Virus Help Zone

The United States' top cop told a Congressional committee this week that law enforcement would benefit from a law forcing Internet service providers to hold onto customer data longer.

In comments before the House of Representatives' Committee on the Judiciary, FBI Director Robert S. Mueller, III told members that Internet service providers (ISPs) should be required to retain the records of what customers did online for longer periods of time. He suggested that records be kept for a minimum of two years, according to a CNET News.com report.

When the Storm Worm swept through the Internet in mid-January, the program's writers took a brute force approach to evading antivirus defenses: They created a massive number of slightly different copies of the program and released them all at the same time.

On January 18, the day the misnamed program--a Trojan horse, not a worm--first appeared, more than 350 different variants were released, according to report penned by security firm CommTouch Software. Four days later, the number of slightly-different versions jumped to more than 7,300. By the end of January, more than 54,000 variants had hit the Internet, the report (PDF) stated, each one spammed out by computers previously compromised by the program.

A search of the database, maintained by the National Institute of Standards and Technology (NIST), found that Web applications written in PHP likely account for 43 percent of the security issues found so far in 2006, up from 29 percent in 2005. While flaws in the language itself account for a very small percentage the total, the problems with PHP underscore the difficulty that developers--many of them amateurs--have in locking down applications written in the language, said Peter Mell, senior computer scientist for the NIST and the program manager for the National Vulnerability Database.

"In the dynamic programming language (and) scripting realm, we certainly have a problem," Mell said. "Any time a third or more of the vulnerabilities in a given year are attributed to a single language, you know you have a problem."

A proof-of-concept virus called W32/Gattman-A has been discovered which works in a novel way. Unlike the majority of malicious software, which are Windows programs targeting the Windows operating system, this virus deliberately targets an analysis tool which is widely used by security researchers.

The Gattman virus spreads through the program Interactive Disassembler Pro (IDA), produced by DataRescue. IDA is one of the most popular "reversing" tools, and is used for converting the raw machine code inside program files back into human-readable source code form so that its behaviour can be analysed and understood.

As part of its monthly patch distribution, Microsoft has issued one of the largest series of new security updates to address 21 vulnerabilities in a number of its software products. Eight of the patches are labelled as "critical" and protect the possibility of remote code execution in Internet Explorer, PowerPoint, Windows Media Player and the Windows operating system.

Of the remaining bulletins, three address "important" vulnerabilities, while one addresses a "moderate" vulnerability.

"Patching against vulnerabilities that can allow authorized remote access and code execution is vital to any security policy,"said Carole Theriault, senior security consultant for Sophos. "Hackers and malware authors often start working on taking advantage of these holes as soon as Microsoft discloses them. The sooner the fixes are in place, the faster businesses close the door to related attacks."

Microsoft released a fix for a serious security bug in Internet Explorer on Tuesday (11 April). The fix for the "CreateTextRange" vulnerability - which has become the subject of hacker exploits over recent days - was released as a cumulative update to Internet Explorer along with four other security bulletins, two of which also earn the dreaded critical ranking.

The other two critical patches affect Windows components, dealing specifically with a Vulnerability in the Microsoft Data Access Components (MDAC) that creates a possible means to inject hostile code onto vulnerable systems and a Windows Explorer security bug that likewise creates a possible means for hacker attack.

Microsoft has announced plans for legal action against more than 100 online fraudsters in Europe and surrounding regions. The action, part of the software giant's Global Phishing Enforcement Initiative (GPEI), is part of a wider scheme to fight online scams through consumer protection, partnerships and prosecution.

The first 53 legal actions (due to be filed before the end of March) include cases against alleged phishers in Turkey, France, Spain, Morocco, the UK, Germany, Austria, Egypt and Sweden. This will be followed by at least 51 more cases throughout Europe, the Middle East and Africa, against other suspected fraudsters. There is a planned total of seven UK cases.

Keylogger use is on the rise, with millions of dollars at stake in stolen money and ties to organized crime.

While the use of keyloggers is nothing new, their use for illegal activity is continuing to rise. The New York Times has an article discussing the growing trend of keyloggers used by criminals to steal banking information from unwary users. As the news coverage of keyloggers becomes more mainstream, the magnitude of the growing problem becomes more apparent. The article reports that Brazilian police recently broke up a fraud ring that stole $4.7 million USD from 200 different accounts using keyloggers. And earlier this month, Russian authorities broke up a similar ring which had stolen over $1.1 million from personal bank accounts in France.