Welcome | Log In
Internet

Latest IE Worm Developed in Record Time

Print Version
E-Mail Article
Reprints

By Keith Regan
E-Commerce Times
Part of the ECT News Network
11/09/04 1:43 PM PT

While most security firms have designated the threat from the worm in the medium range, it is notable because of how quickly it was developed, Graham Cluley, technology consultant with Sophos antivirus, said. "This is one of the fastest turnarounds of vulnerability discovery to full-blown worm that we have ever seen," Cluley explained.


The Year in Mac Security 2008
2008 was a busy year for Mac security and malware, with a number of new threats targeting Macs, from Trojan horses to scareware, from browser flaws to Mac OS X vulnerabilities. This document is a summary of the year's security issues that affected Macs. [Download PDF: 3 pgs | 249k]

Security firms are warning of a new e-mail worm that began infecting computers just days after the vulnerability it exploits in the Internet Explorer (IE) browser was made public.

The worm, which some information security experts say is a variation of the MyDoom virus that ravaged the Web earlier this year, is spread through e-mail but does not rely on getting users to open attachments, as past worms have, according to antivirus firm McAfee More about McAfee.

Instead, it uses promises of payments or suggestions of unauthorized credit card use to get users to click links that connect users to an infected machine and spread the worm. Other versions use promise of a Webcam site or similar enticements. Once a machine is infected, the program harvests e-mail addresses and sends out versions of itself.

Spreads Through Links

While most security firms have labeled the threat of the worm in the medium range, it is significant because of how quickly it was developed, Graham Cluley, technology consultant with Sophos More about Sophos antivirus, said.

"This is one of the fastest turnarounds of vulnerability discovery to full-blown worm that we have ever seen," Cluley said. The flaw, which he called "serious," was found just last week and no patch was available as of today.

Sophos has dubbed the worm "Bofra" and Cluley said it cannot properly be considered a MyDoom variant because it relies on links to spread, rather than attachments.

In a bulletin, Microsoft (Nasdaq: MSFT) More about Microsoft called the worm a version of MyDoom and said XP users who have installed Service Pack 2 were at "reduced risk." It did not give a timeline for providing a specific patch.

Fast Turnaround

Security firms said the specific vulnerability was discovered and made public on Friday in Web postings by hackers going by the aliases of "ned" and "SkyLined." Later that day, security firm Secunia More about Secunia and the U.S. CERT More about CERT had posted warnings about the flaw.

Symantec (Nasdaq: SYMC) More about Symantec said today it had logged about 40 reports of two variations on the MyDoom virus and said it expects the spread rate to remain relatively low because of the design of the worm.

McAfee said that so far it has received about 100 reports of the virus in the wild. It boosted its risk rating on the Mydoom virus to medium.

F-Secure More about F-Secure director of antivirus research Mikko Hypponen said a patch for the I-Frames vulnerability that enables the attack did not appear to be part of Microsoft's latest monthly patch release. He said the new worm seemed to borrow parts of the MyDoom shell but also some of the techniques used to spread the Blaster worm, which spread itself not from a central location but from infected machine to target machine.

He said F-Secure had yet to see widespread infection reports as well, but said the worms are significant for the security industry because of how fast they appeared.

"These viruses are one of the fastest ever to take advantage of a new security vulnerability," he added.

Social Networking Toolbox:
Talkback: Be the first to comment on this story.

Print Version E-Mail Article Reprints More by Keith Regan   RSS

Related Resources

Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> WiFi Hotspot Locator
Most E-Mailed Articles
  1. How to Build a Small-Business Web Site, Part 1: Nuts and Bolts
  2. Keep in Touch With Customers - but Not Too Much
  3. US Tech Firms Team to Juice Up Electric Car Batteries
  4. How to Build a Mac Home Network
  5. Facebook Faces Nature's Wrath in Breastfeeding Photo Flap
TechNewsWorld
E-Commerce Times
MacNewsWorld
CRM Buyer
LinuxInsider
Sponsored Links
Is Your Wireless LAN Deployment at Risk?
Take the FREE Motorola AirDefense WLAN Security Assessment
Think your data is safe?
Think again. It's time to Outthink the Threat. Get eBook now.
Max your Mac...Parallels Server for Mac
Consolidate Mac Servers. Run Windows Server on your Mac. Watch a Demo or Download a Trial.
Akamai Web 2.0 White Paper
Web 2.0 is Here – Is Your Infrastructure Ready? Maximize the value of your interactive site.
Fujitsu ScanSnap
Scan with the Touch of a Button - Click to learn more.
  WiFi Hotspot Locator
City or Zip/Postal Code:
Country/Region:
ECT News Network Information
Locate Products and Services
Corporate
Reader Services
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2009 ECT News Network, Inc. All Rights Reserved.