Viruses & Malware

The first worm that successfully attacks an October vulnerability in Microsoft Windows was spotted in the wild Thursday, a pair of security organizations said.

Both F-Secure and the SANS Institute's Internet Storm Center (ISC) said that the worm, dubbed Dasher.b, had been nabbed by the Honeypot Project, a German group that deploys exposed PCs to attract malicious code and capture samples. The worm exploits the MSDTC vulnerability disclosed by Microsoft in its October patch batch.

Anti-virus firms have cracked an algorithm that was being used by the Sober worm to 'communicate' with its author.

The latest variant of the Sober worm caused havoc in November by duping users into executing it by masking as an e-mails from the FBI and CIA. Anti-virus companies were aware that the worm somehow 'knew' how to update itself via the Web. The worm's author programmed this functionality in order to control infected machines and, if required, change their behaviour.

A new "Sober" worm is set to hit in January in an attack tied to the founding of the Nazi party that could slow the Internet with tens of millions of politically-motivated spam e-mails, security experts said Wednesday.

The impending outbreak is the latest variant of a worm that that last hit the Internet on Nov. 22 and marked the most prolific computer virus of its kind this year, according to VeriSign Inc.'s security unit iDefense.

A new worm that targets users of America Online's AOL Instant Messenger is believed to be the first that actually chats with the intended victim to dupe the target into activating a malicious payload, IM security vendor IMlogic warned Tuesday.

According to IMlogic, the worm, dubbed IM.Myspace04.AIM, has arrived in instant messages that state: "lol thats cool" and included a URL to a malicious file "clarissa17.pif." When unsuspecting users have responded, perhaps asking if the attachment contained a virus, the worm has replied: "lol no its not its a virus", IMlogic said.

More than two years after Blaster turned the summer of 2003 into an IT administrator's worst nightmare, the worm is still very much alive and there are fears within Microsoft that thousands of Windows machines will never be completely dewormed. According to statistics culled from Microsoft's Windows malicious software removal tool, between 500 and 800 copies of Blaster are removed from Windows machines per day.

Just in case you were wondering what Sober's latest adventures in cyberspace were, let us tell you that end of last week the pesky worm managed to interfere with all Microsoft-based-webmail bringing great difficulties in receiving mails to Hotmail and MSN users.

Microsoft had warned last week, that both proof-of-concept code and an exploit are out, to take advantage of an un-patched bug in Internet Explorer.

The security flaw in IE - originally reported in May, was initially thought to allow only a denial-of-service (DOS) attack. However security vendor - Computer Terrorism said that the vulnerability could be exploited to hijack a computer, by simply luring users to a malicious Web site.

Despite being released in the third week of last month, Sober was by far the most successful piece of malware and accounted for more than 40 percent of all viruses in November, according to Sophos.

The latest Sober variants started to spread on November 19 and within days began threatening corporate e-mail gateways due to the sheer volume of messages generated by infected PCs. Security experts say the virus was successful because it arrived in an e-mail that seemed to have been sent from the FBI or CIA, warning the recipient that they had been visiting illegal Web sites.

Attackers are taking advantage of an unpatched vulnerability in Internet Explorer to target users of the ubiquitous Web browser, Microsoft warned late Tuesday.

Malicious software that exploits the security flaw to download a Trojan horse to vulnerable computers has been found on the Internet, according to Microsoft. Detection and removal capabilities for the "TrojanDownloader:Win32/Delf.DH" have been added to Microsoft's recently launched online security-scanning tool.

The number of worms that targeted instant-messaging services hit 62 in November, up 226 percent from October and hitting a new record, Akonix Systems said Tuesday. Of the worms, 58 were variants of previous pests, and four were new. In the same month, a total of 14 attacks hit peer-to-peer networks, such as Kazaa and eDonkey, according to Akonix, which sells security software and appliances.