Bavarian police have spooky Sober moment
Worm warning predicted text exactly
By SecurityFocus
Published Wednesday 16th November 2005 12:30 GMT
Get breaking Security news straight to your desktop - click here to find out how
Bavarian police issued a press release that warned of new Sober.worm virus variants, just one day before three new variants appeared.
In a bizarre set of circumstances, Bavarian Police have issued a press release (translated version) that not only warns of new Sober.worm virus variants, but also includes the email text that will appear in infected emails. The text, "Thanks for your registration. Your data are saved in the zipped Word.doc file!" appears in an email, along with an archived attachment registration.zip. F-Secure made note of this on their blog, and indicated that at least one of the new new Sober worm variants that appeared today had this identical message text.
The Bavarian Police have not provided any additional details as to how they were able to predict the new worm outbreaks, other than indicating that this was part of an ongoing investigation. The author of the Sober worm and some of its many variants is believed to be German.
Copyright © 2005, SecurityFocus
Virus creators target Wikipedia
Malicious hackers have turned to Wikipedia to try to help them catch out PC users.
The virus writers created a page on the German Wikipedia that linked to a fake fix for a new version of an old malicious Windows worm.
But instead of curing a bug, those installing the fix would be infected by a new Windows virus.
The booby-trapped page on the German version of the online encyclopaedia has now been removed.
Cleaning up
"The very openness of websites like Wikipedia - which allow anyone to edit pages - makes them terrific, but can also make them less trustworthy," said Graham Cluley, senior technology consultant for Sophos. "In this case, the article in question wasn't just misleading, it was downright malicious."
The page hijacked by the virus creators was about a new variant of the Windows Blaster worm. This malicious program debuted in 2003 and caught out many PC users.
Included on the page was a link to a supposed patch that, once downloaded and installed, would protect against this new version. However, anyone installing this on a Windows machine would infect themselves with a virus.
The malicious hackers behind the fake article then sent out a German-language spam e-mail with a message crafted to look like it came from Wikipedia. The message directed people to the booby-trapped page and the fake fix.
By piggy-backing on the good name of Wikipedia the message got past e-mail filters that would otherwise have cleaned it up.
It is not thought that many people fell victim to the booby-trapped page or downloaded the dangerous file.
"The good news is that the authorities at Wikipedia quickly identified and edited the article on their site," said Mr Cluley.
Archived versions of the booby-trapped pages have also been deleted.
http://news.bbc.co.uk/1/hi/technology/6120268.stm
A new email worm is using bogus news headlines to lure users into opening its payload, security firm Sophos has warned.
The emails contain links to headlines such as the 'outbreak of nuclear war' and the 'death' of George W Bush and Vladimir Putin to allow hackers to infect computers and steal information.
The Dref-N worm arrives attached to emails with subject lines such as 'White house news!', 'Incredible news' or 'ATTN TO EVERYBODY!', and tries to dupe recipients by claiming that the attachment contains details of a major global news story.
Opening the attached file disables the Windows firewall and allows hackers to gain access to the PC in order to spy on or steal data.
Her name's not Helen, by any chance?Ronson8 said:My daughter has picked up a trojan...
Peripart said:Her name's not Helen, by any chance?Ronson8 said:My daughter has picked up a trojan...
stuneville said:Enough of the hectoring.
Anyhoo, since switching to Comodo for both firewall and AV I've (touch wood) had no problems whatsoever.