Just because you were not in your office over the Christmas holidays, didn’t mean everybody was taking it easy. The New Year has spawned a new crop of viruses that are out to hack your hard drive and inundate your in-box. Experts say some popular file-sharing software may have ‘spyware’ attached, while a new worm is attacking security software.
Most recently, the Maldal.D worm, also known as ZaCker, which was written and distributed after Christmas, sparked fears that the worm could sneak past security software that wasn’t updated over the holiday break. However, anti-virus company Symantec’s Security Response division rated Maldal.D as a moderate threat.
A new high-risk worm, called ‘Goner’, which attempts to delete a number of program files on infected computers, including firewall applications, is also on the loose.
The worm spreads by way of an attachment sent to users of Microsoft’s Outlook and Outlook Express e-mail programs. Goner appears in user’s in-boxes as an e-mail with the subject line “Hi” and includes an attachment called Gone.SCR, which appears to be a screen saver. In a change from the usual worm formula, it also travels through the chat application ICQ, sending a copy of itself to all online users. The worm installs a backdoor program that is activated whenever the mIRC chat application is launched and that can be used in Denial of Service attacks.
A new variant of the older Badtrans virus, called Badtrans.B, is nastier than most mass mailer worms: it does not require a user to click on an attachment and is executed as soon as a user opens an infected e-mail. It is even more devious than its predecessor, according to McAfee.com and TruSecure, because it arrives in the recipient’s in-box with a “Re:” e-mail subject line that has already been sent in a bona fide e-mail previously.
The worm installs a Trojan horse, or backdoor, program that will allow an attacker to gain access to the infected computer and then attempts to sends the IP address of the infected machine to the worm’s author. After execution, Badtrans B also runs a keylogger program that can record all data entered via the keyboard, including passwords, credit card numbers and other personal information. The data gathered by the keylogger is saved in encrypted form on the system’s hard drive.
Symantec also reported the presence of ‘spyware’ bundled with Grokster and Limewire, two popular file-swapping downloads. The code evidently does not damage computers, but it secretly sends personal information such as user ID names and the Internet address of computers to another Web address.
Advertising software called ‘Clicktilluwin’, which is bundled with the file-swapping programs, carries a program called ‘W32.DIDer,’ which Symantec has classified as a Trojan horse — a piece of code that takes over parts of a person’s computer unseen in order to carry out its own instructions.
Although unrelated advertising programs are routinely bundled with free file-swapping programs, this appears to be the first time one of them has included a program classified as a Trojan horse by security experts.
The Trojan horse software installs itself even if a computer user selects an option that appears to block Clicktilluwin’s installation. For this reason, anti-virus companies are warning people to scan their computers after installing these products to ensure the code is removed.
Limewire replaced the version with Clicktilluwin with a clean version. Grokster apologised and provided its users with a program that will remove the offending bits of code from PCs.
Meanwhile, a security hole was found in AOL Time Warner’s instant messenger application that experts said could provide ‘wiggle room’ for a widespread and destructive worm. AOL Time Warner quickly implemented a server-side fix — meaning people will not have to download the patch. The security bug affected AOL Instant Messenger (AIM) version 4.7 and the 4.8 beta, or test version. Only AIM users running Microsoft’s Windows operating system were vulnerable.
Subscribers 0
Fans 0
Followers 0
Followers