In the virus spirit of Christmas

The bad guys have kindly given instant messaging users a Christmas present, just in time to exploit dropped malware guards during the holidays.

This issue's topics:

Virus News:

* In the virus spirit of Christmas

* Sober-Z isn’t a good worm

* A bumper malware year

* A bumper malware year

Security News:

* The PC Protected

Virus News:

* In the virus spirit of Christmas

The bad guys have kindly given instant messaging users a Christmas present, just in time to exploit dropped malware guards during the holidays. The IM.GiftCom.All worm attempts some festive season social engineering to lure people into visiting a website that downloads and installs a rootkit on their computers. The rootkit in turn tries to kill antivirus programs and then sits there, logging personal information which can be retrieved via that internet.

Nice. Meanwhile, Symantec and McAfee’s antiviruses have been found holey, and seriously so. A range of Symantec Norton Antivirus products are vulnerable to heap overflows when scanning RAR archives; no patches are available yet, but Symantec says to turn off scanning of .rar files for the time being. Scanning of these occurs automatically, meaning the vulnerability could be exploited without user intervention.

An ActiveX control (a Windows executable format that a friend in the AV industry once described as “criminally insecure software”) in McAfee’s VirusScan can be used for remote code execution – a webpage crafted to take advantage of the vulnerability can be used to create any kinds of files on users’ computers, including executable ones. Again, no update is available yet.

The above threats come at a particularly bad time of the year, when admins and users aren’t likely to pay attention to patching and updating.

- Santa Claus worm strikes IM clients

- Serious flaw reported in Symantec antivirus software

- Symantec AntiVirus Decomposition Buffer Overflow

- iDefence Advisory: McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite Vulnerability

* Sober-Z isn’t a good worm

Just goes to show that malware reaches everyone and everywhere on the net. However, I don’t agree with Paderborn police and Sophos’ media puppy Graham Cluley that computer worms can be good just because the paedophile was fooled by Sober-Z to turn himself in.

All it means is that the person in question is stupid as well as a pervert. There’s no need to glorify malware writers as it’s completely certain they never intended Sober-Z to do good.

- Sober worm prompts net perv confession

* A bumper malware year

It’s getting worse, not better. And, we’re struggling to fend off attackers who plant malicious software on our systems.

Creating malware has become a big business and 2005 was a record year in that respect, with recorded internet-borne software attacks increasing by almost a half. Next year will probably be even worse, as criminals join up to swap ideas to come up with multiple vector exploits.

Doubts are already being expressed about antivirus and security software vendors’ ability to meet that challenge. Microsoft isn’t showing any signs yet of fundamentally redesigning its operating system architecture to stop rogue code from rampaging all over computers, but even if it did, it would take a while before its customers migrated to it. Expect to waste more time worrying about malware in 2006, in other words.

- Was your business at risk for 56 days this year?

- Internet Threats Up 48 Percent This Year

- Virus and Security Watch archive

Security News

* The PC Protected

If we can’t fix malware and security issues in software, can we do it in hardware? Intel think so, and it’s “LaGrande” technology should be with us in 2006 when the chip giant releases new CPUs.

LaGrande technology, or LT for short, is pretty hardcore. It’s about protecting data inside computers from the outside world (yes, that includes PEBKAC users). LT does by armouring many of the traditional attack vectors used currently, such as video memory, input devices like mice and keyboards, main memory and the direct memory access controllers which malicious software can use to peek and poke at RAM without the CPU’s knowledge.

Virtualisation adds another layer of security, with the underlying “monitor” or supervisor operating system being inaccessible from user space.

LT and its associated technologies such as the Trusted Platform Module “Fritz” crypto coprocessor (named after US senator Fritz Hollings) have been in the works for the past years, and they are controversial.

While LT may indeed help deal with some of today’s threats (like rootkits), it also opens up the vista of users ceding control over their computers to the multinationals in the Trusted Computing Group. There is also the concern that LT will be used as to enforce arbitrary digital rights management and even used to decide which software users can and cannot run on their computers. Apple could use it to ensure that only the Intel x86 hardware it supplies will run OS X for instance, and we could see single or limited-use movie rentals that cannot be copied and self-delete after viewing or a set amount of time.

Documents can also be coded so that only those who are authorised to do so can read, edit and forward them – and remote deletion of documents now becomes a possibility. No more worries about leaked memos for corporations and governments, in other words.

Open Source coders could run into difficulty with LT as well, because by definition such systems are not open and the specifications won’t be made available for free.

In other words, take an interest in TCPA and LT now, before it’s too late.

- Isolation and Protection: Intel's LaGrande Vision for Trusted Virtualisation

- Intel: LaGrande Technology (LT) for safer computing

- Trusted Computing Group

- AgainstTCPA

- 'Trusted Computing' Frequently Asked Questions by Ross Anderson

Join the newsletter!

Error: Please check your email address.

More about AppleIntelMcAfee AustraliaMcAfee SecurityMicrosoftNortonSophosSymantecTechnology

Show Comments

Market Place

[]