News briefs


The Kama Sutra Worm lacked the punch many experts had feared. The mass-mailed, pornography-promising worm, also known as Nyxem.E, infected far fewer PCs -- an estimated tens of thousands -- than the expected hundreds of thousands because most systems were cleaned during the much-publicized outbreak. Experts also attributed the lack of activity to users not rebooting their machines on the third of the month, the activation date. The destructive payload overwrites files, including Word and Adobe Acrobat documents, and disables security software.

Oracle was repeatedly blasted by IT security bloggers over delays to issue patches for known vulnerabilities, while others criticized the corporate software giant over an increasing number of flaws that need fixing.

Oracle corrected more than 80 vulnerabilities in each of its last two quarterly patch updates, leading some analysts to warn that systems could be ripe for attacks. Meanwhile, a British researcher questioned why a patch was not issued for a flaw he exposed that allows a hacker to gain control over an Oracle database through a web server. The company has said it issues patches in order of the vulnerabilities' severity.

The Sober virus reactivation date came and passed, and security firms reported no activity. The malware was designed to connect to numerous services. The Sober family appears to be authored by a German speaker and is comprised of 30 variants dating back to October 2003.

A new FBI computer crime survey claimed that nine out of ten companies experienced a security incident over a 12-month period. Almost 64 percent of 2,066 companies polled reported a financial loss due to the lapses. Viruses and spyware topped the list of malware attacks the companies faced.

A web-based trojan building program was discovered by security teams from Sunbelt Software. The easy-to-use kit helps hackers create trojans specifically designed to steal bank account and credit card information used to purchase items online.

Bots are the fastest growing malware threat, with more than 10,000 new variants detected last year, Panda Software said.

The Glendale, Calif.-based company reported a 175 percent jump in new bots in 2005, 20 percent of the total new malware detected.

Cybercriminals are catching on to the destructive payload that botnets -- or networks of bots -- can inflict on vulnerable systems, the company said.

U.S. PC users are more worried about becoming victims of online fraud than victims of a physical attack, an IBM study of 700 adults revealed. More than three times the number of respondents believe they will be victims of an online scam than be affected by physical violence.


What is it?

WMF files are Windows metafiles, a 16-bit file format developed by Microsoft for storing vector or bitmap graphics.

How does it work?

Microsoft created Windows metafiles to store a sequence of function calls and arguments to the Windows GDI (Graphic Display Interface) library. Unlike most graphic file formats that are parsed and translated into drawing instructions, the GDI calls in a WMF file are directly executed.

Should I be worried?

All image file parsers are potentially vulnerable to exploitation if they do not correctly validate user input. However, the ability to define and execute CPU instructions inside the file itself has led to a rash of exploitations by way of hostile WMF files.

How can I prevent it?

Microsoft has released patches for some of the vulnerabilities, but more have been found and will probably continue to be found. The three biggest vectors for malicious WMF files coming into the enterprise are web, email and instant messaging. WMF file extensions can be renamed to GIF or JPG and still be parsed, so each potential entry vector needs to have a filtering solution that can block potentially malicious files by content scanning.

Joe Stewart, senior security researcher, LURHQ

[email protected]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.