Johannesburg, 21 Sep 2007
A security hole was made public this week, discovered by the way Firefox and Apple QuickTime work together, potentially allowing privileged code to execute on a user's computer without permission.
"Hackers can exploit the flaw to access data on a vulnerable PC or run malicious code such as a worm," says Brett Myroff, CEO of master Sophos distributor, Netxactics.
Businesses and homes are advised to update their copies of the Mozilla Firefox Web browser to protect against this security flaw.
"Security is not just a problem for users of Microsoft products like Internet Explorer. While it is more often the target of attack for hackers than Firefox, this doesn't mean that users of non-Microsoft products can stick their heads in the sand about security.
"There are no excuses for dragging your feet, and not using the latest version of your Internet browser," Myroff says.
Also on this week's list of lower prevalence malware threats is the Troj/ShipUp-K Trojan, affecting Windows users. When first run, Troj/ShipUp-K copies itself to \infrom.dat and creates the file <Windows>\ldlist.txt. This file can be deleted.
Troj/Dorf-S, another Trojan for Windows, also made an appearance this week. Troj/Delf-EYC, a backdoor Trojan also known as Backdoor.Win32.Delf.bku, is further affecting some Windows users, and allows others to access the computer and install itself in the registry.
Spreading through network shares is the W32/Rbot-GTH worm. "It has IRC backdoor functionality for the Windows platform and runs continuously in the background, providing a backdoor server, which allows a remote intruder to gain access and control over the computer via IRC channels," Myroff says.
When first run, W32/Rbot-GTH copies itself to <Windows>\msnmsgs.exe and creates the file <Windows>\images.zip. The following registry entry is created to run msnmsgs.exe on start-up: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSN\msnmsgs.exe.
Another worm, W32/VB-DXN, is spreading via chat programs. Its aliases include W32/Generic.a@MM and Email-Worm.Win32.generic - also a worm for the Windows platform.
W32/VB-DXN attempts to spread through the instant messaging application Yahoo! Messenger. When first run, W32/VB-DXN copies itself to:
<Windows>\Help\Other.exe
<Windows>\dc.exe
<Windows>\inf\Other.exe
<Windows>\sviq.exe
<System>\Fun.exe
<System>\WinSit.exe
<System>\config\Win.exe
and creates the file <Windows>\wininit.ini.
A number of registry entries are created to run dc.exe, Other.exe, sviq.exe, Fun.exe and Win.exe on start-up.
While companies have to ensure they are running up-to-date anti-virus and the latest security patches, it is also becoming increasingly important that computers connecting to a company network - whether guests, contractors or regular workers - adhere to the company's security policy.
Myroff explains that any unpatched computers present a potential threat to businesses, and companies should consider the benefits of implementing a network access control (NAC) solution to defend against any future vulnerability issues.
"NAC can help ensure only properly secured PCs are connecting to the network, and give visibility as to which computers are not defended against the dangerous vulnerabilities," he adds.
Share