Saturday, January 22, 2005

WORM UPDATE!! The Worm in CNN's Headlines

Getting headline news sent via e-mail is a common activity that a new worm in the wild is hoping to take advantage of. Security firm Sophos this week reported the discovery of a worm that takes headlines from the CNN Web site and attempts to install a Trojan on the recipient's PC.

Sophos has called the worm Crowt-A(W32/Crowt-A). In addition to taking the subject from the CNN news site, it also takes message text, which further helps create the fagade of legitimacy. As with many worms, the malicious code is contained in an attachment that is used to deploy its payload.

In the case of Crowt-A that payload is a Trojan keylogger that logs and then sends the user's keystrokes to a remote address. The Trojan also provides a backdoor allowing an attacker remote access to the infected machine.

The worm propagates by its own e-mail engine to addresses found in the Windows address book or even the Windows internet cache folder. The forged headers that the worm creates, however, make it appear as though the e-mail was sent via Microsoft Outlook Express.

"Virus writers are always looking for new tricks to entice innocent computer users into running their malicious code; this latest ploy feeds on people's desire for the latest news," said Carole Theriault, security consultant at Sophos, in a statement. "Many people subscribe to legitimate e-mail news updates, but the message is simple -- businesses need to make sure their anti-virus detection is constantly updated, and users need to be suspicious of all unsolicited e-mail whether it's promising celebrity pictures or news updates."

In other security news, Cisco issued an advisory this week about a vulnerability in its Internetwork Operating System (IOS). The advisory addresses all Cisco devices running any unfixed version of Cisco IOS code that supports and is configured for Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST).

According to Cisco, successful exploitation of the vulnerability may result in a device reload. Repeated exploitation could result in a Denial-of-Service attack.

Free software upgrades to address the issue are available through the Cisco update channel. By Sean Michael Kerner

0 Comments:

Post a Comment

<< Home