Viruses & Malware

A program that exploits a software vulnerability Microsoft recently described could spell trouble for companies that haven't quickly patched their system, security experts said this week.
Released on a security mailing list earlier this week, the program takes advantage of a flaw in Microsoft's Messenger Service to cause Windows-based computers to crash. The vulnerability affects almost every current Microsoft Windows system, leaving security experts concerned that independent hackers will quickly find a way to take control of a large number of computers by exploiting the flaw.

About 85 percent of China's PCs have been infected by viruses this year, according to a government survey

A record number of China's computers have been hit by viruses this year, according to a ministry survey.

About 85 percent of computers in China were affected by viruses in 2003. This is 1.5 percentage points higher than 2002 and 25.5 percentage points higher than 2001, according to the survey.

Carried out by the Ministry of Public Security, the survey was carried out during May and June this year, according to official news agency Xinhua.

The Swen virus has been blamed for delaying emails to BigPond customers by up to several days.

On Tuesday, BigPond reported its customers were receiving emails late due to a rapid rise in messages being sent and received through the network.

Email messages had increased on average from about eight million to 13 million daily.

Spokeswoman Kerrina Lawrence today said the Swen virus was responsible for the sudden surge in traffic.

The network worm and backdoor Trojan, Donk-D, has been reported in the wild, warns anti-virus company Sophos.
Copying itself to network shares with weak passwords, it also attempts to spread by exploiting the now-familiar vulnerabilities in Windows RPCSS service - see also today's story New RPC flaw in Windows.

Mobile phone operators say it is only a matter of time before the wireless world is hit by the same sorts of viruses and worms that attack computer software.

With an increasing amount of information being sent through wireless channels, new threats are opening up.

Nigel Deighton, of consultancy firm Gartner, said one reason computer software has been hit hard by hackers is that users often undo a lot of the security measures that systems' administrators put in place. This makes them more vulnerable to viruses.

The most commonly received virus for September is a new entry – the Swen worm, which fools users into opening an attachment by masquerading as a Microsoft security update email.

The number of malicious attacks has hit an all time high in 2003. Not only are viruses and worms increasing in number, but, thanks to the Internet, are propagating at an ever faster rate.
These are the gloomy findings of the latest Internet Security Threat Report from Symantec Corporation. However, this will not come as news to companies which, Symantec says are experiencing 38 attacks per company per week compared to 32 attacks per week in 2002, a 19 per cent increase.

Telkom has responded to a barrage of complaints about slow e-mail delivery by firmly blaming a recent e-mail virus attack.

Customers are up in arms about delays of up to four hours during the past two weeks, but Telkom says the explanation is simple. “Telkom provides a free virus scan service, but for every infected e-mail that's received, another e-mail has to be sent out notifying the sender and intended recipient,” says corporate communications senior manager Hans van de Groenendaal. “This generates an extremely high flow of e-mail, which has caused the delays.”

The Dumaru worm is continuing to evolve. First appearing only in mid-August, it has now reached its fifth generation in the wild with the Dumaru-E variant.
Purporting to come from 'security@microsoft.com', the virus email will have a subject line of 'Use this patch immediately !' and a patch.exe attachment.

As we always repeat, Microsoft does not send security updates by email so this message should be easily identifiable as a rogue mailing. Do not execute the patch attachment!

A new network virus called Worm.Win32.Smbmsn.163840 was discovered two days ago by Asia-based Global Hauri. This worm spreads through MSN Messenger through a file called SMB.EXE. If the user accepts this file, it will send itself to all contacts on his or her contact list. If the user executes it, a DOS prompt will come up for about a second and disappears. This occurs because it unzips a couple of files to the C: root and windows directories. The file also tempers with the registry (see below for details).