Bytware, Inc.

Archive for the ‘Virus News’ Category

Hackers Score Big by Thinking Small (from ComputerWorld)

Monday, June 20th, 2005

The days of hackers sending out viruses for kicks and the creation of general mayhem are giving way to a world of sophisticated, targeted attacks that can reap big rewards for criminals and degrade consumer trust in companies. Organizations that one might think would be the most secure have recently been compromised. Is your company ready to guard against the prying eyes of hackers?

“A recent computer security breach that left 40 million credit cards vulnerable to fraud shows how online criminals are scoring big by thinking small. Cybercriminals are increasingly crafting more focused attacks with a potential for profit as they target one or two companies at a time, rather than blasting out Internet virus attacks across the globe, according to security experts.

The payoffs can be enormous. MasterCard International Inc. said on Friday that an outsider gained access to as many as 40 million credit and debit cards from CardSystems Solutions Inc., a payment processor (see “Security breach may have exposed 40M credit cards”). A MasterCard spokeswoman said yesterday that the attacker had placed a malicious computer script on CardSystems computers…”

(Information excerpted from Andy Sullivan’s ComputerWorld story.)

Massive Internet Attack Threatens Millions with Trojan

Friday, June 25th, 2004

A massive attack on the World Wide Web has been underway affecting thousands of popular websites. Simply visiting an affected page can cause users to become infected with a Trojan horse that can allow hackers to obtain passwords and other critical information from remote systems.SearchSecurity.com has reported on the issue: “A widespread Internet attack has hit thousands of Web sites in the past week, planting malware on vulnerable machines that may be designed to steal credit card and other information then marketed to organized identity theft markets, according to government officials and information security experts.” Read the full SearchSecurity.com story.

Builder.com has also identified the source of the attack in an e-mail security brief: “An attack launched this week by crackers was nipped in the bud on Friday, when Internet engineers managed to shut down a Russian server that had been the source of malicious code for the attack. However, compromised Web sites are still attempting to infect Web surfers’ PCs by referring them to the server in Russia, but that computer can no longer be reached.” Visit Builder.com for the most recent information.

Bytware urges all system administrators and managers to ensure that scanning engines and DAT files are up-to-date.

For more information about iSeries virus protection, visit the main StandGuard Anti-Virus page

Mydoom.F Strikes iSeries Shops

Wednesday, February 25th, 2004

A new variant of the Mydoom worm began making its way around the Internet last Friday, and this particularly nasty worm has already caused a great deal of damage to users—including iSeries shops—thanks to its ability to delete files. W32/Mydoom.f@MM, or simply Mydoom.F, is a mass-mailing and share-hopping worm based upon the original Mydoom code. The second variation, Mydoom.B, dropped the worm’s code making it readily available to virus writers. Experts believe that Mydoom.F originates from a different author than the original.

Like earlier variants of Mydoom, this new worm launches distributed denial of service (DDoS) attacks, this time against Microsoft and the Recording Industry Association of America (RIAA). In addition, Mydoom.F searches for and deletes files on local and mapped drives. Primarily the worm targets images files and Microsoft Word and Excel documents and searches for extensions .bmp, .avi, .jpg, .sav, .xls, .doc, and .mdb. The worm runs in a loop and deletes additional files on each pass.

Mapped drives need not be physically located on the infected system in order to be affected by Mydoom.F. Drives located on other platforms that can house Windows files can be equally affected.

Bytware, Inc., the Reno, Nevada-based developer of StandGuard Anti-Virus for the IBM eServer iSeries, has been contacted by several iSeries shops that have suffered data loss caused by Mydoom.F infection of networked PCs. The iSeries is generally viewed as invulnerable to viruses. A common practice of scanning the iSeries with a Windows PC through a mapped drive can open a door for worms and viruses to the iSeries.

In addition to file deletion and DDoS attacks, the Mydoom.F worm opens TCP port 1080, and additional ports in the range of 3000 to 5000, in an attempt to allow the author access to infected machines.

Mydoom.F arrives as an e-mail attachment of a variety of files types, including .zip. Upon identifying shared or mapped drives, the worm makes copies of itself as .zip archives or .exe files in different directories using random file names. It also propagates by harvesting e-mail addresses from infected systems and mass mailing itself using its own SMTP engine.

Most AV vendors have added definitions for Mydoom.F and experts urge users to update their anti-virus software and to protect all systems, including non-Windows platforms that may act as file servers and are attached to Windows PCs via mapped drives.

For more information about Mydoom.F, visit the Network Associates Virus Information Library at http://vil.nai.com/vil/content/v_101038.htm

For more information about iSeries anti-virus protection, visit the main StandGuard Anti-Virus page.