Microsoft on Friday released a patch for Internet Explorer designed to close three critical holes in the browser, including one that paved the way for the Download.Ject Trojan horse.
The software maker offered a work-around earlier this month and had promised in recent days that a comprehensive fix would be coming soon. Microsoft has also worked with law enforcement to shut down the Russian server that had been the source of malicious code.
The new patch, which is available from Microsoft's security Web site, closes the hole, and Microsoft encouraged all IE users to update their browsers. Technically, the flaw is what's known as a cross-domain vulnerability, through which an attacker is able to cross a security boundary within the browser to deliver and execute malicious code.
Microsoft security program manager Stephen Toulouse said that the company was already working on an Internet Explorer update when it became aware in late June that the vulnerability was being exploited. "Once we became aware of the specific attack on our customers, that's when we began to mobilize," Toulouse said, pointing to the company's work with law enforcement and Internet service providers.
The patch also addresses two other publicly known flaws in IE, both related to image processing and both rated as critical because they could allow malicious code to be run on a vulnerable system.
Toulouse said the company does not know of any attacks related to these two flaws, but he added, "We want to make sure that customers have this update so they are protected."
Security company Symantec encouraged Web surfers to apply the patch.
"With the widespread use of Microsoft Internet Explorer in both the enterprise and consumer environments, it is critical that security patches be applied immediately," Alfred Huger, senior director of Symantec Security Response, said in a statement.
Some have said that IE vulnerabilities have become so common that Web surfers should consider other browsers.
Toulouse noted that the company has improved IE in the forthcoming Windows XP Service Pack 2, adding that those running that version of the operating system were not vulnerable to the attack because of changes the company made to the internal structure of the browser.
Saturday, July 31, 2004
Friday, July 30, 2004
Microsoft Issues Patch for Browser Security Flaw
SEATTLE (Reuters) - Microsoft Corp. (Nasdaq:MSFT - news) on Friday issued a widely expected patch for its Internet Explorer browser, which was known to have a flaw that would let hackers take control of computers and distribute malicious software code.
The security warning, which Microsoft rated as "critical," was issued as an extra bulletin ahead of the company's regular monthly security bulletin because of the serious risk to computers, the world's largest software maker.
Redmond, Washington-based Microsoft launched a campaign in early 2002 to boost the security and reliability of its software, and is due to release a major update to Windows XP (news - web sites) next month aimed at improving the security of the company's flagship operating system.
Friday's patch will be included in the update for Windows, called Service Pack 2, and will fix three previously known flaws that existed in Internet Explorer.
Hackers, reportedly from Russia, exploited the flaw last month when computers running Internet Explorer viewed pages on a server designed to exploit the flaw and steal information.
Craig Schmugar, a virus research manager at McAfee Inc. (NYSE:MFE - news), recommended that users download the patch and also avoid clicking on any links in spam e-mail, which could direct users to Web pages that exploit the flaw.
"Those users are going to be at a greater risk," Schmugar said
Microsoft also urged customers to download the patch at www.microsoft.com/security.
The security warning, which Microsoft rated as "critical," was issued as an extra bulletin ahead of the company's regular monthly security bulletin because of the serious risk to computers, the world's largest software maker.
Redmond, Washington-based Microsoft launched a campaign in early 2002 to boost the security and reliability of its software, and is due to release a major update to Windows XP (news - web sites) next month aimed at improving the security of the company's flagship operating system.
Friday's patch will be included in the update for Windows, called Service Pack 2, and will fix three previously known flaws that existed in Internet Explorer.
Hackers, reportedly from Russia, exploited the flaw last month when computers running Internet Explorer viewed pages on a server designed to exploit the flaw and steal information.
Craig Schmugar, a virus research manager at McAfee Inc. (NYSE:MFE - news), recommended that users download the patch and also avoid clicking on any links in spam e-mail, which could direct users to Web pages that exploit the flaw.
"Those users are going to be at a greater risk," Schmugar said
Microsoft also urged customers to download the patch at www.microsoft.com/security.
Wednesday, July 28, 2004
Faster Updates, More Security To Arrive In XP SP2
A streamlined software update process and a more protective Internet Explorer browser will be some of the key features of Windows XP (news - web sites) Service Pack 2 when it arrives in August, Microsoft executives said Wednesday.
XP SP2 will streamline Windows software updates using a new version of Automatic Update (AU) client, said Mike Nash, senior executive in charge of security at Microsoft, Redmond, Wash., during a monthly security briefing.
With the new AU, bandwidth-throttling features will slow the update process when the system detects that it is monopolizing bandwidth used by other applications, such as Web browsing or messaging, said Nash. The new AU will also delay any reboot required by an update until the next system shutdown, he added.
In addition, Windows Update version 5-"which will ship along with XP SP2 in August"-will add efficiency to the update process by not recommending already-installed updates, said Nash.
XP SP2 will also prevent a system from over-installing related updates, or "encompassing fixes," during an update process, Nash said. "You'll only get that security fix that's necessary," he said.
XP SP2 will also enable the Internet Explorer browser to "eliminate an entire class of vulnerabilities," said Dean Hachamovitch, product unit manager for Internet Explorer.
"We've done a lot of work in the user experience to keep users in control of the experience," Hachamovitch said, citing as an example Internet Explorer's improved ability to decline and prevent unwanted Internet downloads.
Overall, Microsoft's development path for its client and server operating systems should "reduce the number of reboots by 10 percent," said Nash. "We are also committed by the end of the year to reduce the number of installers from about eight now to two. One for kernel, one for application level."
Name changes are also planned for the company's update services, Nash said. "Next year we will replace Windows Update with Microsoft Update. We will also replace Software Updating Services with Windows Updating Services."
Written by: Dan Neel, CRN
XP SP2 will streamline Windows software updates using a new version of Automatic Update (AU) client, said Mike Nash, senior executive in charge of security at Microsoft, Redmond, Wash., during a monthly security briefing.
With the new AU, bandwidth-throttling features will slow the update process when the system detects that it is monopolizing bandwidth used by other applications, such as Web browsing or messaging, said Nash. The new AU will also delay any reboot required by an update until the next system shutdown, he added.
In addition, Windows Update version 5-"which will ship along with XP SP2 in August"-will add efficiency to the update process by not recommending already-installed updates, said Nash.
XP SP2 will also prevent a system from over-installing related updates, or "encompassing fixes," during an update process, Nash said. "You'll only get that security fix that's necessary," he said.
XP SP2 will also enable the Internet Explorer browser to "eliminate an entire class of vulnerabilities," said Dean Hachamovitch, product unit manager for Internet Explorer.
"We've done a lot of work in the user experience to keep users in control of the experience," Hachamovitch said, citing as an example Internet Explorer's improved ability to decline and prevent unwanted Internet downloads.
Overall, Microsoft's development path for its client and server operating systems should "reduce the number of reboots by 10 percent," said Nash. "We are also committed by the end of the year to reduce the number of installers from about eight now to two. One for kernel, one for application level."
Name changes are also planned for the company's update services, Nash said. "Next year we will replace Windows Update with Microsoft Update. We will also replace Software Updating Services with Windows Updating Services."
Written by: Dan Neel, CRN
Tuesday, July 27, 2004
McAfee: June Hack Tops So Far For 2004
While mass mailers continue to plague corporations and spyware is the big evil for consumers, the most serious threat in the first half of the year was the Download.Ject/Scob attack, which exploited still-unpatched vulnerabilities in Microsoft's Internet Explorer, said McAfee Monday.
McAfee's virus research and response team -- dubbed AVERT -- ranked the Top 10 threats for the first six months of 2004, and put Download.Ject/Scob, a Trojan horse that infected IE users' machines in a brief attack in late June in the Number 1 spot.
"At the time, [Download.Ject/Scob] seemed kind of minor, but once it got into networks, the impact was huge," said Brian Mann, the outbreak manager for AVERT in defending the ranking.
AVERT also rated it top beast, said Mann, as a kind of placeholder for the high number of attacks that use HTML code to move malicious code onto users' machines, as well as a way to spotlight the increasingly dangerous trend of behind-the-scenes attacks.
In the case of the Download.Ject/Scob Trojan, users were infected when they visited compromised servers running Microsoft's Internet Information Services (IIS) software; vulnerabilities in their IE browsers allowed the Trojan to open a backdoor and steal confidential information, all without the users' knowing anything was afoot.
Number 2 on the hot list was VBS/Psyme, another Trojan that exploited a vulnerability in Internet Explorer.
"The amount of different malware that uses these tactics is phenomenal," said Mann.
To come up with its Top 10 list, McAfee tallied the usual virus submissions by its clients, but also integrated factors such as customer impact -- based on conversations with enterprises that use its anti-virus and security software -- and whether the attacks exploits an unpatched vulnerability.
Three of the Top 10 are variations of the Netsky worm, which leaped to prominence early this year as it engaged in a tit-for-tat exchange with rival Bagle. "The war between the Bagle and Netsky authors caused a tremendous increase in the number of virus attacks seen this year," said Mann. Of the four worms on the list were Netsky.d, Netsky.p, and Netsky.q; the other was the original MyDoom.
Four of the Top 10 spots in McAfee's list were occupied by various adware/spyware threats, proof that this security risk category is serious, and not just a danger to consumers.
"Spyware is most definitely a problem for enterprises," said Mann. There the biggest concern is over possible loss of critical and confidential data, Mann continued. "They're worried about what spyware is delivering, what it's doing to their systems."
The rise in spyware's seriousness -- 60 percent of the malicious threats McAfee tracked during the first half of the year were what it dubbed "Potentially Unwanted Programs (PUPs), which includes spyware -- is due to a number of factors, including better hacker technology, more virulent spyware, and devious tactics such as programs that automatically replace one uninstalled piece of spyware with another.
Overall, McAfee saw a continued increase in the number of security threats, and a dramatic climb in those it found worthy of watching. It counted a 20 percent increase in threats during the first half of 2004 compared to 2003, and had tagged more threats as "Medium" or higher during 2004's first quarter than it did in all of 2003.
"I've seen it from both the support side and the research side," said Mann, "and the increase of high-risk threats is just incredible."
Written by: Gregg Keizer, TechWeb News
McAfee's virus research and response team -- dubbed AVERT -- ranked the Top 10 threats for the first six months of 2004, and put Download.Ject/Scob, a Trojan horse that infected IE users' machines in a brief attack in late June in the Number 1 spot.
"At the time, [Download.Ject/Scob] seemed kind of minor, but once it got into networks, the impact was huge," said Brian Mann, the outbreak manager for AVERT in defending the ranking.
AVERT also rated it top beast, said Mann, as a kind of placeholder for the high number of attacks that use HTML code to move malicious code onto users' machines, as well as a way to spotlight the increasingly dangerous trend of behind-the-scenes attacks.
In the case of the Download.Ject/Scob Trojan, users were infected when they visited compromised servers running Microsoft's Internet Information Services (IIS) software; vulnerabilities in their IE browsers allowed the Trojan to open a backdoor and steal confidential information, all without the users' knowing anything was afoot.
Number 2 on the hot list was VBS/Psyme, another Trojan that exploited a vulnerability in Internet Explorer.
"The amount of different malware that uses these tactics is phenomenal," said Mann.
To come up with its Top 10 list, McAfee tallied the usual virus submissions by its clients, but also integrated factors such as customer impact -- based on conversations with enterprises that use its anti-virus and security software -- and whether the attacks exploits an unpatched vulnerability.
Three of the Top 10 are variations of the Netsky worm, which leaped to prominence early this year as it engaged in a tit-for-tat exchange with rival Bagle. "The war between the Bagle and Netsky authors caused a tremendous increase in the number of virus attacks seen this year," said Mann. Of the four worms on the list were Netsky.d, Netsky.p, and Netsky.q; the other was the original MyDoom.
Four of the Top 10 spots in McAfee's list were occupied by various adware/spyware threats, proof that this security risk category is serious, and not just a danger to consumers.
"Spyware is most definitely a problem for enterprises," said Mann. There the biggest concern is over possible loss of critical and confidential data, Mann continued. "They're worried about what spyware is delivering, what it's doing to their systems."
The rise in spyware's seriousness -- 60 percent of the malicious threats McAfee tracked during the first half of the year were what it dubbed "Potentially Unwanted Programs (PUPs), which includes spyware -- is due to a number of factors, including better hacker technology, more virulent spyware, and devious tactics such as programs that automatically replace one uninstalled piece of spyware with another.
Overall, McAfee saw a continued increase in the number of security threats, and a dramatic climb in those it found worthy of watching. It counted a 20 percent increase in threats during the first half of 2004 compared to 2003, and had tagged more threats as "Medium" or higher during 2004's first quarter than it did in all of 2003.
"I've seen it from both the support side and the research side," said Mann, "and the increase of high-risk threats is just incredible."
Written by: Gregg Keizer, TechWeb News
Clean-up begins from MyDoom virus
Computer technicians worked Tuesday to disinfect thousands of computers worldwide struck by the MyDoom virus a day earlier, the Washington Post said.
A new variation of the malicious code appeared early Monday, and soon after, the Google, Yahoo, Lycos and AltaVista search engines were overwhelmed for as long as five hours.
The virus circulates the Web disguised as an e-mail with various subject lines, such as "Mail System Error," or "Undeliverable Mail."
Many messages purported to come from the user's corporate e-mail or Internet service provider: "Your e-mail account was used to send a large amount of junk mail messages during this week," read one message bearing the malicious software. "We suspect that your computer was compromised and now contains a trojan proxy server."
The computer would only be infected if the recipient clicked to open the attachment.
The original version of MyDoom in January attacked the Web site of a Utah technology company called SCO Group Inc., which has angered many programmers by filing lawsuits claiming it owns intellectual property related to the free, open-source operating system Linux.
A new variation of the malicious code appeared early Monday, and soon after, the Google, Yahoo, Lycos and AltaVista search engines were overwhelmed for as long as five hours.
The virus circulates the Web disguised as an e-mail with various subject lines, such as "Mail System Error," or "Undeliverable Mail."
Many messages purported to come from the user's corporate e-mail or Internet service provider: "Your e-mail account was used to send a large amount of junk mail messages during this week," read one message bearing the malicious software. "We suspect that your computer was compromised and now contains a trojan proxy server."
The computer would only be infected if the recipient clicked to open the attachment.
The original version of MyDoom in January attacked the Web site of a Utah technology company called SCO Group Inc., which has angered many programmers by filing lawsuits claiming it owns intellectual property related to the free, open-source operating system Linux.
Monday, July 26, 2004
Web Worm Spreads, Slowing Online Search Sites
SAN FRANCISCO (Reuters) - A fast-spreading computer worm disrupted the world's most popular online search sites on Monday, scanning the vast databases of Google Inc. and other search engines to find the e-mail addresses of new victims.
The worm's assault came on the same day that Google disclosed it was seeking as much as $3.3 billion in its highly anticipated initial public offering, although there was no indication that the two events were related.
In a filing with stock regulators, Google made the prescient acknowledgment that "outages and delays" from viruses and worms could harm its business.
The online attack marked an evolution of a worm called MyDoom that infected hundreds of thousands of computers earlier this year. In the current variant, MyDoom not only scans the hard drives of victims for e-mail addresses, but also turns to online search sites to find additional leads.
The worm then sends a copy of itself as an e-mail attachment to those addresses. Users who open those attachments, and who are not protected by security software, infect their own computers.
"Those search requests have been overloading the search engines," said Lloyd Taylor, vice president of technology for Keynote Systems Inc., which measures Web site performance.
A Yahoo spokesman said the effect of the slowdown was limited solely to its search engine and said that by Monday afternoon that impact had been mitigated.
Google, in a statement, said that some of its users had experienced a slowdown but added that it expected full service would be "restored shortly" as of Monday afternoon.
Symantec Corp., a maker of security software, said it received 250 reports about the new worm in two hours, on pace with the original MyDoom attack in January.
"This is certainly equivalent to what we saw back then," said Oliver Friedrichs, a senior manager with Symantec's security response group.
INITIAL SIGNS OF TROUBLE
Initial signs of problems popped up on Monday morning, with reports from around the world that users were having problems searching on Google.com.
Keynote said the attack appeared to have started around 6:30 a.m. PDT (9:30 a.m. EDT), when East Coast office workers arrive and check their e-mail.
As of 2:30 p.m. PDT, the spread of the infection had not yet waned, though Web search sites had apparently found a way to block the automated search requests, Keynote's Taylor said. Antivirus vendors also had updates ready to protect against the latest strain of MyDoom, he said.
Monday's outbreak underscored the more widespread threat of Internet viruses, analysts said.
McAfee Inc. said on Monday it expected 2004 to be a record year in terms of the total number of "successful" viruses and worms, due to smarter malicious code writers and the still-common practice of computer users opening virus-laden messages.
Brian Mann, a virus outbreak manager at McAfee, said that at current rates up to 100 successful viruses and worms could run across the Internet by the end of this year compared with a total of 20 for all of 2003.
"We're already in record territory now" in terms of the number of successful viruses, which are assessed by McAfee as a "medium-risk" to "high-risk" threat, Mann said.
Several thousand computer security threats appear every year but most never cause widespread disruption due to protections, such as firewalls, that prevent malicious code from entering computer systems. (Additional reporting by Spencer Swartz in San Francisco, Ben Berkowitz in Los Angeles)
The worm's assault came on the same day that Google disclosed it was seeking as much as $3.3 billion in its highly anticipated initial public offering, although there was no indication that the two events were related.
In a filing with stock regulators, Google made the prescient acknowledgment that "outages and delays" from viruses and worms could harm its business.
The online attack marked an evolution of a worm called MyDoom that infected hundreds of thousands of computers earlier this year. In the current variant, MyDoom not only scans the hard drives of victims for e-mail addresses, but also turns to online search sites to find additional leads.
The worm then sends a copy of itself as an e-mail attachment to those addresses. Users who open those attachments, and who are not protected by security software, infect their own computers.
"Those search requests have been overloading the search engines," said Lloyd Taylor, vice president of technology for Keynote Systems Inc., which measures Web site performance.
A Yahoo spokesman said the effect of the slowdown was limited solely to its search engine and said that by Monday afternoon that impact had been mitigated.
Google, in a statement, said that some of its users had experienced a slowdown but added that it expected full service would be "restored shortly" as of Monday afternoon.
Symantec Corp., a maker of security software, said it received 250 reports about the new worm in two hours, on pace with the original MyDoom attack in January.
"This is certainly equivalent to what we saw back then," said Oliver Friedrichs, a senior manager with Symantec's security response group.
INITIAL SIGNS OF TROUBLE
Initial signs of problems popped up on Monday morning, with reports from around the world that users were having problems searching on Google.com.
Keynote said the attack appeared to have started around 6:30 a.m. PDT (9:30 a.m. EDT), when East Coast office workers arrive and check their e-mail.
As of 2:30 p.m. PDT, the spread of the infection had not yet waned, though Web search sites had apparently found a way to block the automated search requests, Keynote's Taylor said. Antivirus vendors also had updates ready to protect against the latest strain of MyDoom, he said.
Monday's outbreak underscored the more widespread threat of Internet viruses, analysts said.
McAfee Inc. said on Monday it expected 2004 to be a record year in terms of the total number of "successful" viruses and worms, due to smarter malicious code writers and the still-common practice of computer users opening virus-laden messages.
Brian Mann, a virus outbreak manager at McAfee, said that at current rates up to 100 successful viruses and worms could run across the Internet by the end of this year compared with a total of 20 for all of 2003.
"We're already in record territory now" in terms of the number of successful viruses, which are assessed by McAfee as a "medium-risk" to "high-risk" threat, Mann said.
Several thousand computer security threats appear every year but most never cause widespread disruption due to protections, such as firewalls, that prevent malicious code from entering computer systems. (Additional reporting by Spencer Swartz in San Francisco, Ben Berkowitz in Los Angeles)
Subscribe to:
Posts (Atom)
