Malware attacks on all fronts

Microsoft warns of malware exploiting known vulnerability Patches from Debian, Ubuntu The McColo takedown: Online neighborhood watch, or Internet frontier justice?, and other interesting reading

By Jason Meserve, Network World
December 01, 2008 09:21 AM ET

Today's malware news:

Microsoft warns of malware exploiting known vulnerability
Microsoft is warning users of a rise in attacks on a vulnerability in Windows that could trigger a worm infestation on networks, and the company is encouraging companies to apply an emergency patch released in October. Microsoft says it has reports from users on a worm called Win32/Conficker.A, which infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.exe). Network World, 11/26/2008.

Also: Hundreds of vulnerable servers infected by the Conficker.A worm

New OS X Malcode: Not Just a DNSChanger
Seems that Apple’s OS X has been taking a minor beating in the malcode front lately, as noted in the blog post New Trojans Strike OS X from CA. I got a copy of it last night and had a look, I wanted to see what the OS X malcode community was up to. The answer is both nothing much (it’s like we stepped back to 1999) and some new stuff (new approaches not yet seen in the OS X world, but old hat on Windows). Security to the Core, 11/24/2008.

Related Content

More: OSX.Lamzev.A: The Mac OS X Trojan Kit

Estonian ISP cuts off control servers for Srizbi botnet
An Estonian ISP that temporarily hosted the command-and-control servers for the Srizbi botnet, responsible for a large portion of the world's spam, has cut off those servers, according to computer security analysts. IDG News Service, 11/27/2008.

Previously: Massive botnet returns from the dead, starts spamming

Capital One "Member Satisfaction Survey" Phish
They've not done a very good job with this Phish - they display an obviously fake URL, for one thing - but they do get some bonus points for attempting to lure the end-user in: "You've been selected to take part in our quick and easy 9 questions survey. In return we will credit $20 to your account - Just for your time!" The SpywareGuide Greynets Blog, 11/26/2008.

This BofA Demo Thing Got Big Fast
The Obama spam and malcode gang is back at it with a new fast flux phishing and malcode ruse. This time it’s a demo from the Bank of America that requires the classic "Flash Upgrade". Security to the Core, 11/27/2008.

Today's bug patches and security alerts:

Seven new patches from Ubuntu:

Samba (bounds checking, denial of service)

GnuTLS (man-in-the-middle attack, information disclosure)

OpenOffice.org (multiple flaws)

WebKit (code execution)

Pidgin (multiple flaws)

HPLIP (multiple flaws)

Thunderbird (multiple flaws)
**********

Five new fixes from Debian:

imlib2 (buffer overflow, code execution)

iceweasel (multiple flaws)

enscript (buffer overflow, code execution)

xulrunner (multiple flaws)

hf (local privilege escalation)
**********

From the interesting reading department:

The McColo takedown: Online neighborhood watch, or Internet frontier justice?
Security researchers are banding together to police the Net against allegedly nefarious hosting firms. That may not be the best approach, but it may be the only viable one for now. Computerworld, 12/01/2008.

Challenges await Obama in bid to build up federal IT security
As President-elect Barack Obama prepares to take office, the task of upgrading the security of federal computer systems continues to be a work in progress. Computerworld, 12/01/2008.