The oldest trick in the malware book

Security: Threat Alert This newsletter is sponsored by Blue Coat Get the latest on Web Acceleration Tools Discover how to significantly improve document delivery times for users that are physically away from your centralized data center. A document that takes 80 minutes to delivery to a user across the globe could be delivered in three minutes with Web acceleration. Learn how your IT organization can benefit from this technology. Listen to this Webcast now. Network World's Security: Threat Alert Newsletter, 10/04/07 The oldest trick in the malware book By Jason Meserve Today's malware news: Lewd celebrity photos mask Trojan payload Angelina Jolie and Halle Berry were unwilling vectors of a massive spam campaign last month, in which naked pictures of the two actresses obfuscated a Trojan payload. Computerworld, 10/03/07. Webcast: Get the latest on NAC Learn the latest on Network Access Control in Network World's Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected. To learn more click here. Money mules and more... Malware authors are seeking money mules for their illegal activities. Symantec Security Response blog, 10/02/07. Online Videos May Be Conduits for Viruses Online videos aren't just for bloopers and rants _ some might also be conduits for malicious code that can infect your computer. As anti-spam technology improves, hackers are finding new vehicles to deliver their malicious code. And some could be embedded in online video players, according to a report on Internet threats released Tuesday by the Georgia Tech Information Security Center as it holds its annual summit. WashingtonPost.com, 10/02/07. ********** Today's roundup of bug patches and security alerts: Apple patches QuickTime According to the Apple advisory, "A command injection issue exists in QuickTime's handling of URLs in the qtnext field in files with QTL content. By enticing a user to open a specially crafted file, an attacker may cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution. This update addresses the issue through improved handling of URLs. This issue does not affect Mac OS X systems." ********** Two new updates from Mandriva: mPlayer (heap overflow, code execution) libsndfile (heap overflow, code execution) ********** Four new fixes from rPath: OpenSSL (buffer overflow, code execution) xorg-x11 (multiple flaws) qt-x11-free (denial of service, code execution) rMake (code execution, elevated privileges) ********** Four new patches from Debian: elinks (information disclosure) quagga (null pointer, denial of service) OpenSSL (buffer overflow, code execution) Linux kernel 2.6 (multiple flaws) ********** From the interesting reading department: Malicious code infects Chinese security site The Web site of one of China's Internet security organizations has been laced with malicious code. At least three pages on the Chinese Internet Security Response Team's (CISRT) Web site are rigged with a malicious "iFrame," a hidden window on a Web page that can allow code such as JavaScript to run on a visitor's PC, according to Trend Micro's malware blog. IDG News Service, 10/03/07. Web's 'dark corners' are everywhere, group says It's getting harder and harder to know who to trust on the World Wide Web, according to online safety advocates StopBadware.org. On Tuesday, the group released its 2007 Trends in Badware report, saying the bad guys are finding new ways to place their malicious software on our computers -- often by compromising Web sites that we trust. IDG News Service, 10/03/07. Data on Gap job applicants exposed in laptop theft Gap said on Friday that a laptop storing personal information on 800,000 job applicants was "recently" stolen from the offices of a third-party vendor that manages job applicant data for the retailer. Computerworld, 09/28/07. Feds bust alleged botmaster who attacked antiscam site A 21-year-old man has been arrested and charged with launching a distributed denial-of-service (DDoS) attack against CastleCops, an online forum and Web site that specializes in rooting out Internet scams. Computerworld, 10/03/07. The October State of Spam report With the housing market taking a continued hit in September, in-boxes also took an increased hit as spammers exploited the recent market slowdown and subsequent interest rate cut by the Federal Reserve in the U.S. As noted in the October State of Spam Report, Symantec has seen a marked increase in spam directed towards homeowners and prospective homeowners offering refinancing, home equity loans, and actual houses. Symantec Security Response blog, 10/03/07. Hackers post techniques for reversing iPhone upgrade Owners of hacked iPhones have begun posting instructions on how to roll back a recent Apple firmware upgrade that rendered their mobile phones unusable. IDG News Service, 10/02/07. Paid-for 'zero footprint' browser launches A U.K. security company has launched a 'zero footprint' browser it claims will protect users from the security problems that regularly afflict popular browsers. The work of London-based EISST (Enterprise Information Security Systems & Technology), the XP and Vista-compatible e-Capsule Private Browser, to give it its full name, uses a mixture of techniques to protect a Windows user's identity and keep browsing data away from prying eyes. TechWorld, 10/02/07. Consumers only think they're cyber safe Most U.S. consumers believe they're protecting their computers against cyberattacks, but their actions indicate they aren't as safe as they think, according to a study released Monday. IDG News Service, 10/01/07.   What do you think? Post a comment on this newsletter

MOST-READ REVIEWS FOR THE PAST YEAR: (Registration no longer required!) 1. NAC alternatives hit the mark 2. WAN acceleration offers huge payoff 3. Aruba conquers challenge of Wi-Fi scalability 4. Cisco hits on firewall/VPN, misses on ease of use 5. IP PBXs built on open source show promise 6. Vista security needs admin attention 7. Backup standbys show their strength 8. Is Microsoft OCS your next IP PBX? 9. Open source management tools score big 10. Open source Quagga router acceptable

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Blue Coat Get the latest on Web Acceleration Tools Discover how to significantly improve document delivery times for users that are physically away from your centralized data center. A document that takes 80 minutes to delivery to a user across the globe could be delivered in three minutes with Web acceleration. Learn how your IT organization can benefit from this technology. Listen to this Webcast now. ARCHIVE Archive of the Security: Threat Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007