Nearly a third of the attacks in January used the "@" user authentication syntax to construct disguised URLs in links. A Microsoft security patch released Feb. 2 disabled that capability in the Internet Explorer browser. A smaller number - seven percent of January attacks - exploited an IE flaw that causes the browser to display an incorrect URL in its address and status bars.
Like its predecessors, MyDoom.F has its own SMTP engine and spreads through e-mail attachments, and is programmed to launch denial of service attacks on web sites. The DDoS component of MyDoom.F targets www.microsoft.com and www.riaa.com (the Recording Industry Association of America)MyDoom.F also opens a backdoor on the victim's computer, using port 1080. Some analyses suggest that it also opens a backdoor on multiple ports between 3000 and 5000 and disables antivirus software.
Widespread awareness of MyDoom-related threats has focused fresh attention on the basics of e-mail security, particularly regarding the opening of attachments. That should work to check the spread of MyDoom.F, as will its more destructive payload, which makes it harder for the malware's activity to go unnoticed for very long on compromised machines.
The latest scam, documented at Codefish Spamwatch, operates via an email with the subject "Police investigation."
Phishing attacks seek to trick account holders into divulging sensitive account information through the use of e-mails which appear to come from trusted financial institutions and retailers. Such scams have multiplied in recent months, with many taking advantage of a bug in Internet Explorer that made it easier for fraudsters to simulate the URLs of target financial institution.
Microsoft issued a patch to repair that problem on Feb. 2. Visual spoofing does not rely on the URL spoofing, relying instead on the fake images to accomplish the deceipt.
"The leak will do some damage to the security of Windows machines, but it's not clear how much," said Ed Felten of Princeton University, a security researcher who has reviewed Windows source code and was an expert witness in the antitrust case against Microsoft. "There's a longstanding debate about the security implications of open source development. Source code access makes it easier to find security bugs. With open source, you make it easier for honest outsiders to find bugs, which is good, but you also make it easier for malicious outsiders to find bugs, which is bad.
"This kind of leak give us the worst of both worlds: honest outsiders will avoid looking at the stolen code, while malicious outsiders use the code; so you get the security drawbacks of open source without the security benefits," Felten added. "This will only matter, though, if the bad guys would otherwise have trouble finding bugs, which may not be the case."
According to eEye, the vulnerabilities include a remote exploit that could allow attackers to gain system privileges, and a denial of service strategy that could "total system failure." Both vulnerabilities were reported Sept. 10, and affect default installations of Windows in use on more than 300 million computers, including Windows NT, Windows 2000, Windows XP and Windows Server 2003. eEye reported an additional high-risk remote exploit on Oct. 8.
Your link here? Advertising on the Netcraft Blog