWN: Why the Vista hacker turned to eBay

Shift happens
A year or two ago, most malware was spread via e-mail attachments, which resulted in mass outbreaks like Bagle, Mydoom and Warezov. Nowadays sending .EXE attachments in e-mail doesn't work so well for the criminals because almost every company and organization is filtering out such risky attachments from their e-mail traffic. F-Secure blog, 03/31/08.

Internet has a trash problem, researcher says
Somewhere between 1% and 3% of all traffic on the Internet is meaningless packets of information, used in distributed denial-of-service attacks (DDoS) to knock Web sites offline. IDG News Service, 04/01/08.

Jason Meserve is multimedia editor at Network World.