Recent Malware News
In the past 28 days, Symantec has reported 111 detections in their “Detections Added” pages. This includes 77 items rated on their Category 1 to 4 Risk Assessment scale, plus an additional 34 other items that aren’t rated. (These are items that can only infect or infest a system by invitation, so they can’t be rated by infectiousness.) By category, the breakdown of the 77 rated items is as follows: 58 at Category 1, 17 at Category 2, and two at Category 3. (No threats qualified for Category 4 during the monitoring period from July 28 to Aug. 23, 2004.) In the interests of brevity, Table 1 lists only items at Category 3. The daily average for detections in this period was 4.44 (but 3.08 if only rated items are counted). Category 2s represented about 22 percent of the rated total, Category 3s about 2.5 percent, much more “normal” vis-à-vis long-term trends than the last monitoring period when the percentage of Category 2s was greater than 30 percent!
Table 1: New Category 3 Items from 7/28-8/23/2004
Notes: Please prepend http://www.symantec.com/avcenter/venc/data/ to the preceding URLs to construct complete links.
Category 4 entries in bold.
Both Beagle and Mydoom are familiar worms, and in fact appeared in our last news report as well.
On July 30 and Aug. 10, Microsoft released security bulletins (the lower-numbered bulletin appeared on July 30, the higher-numbered one on Aug. 10):
- MS04-026: Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842463; Severity: Moderate). Affects Exchange Server 5.5, SP4. Creates possibility of remote code execution based on cross-site scripting and spoofing vulnerabilities (relates to vendor-neutral vulnerability report CAN-2004-0203 from the common vulnerabilities and exposures database at www.cve.mitre.org).
- MS04-025: Cumulative Security Update for Windows Internet Explorer (867801; Severity: Critical). Affects Windows NT 4.0 SP6a, Windows 2000 SP 2-4, Windows XP with and without SP1, and Windows Server 2003 (all versions), could impact Windows 98, 98 SE or Windows Me, as well. Addresses various critical vulnerabilities including a buffer overflow, cross-domain scripting and resulting from presentation of a specially malformed .GIF file.
Updates for both vulnerabilities are available from Microsoft and should be installed as soon as testing and deployment considerations will allow.
Recent news reports indicate that phishing—attempts to trick unwary e-mail recipients or Web page visitors into disclosing personal, financial or identity information that could lead to identity theft or unauthorized access to financial holdings—is very much on the rise. Ominously, SearchSecurity reports on broad availability of “phishing kits” on the Internet that make such attacks more feasible for those without deep programming skills. In a related story, you can also read about a Trojan Horse that targets AOL Instant Messenger (AIM) users, and that seeks to steal financial data from infected systems. Many experts have observed that the nuisance and damage element of malware seems to be on the wane, as more malefactors seek to steal valuta from their victims instead of damaging their computers or using them to stage attacks on third parties.