There is a linux network worm (virus) in the wild, which I’ve mentioned already in an earlier post. I did want to take a few moments to highlight this and dispell a few myths. (This is the first linux virus I recall seeing over at SARC in the last couple years….) Myth #1) linux doesn’t get viruses…. bull, this current worm is proof. Myth #2) if linux had bigger market share there would be tons of linux viruses – Maybe, but remember that much of the internet’s backbone runs on linux (all the machines at my providers webhosting company and indeed MANY others)
Category: Viruses
-
XML-RPC for PHP vulnerability attack attempts
Incidents.org is reporting on attacks against a recent XML-RPC vulnerability in PHP. This would affect users of PostNuke, Drupal, b2evolution, Xoops, WordPress, PHPGroupWare and TikiWiki. As far as I know there are fixes for each of these in the most recent versions of the software.
-
Botnets and spyare
“It outta be illegal” is the first thing I usually hear as I start the long process of sanitizing a spyware infested windows machine. The fact is some parts of it ARE, some are just ethically questionable. The area that’s against the law is the part that involves tacking control of someone elses computer without their permission, either manually or in an automated way (exploiting a vulnerability to install a trojan or bot.) Today Brian Krebs is reporting on The connection between botnets and spyware at the securityfix.
-
Microsoft Updates for October and bugs on the loose
Well, it’s been a bit since a post here, but if you haven’t already patch your systems with Microsoft update, as new updates were released yesterday. Incidents.org is reporting rumors of bugs in the wild. Everyone KNOWS the window between vulnerability and exploit is getting shorter and shorter, so if you have a windows system go forth and patch….
-
More on the Zotob/Mytob identity theft ring
The Security Fix has reported on the unraveling of a ring of identity theives after the arrests of the writers of the zotob and mytob worms. Apparently they have leads on about a dozen different people following the arrests last week of the suspected virus writers.
-
A virus writer talks….
Along the lines of “Wishlist of Spyware Slime” that I referred to last week, it appears there’s a chat transcript out from before the arrest of the suspected writer of the mytob and zotob worms. The security fix has the details.
-
The end of antivirus definition updates?
Well, frankly, there has been talk of the end of definition based antivirus scanning for years. You see the achilles heel of any AV scanner is that it has to have signatures of what known viruses look like, so there will always be a reflex window, where there’s a new unknown virus that people are getting infected with before there’s a reaction from the antivirus vendors. The supposed cure for this dillema was hueristic scanning which was supposed to detect things that “looked” like they might be viruses. A noble goal, but along the path it’s proven innefective mostly, either too aggressive and tagging EVERYTHING as potentially viral, or really unnoticable.
-
Zotob may affect XP Service pack 1 systems
There’s an eweek article indicating the zotob family of worms could affect Windows XP SP1 systems as well as the Windows 2000 systems that are currently affected. Since the original outbreak it’s been reported that there were certain circumstances that an XP system could be compromised, this seems to back that up.
-
Another Dumaru variant
Sunbelt has found another keylogger in the dumaru family and has updated their free tool to scan for it and clean it up. This is the same family of trojans/keyloggers that contributed to the large ID theft discovery they made earlier in the month.