News Items: Recent Malware News
Because InfoSec Briefings has been on a bit of a hiatus, there’s a pretty long gap since the last newsletter—65 days, in fact. Because of the amount of time that’s elapsed, we’ll cover only the highlights on the malware and vulnerabilities fronts, instead of our more usual detail. That translates into a summary of malware (viruses, Trojans and worms) discovered since the last issue, followed by specific mention only of items at Category 3 or higher in Table 1, and a quick roundup of Microsoft bulletins in May and June thereafter.
Across the 65-day period reported here, Symantec reports 273 instances of malware, or an average of 4.2 per day. Of the items reported, there were only two category 3s (less than 1 percent), 68 category 2s (about 25 percent) and 203 category 1s (about 74 percent). Nothing was reported at category 4 or 5 during this monitoring period.
Table 1: New Category 3 Items From April 23 to June 28, 2004
Date | Name | URL |
5/1 | W32.Sasser.B.worm | w32.sasser.b.worm.html |
6/1 | W32.Korgo.F | w32.korgo.f.html |
Notes: Please prepend http://www.symantec.com/avcenter/venc/data/ to the URLs to construct complete links.
The Sasser worm takes advantage of the Local Security Authority (LSASS.EXE) vulnerability reported in Microsoft Security Bulletin MS04-011 and proved to be both virulent and one of the shortest time lags between report of a vulnerability and a related exploit ever. Likewise, Korgo also exploits the same vulnerability, but some different port addresses. Both underscore the need to test and deploy Microsoft security updates as quickly as possible nowadays.