Spyware, Viruses, & Security forum

General discussion

NEWS - January 20, 2007

UPDATE - European Storm Video E-Mail

A new variant of this virus has surfaced over the last 3-4 hours. This variant is slightly smaller than the original.
MD5 checksums for the files are:

cf6c72dfa5a05beb46f21a21cb6d3487 for the original version
b9a0d6c8493ad79c2c09137871b95672 for the new variant (some of you will get the hash 01a1115bcb0d5e32a98c76a50ac8868d on the same file).

(If you have a file that does not match the above two signatures feel free to submit it)

AV products are picking up the original, only some are picking up the variant (that should change over the next few hours).

The subject and file names are changing as well in line with the news headlines of the day. In addition to the subjects mentioned in Part 1 we have seen:

Chinese missile shot down USA aircraft
Chinese missile shot down USA satellite
Chinese missile shot down Russian satellite
Russian missile shot down USA aircraft
Russia missile shot down USA satellite
Russian missile shot down Chinese aircraft
Radical Muslim drinking enemies' blood
Sadam Hussein alive!
Sadam Hussein safe and sound!

Read more: http://isc.sans.org/

Discussion is locked
You are posting a reply to: NEWS - January 20, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 20, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Sun Java Vulnerability in processing GIF images

In reply to: NEWS - January 20, 2007

Published: 2007-01-19,
Last Updated: 2007-01-19 12:19:04 UTC
by Mark Hofman (Version: 1)
Sun has released an alert notification regarding a vulnerability with the JRE (CVE-2007-0243 )

The alert states that an overflow vulnerability may allow the escalation of privileges.

The recommendation from Sun is to upgrade your JRE.



Collapse -
Antivirus 2.0: The Bouncer Approach

In reply to: NEWS - January 20, 2007

Whitelisting may be the way to stay ahead of malware.

By Larry Greenemeier

Jan 20, 2007 12:00 AM (From the January 22, 2007 issue)

The antivirus model in use today is broken, largely because it's set up to block known malware and has no way of anticipating the nature of the next attack. The weakness of this blacklisting approach showed up in the last year as attackers developed faster, automated ways of launching malware variations that eluded unsuspecting defenses. Now being used is a "whitelisting" approach that acts like a nightclub bouncer working from a guest list. If you're not on the list, you're not getting in.

Successive, low-volume attacks last year struck targeted networks in waves. Each contained a slightly different version of a particular malware. The variants had to be individually identified and blocked, allowing malware writers to stay ahead of signature-based antivirus programs, according to a report by e-mail security vendors Proofpoint and Commtouch Software.

Read more: http://www.informationweek.com/story/showArticle.jhtml?articleID=196902080&cid=RSSfeed_IWK_Security

Collapse -
Swedish Bank loses $1 Million through Russian hacker

In reply to: NEWS - January 20, 2007

phishing attack

Russian hackers have used phishing techniques to get hundreds of customers of Sweden's largest bank to divulge their username and password without realizing it, resulting in losses over well over $1 Million dollars.

Sweden's largest bank, called Nordea Bank, has been under phishing attack since 2005, with the first successful attack taking place in August 2006. Detected only a month later, the attacks have continued, resulting in a massive loss through phishing fraud, perpetrated by Russian hackers routing their attacks through servers in the US.

250 customers have been affected so far, with at least 121 more customer accounts under investigation. The hackers used a phishing email that advised bank customers to download an anti-spam tool that loaded the 'haxdoor.ki' Trojan.

More at http://www.itwire.com.au/content/view/8772/53/

Collapse -
Critical Microsoft & Mozilla Patches for 2006

In reply to: NEWS - January 20, 2007

Collapse -
Another trojan run by the Storm Worm gang

In reply to: NEWS - January 20, 2007

We got a repeat of what happened last night - but with modified version of the trojan and fresh news items in the subject field.

This time the subjects in the mails are:

Russian missle shot down Chinese satellite
Russian missle shot down USA aircraft
Russian missle shot down USA satellite
Chinese missile shot down USA aircraft
Chinese missile shot down USA satellite
Sadam Hussein alive!
Sadam Hussein safe and sound!
Radical Muslim drinking enemies' blood.
U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
U.S. Southwest braces for another winter blast. More then 1000 people are dead.
Venezuelan leader: "Let's the War beginning".
Hugo Chavez dead.

And the attachment names are:

Full Video.exe
Read More.exe
Full Text.exe
Full Clip.exe

Read more: http://www.f-secure.com/weblog/

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.