Mytob gets through Xtra's anti-virus

The country's largest ISP, Telecom Xtra, was hit week before this by a new mytob variant that went straight through its antivirus defences as provided by McAfee.

This issue's topics:

Virus News:

* Mytob gets through Xtra’s anti-virus

* The only way virus writers make friends...

Security News:

* Sony CDs plants DRM rootkits

* Security concerns voiced over Skype

* Microsoft patches it to users

Virus News

* Mytob gets through Xtra’s anti-virus

The country’s largest ISP, Telecom Xtra, was hit week before this by a new mytob variant that went straight through its antivirus defences as provided by McAfee. Adding insult to injury, it spoofed Xtra helpdesk addresses according to the ISP’s spokesman Nick Brown. On Monday afternoon that week, Xtra had received a patch and all was fine and attachment-stripping dandy again according to Brown.

The incident didn’t go unnoticed by competing antivirus vendors. Here at Computerworld, we received a few gleeful emails about how Vendor A’s product caught the worm whereas Xtra’s antivirus didn’t.

What is that they say about hubris, guys?

* The only way virus writers make friends...

And, they’re not even real ones.

- Teen uses worm to boost popularity

Security News

* Sony CDs plants DRM rootkits

The battle against music piracy is raging on, and it’s getting more ruthless and dirty by the day. Sony is clearly one entertainment giant that thinks its Digital Rights Management efforts supersede customers’ rights not to have their computers violated by stealthy software they haven’t agreed to install.

Windows programming luminary Mark Russinovich of Sysinternals fame discovered this week that by simply playing an audio CD published by Sony BMG a so-called rootkit got planted on his computer. Rootkits are in Windows terminology cloaking technologies that malware programmers use to hide their creations from security and diagnostics software, and as such, are a major cause of concern.

Russinovich found what had been planted on his computer by chance when he was running a tool he’d written to ferret out rootkits and was shocked. If someone as seasoned and knowledgeable as Russinovich can pick up rootkits, the chances are they are far more widespread than previously thought.

Worse, attempting to remove the rootkit isn’t trivial and could render users’ CD drives inaccessible from Windows according to Russinovich.

For now, the threat can be mitigated somewhat by turning off Autorun on CD drives so that the rootkit doesn’t get installed automatically. However, these sorts of underhand tactics mean that security conscious Windows admins may have to ban users from playing back audio CDs on their computers – or remove the drives altogether?

Interestingly enough, it appears that the Sony BMG music discs don’t attempt to plant anysuch noxious DRM rootkits on Apple OS X machines, only on Windows ones. Draw your own conclusions.

- Mark’s Sysinternals blog: Sony, Rootkits And Digital Rights Management Gone Too Far

* Security concerns voiced over Skype

Speaking of software that doesn’t do quite what users think it does, the Skype VoIP client has reached critical mass of users and is now officially on the security worries list, according to analysts.

Skype issued a critical patch last week to deal with what Secunia term “highly critical” flaws. What makes Skype appear on malware writers and security experts radar screens is not just that it has become so popular, but also the firewall and NAT-busting technology it uses.

The “supernodes” technique of using proxies that relay voice and signalling traffic for calls means that two Skype users with firewalled and NAT’ed machines can talk to each other. However, it also means that the “supernodes” could be used as conduits for malware traffic.

Furthermore, most people don’t even know about supernodes or that under certain conditions, their machines may end up as such. Skype users have reported that when their boxes turn into supernodes, they keel over – not so much thanks to the traffic generated, but because the Skype client opens up a large number of TCP connections. This in turn chews up large amounts of system resources and can crash some routers and low-specced PCs. An unintended denial of service, in other words. Skype needs to deal with this as soon as possible and build in some form of control and rate-limiting of the supernode system into its clients.

- Skype patches critical flaws

- Skype supernodes sap bandwidth

- Skype could pose security problems for companies, analysts say

* Microsoft patches it to users

Keep up to date, Microsoft says, or else you will be r00t3d. Most of us do, leaving Automatic Updates on, sucking down the updates and installing them straight away.

The last thing we want to hear is that the patches cause more problems than they’re meant to solve, but apparently this does happen. In fact, some Microsoft patches don’t even patch what they’re meant to patch.

Microsoft has lately been boasting a lot about how it has improved code quality through automated tools and by beating sense into programmers… err, I mean by training developers how write things right. Sounds as if the patch devs weren’t reprogrammed though.

- Microsoft patch problems continue

- Another Black Eye for Microsoft Patch Creation Process

Join the newsletter!

Error: Please check your email address.

More about AppleBMG Lab TechMcAfee AustraliaMicrosoftSecuniaSkypeSonyXtra

Show Comments
[]