Mobile phone viruses, largely considered a paper tiger in the digital security world, became a bit more dangerous this week with the release of a two-pronged program.
Antivirus company F-Secure said on Monday that writers have released a virus, known as Lasco.A, that spreads both through wireless connections and by attaching itself to files,. Until now, malicious mobile phone programs have spread using one mechanism or the other.
It seems there is a Trojan on the lose that is exploiting the recent WINS vulnerability which can be found in MS04-045. The Trojan that is known as Troj/Winser-A attempts to spread using the WINS vulnerability, while backdooring compromised systems along the way.
The main part of the Trojan is called ccEvtMngr.exe which is an attempt to masquerade as an executable called ccevtmgr.exe which is part of the Norton Internet Security Suite. This file is 139Kbytes in size and contains another file called ccSetMngr.ext which the Trojan attempts to drop onto the system.
An updated variant of the Skulls Trojan horse comes disguised as a new version of the Macromedia Flash player to fool users of mobile phones running the Symbian operating system. Skulls.D disables applications needed to remove it, drops the Cabir.M worm onto phones and informs users that they have been infected by displaying a full-screen flashing skull, Mikko Hypponen, director of antivirus research at F-Secure, in Helsinki, said Friday in a telephone interview.
A new variant of the Skulls Trojan horse that affects Symbian-based cell phones has been discovered.
Worms have fallen out of favour with virus writers to be superseded by Trojans as the most virulent malicious code, according to antivirus firm Panda Software.
The Downloader.GK Trojan has topped the company's 2004 problem chart, accounting for 14 per cent of reported incidents. The next most common infection, the Netsky worm, managed less than half this level.
An anti-Santy worm that uses search engines to spread among online bulletin boards has been spotted, a security company has reported.
F-Secure said on Friday that it was aware of seven sites that had been defaced by the worm, which appears designed to combat the Santy worm. The anti-Santy worm searches Google for sites that use the PHP Bulletin Board (phpBB) software exploited by the earlier worm, infects the sites and attempts to make the sites more secure by installing a patch.
A new version of the santy worm was discovered late New Year’s eve 2004. This version of the worm now contains fifty exploits targeting a myriad of different PHP applications.
The initial posting on full disclosure by Peter Dudikoff [here] supplied links to the source code of both the worm [here] and the IRC bot [here]. When Peter visited the channel that the compromised hosts connect to there appeared over 60 hosts already present.
The BBC is reporting that there has been a 50% increase in the number of viruses released in 2004; as many as 100,000 viruses were seen 'in the wild', many of them doing serious damage to their targets. Bot-nets, computers infected with remote control software featured largely in 2004; equally prominent was the use of viruses and these bot-nets for cyber-crime and sending spam.
Days after Google acted to thwart the Santy worm, security firms warned that variants have begun to spread using both Google and other search engines.
The Santy problem originally flared up a week ago as bulletin board Web sites found their pages erased and defaced by the worm's own text. The worm spread by targeting pages that used vulnerable versions of the PHP Bulletin Board (phpBB) software, and used Google to locate those pages.
Use protection. Please.
It's a message people like Ryan Kokai try to knock into the heads of family, buddies and co-workers time and time again.
And he's not talking about sex. In his role as tech wizard, the 25-year-old is frequently called away from his desk to clean up co-workers' computers that have been infected with viruses or other troublesome computer ailments. He makes house calls in the evenings and on weekends for his friends — and sometimes friends of friends.
