It's Sobering news as viruses, worms, and Trojans emerge from an apparent holiday -- rested and ready to wreak havoc once more.
Details
Just when you thought virus and worm attacks had finally slackened and no longer needed to top your list of concerns, new attacks are conspiring to bring malware concerns back to the forefront of security thinking. In addition, the latest version of Sober has surged across the Web, infecting more than three times as many emails in May as the month before.
Bagle
Meanwhile, a new version of the Bagle worm (designated Glieder by Computer Associates) has spread rapidly, using a new three-horned approach. The initial attack is the usual mass-mailing email that contains an infected attachment, which harvests addresses from the address book of infected systems. The next action is to download a Trojan called Fantibag that blocks automatic antivirus updates, including links to Microsoft's Windows Update Web page.
Finally, the worm downloads a second Trojan called Mitglieder, which disables firewalls and antivirus software. According to the News.com report, spammers are paying a bounty of five cents per computer for compromised PCs. With zombies now a commodity market with an economic incentive for attackers, we can expect increasingly more sophisticated Trojan attacks as well as a surge in the number of attacks.
Mytob
Mytob is a dangerous new piece of malware that uses MyDoom exploit code. According to a NewsFactor.com report, antivirus firm Trend Micro believes this new infection often carries spyware and speculates that it may be a commercial venture. In addition, Mytob shows signs that its creators are taking caution to spread it carefully in order to avoid media attention.
As many of you know, major media outlets (i.e., television and newspapers) have a tendency to only mention malware when there's a widespread infection hyped by some security vendor -- and that's usually after the infection has already run its course. However, it appears that Mytob may be the first malware intentionally kept low-key so it can fly below the radar of the major media, giving it a chance to spread further among home users and others who actually rely on getting security news from TV news reports.
At least five new versions of Mytob appeared in the first two days of this month. For more information, check out the Symantec report on Mytob.da.
CA AV Vulnerability
SecuriTeam.com reports that there's a vulnerability in Computer Associates' VetE.dll virus library. This affects various CA products, including the eTrust family and some Zone Labs products, so make sure you get the appropriate updates. According to Computer Associates, the risk level is medium for this remote access code-execution threat.
