Hackers target wireless devices

Sophos research shows that as many as 71% of people believe their local authorities should prevent staff from accessing confidential data about citizens, via laptops, BlackBerries or other mobile devices when they are working away from the office.

Brett Myroff, CEO of Sophos distributor Netxactics, says: "These results come in light of a number of authority blunders around the world involving the loss of confidential data.

"In 2007, Newcastle City Council in the UK, for example, admitted to losing the payment card details of 54 000 local residents - information which was held on an unsecured server, and accessed by a computer outside of the UK."

Viruses and Trojans making the rounds this week include the Troj/Tiny-DC Trojan, which is affecting Windows users, says Myroff: "It downloads code from the Internet and installs itself in the registry. It also occurs as Win32/TrojanDownloader.Tiny.NJ Trojan."

Furthermore, notes Myroff, W32/Chir-B, also affecting the Windows OS, is an e-mail worm, an EXE file infector and an HTM/HTML file infector.

"The worm component of the virus attempts to spread via e-mail by sending itself to e-mail addresses found in the Windows address book."

He says the e-mail contains the Iframe exploit and a MIME exploit to run the virus automatically when the e-mail is viewed.

The virus also infects Windows executables on both local and network drives, but will not infect files in folders matching "wind*" or "winn*", including all sub-folders of those folders, states Myroff. "As a result of this, files in folders with names such as Windows or Winnt will not be infected."

The W32/Tvido-A virus also spreads via network shares and infected files. It leaves non-infected files on computer and aliases include Win32/Tvido.C and Virus.Win32.Tvido.b.

W32/Tvido-A infects EXE files on the C: drive and in writeable network shares.

Troj/Nuclear-BE, a backdoor Trojan for the Windows platform, has also been noted, and provides unauthorised remote access to the infected computer.

Troj/Nuclear-BE attempts to drop a file which is also detected as Troj/Nuclear-BE. "The dropped file has the capability to take system snapshots, log keyboard and can give access to a remote server," says Myroff.

The Troj/Bckdr-QLS Trojan is also making the rounds. It allows others to access the computer and downloads code from the Internet. "It can also act as a spamming tool to send messages to other users via MSN Messenger," he says.

"While the advice to secure your network from unauthorised access can only be repeated; given the need for more flexible working environments, organisations must also properly secure portable devices just as they would the internal network. Hard drives containing work-related information need to be fully encrypted, and non-work related applications such as VOIP and IM, which could be exploited by hackers, should be blocked," he concludes.