2/17/2005

CA Raises Threat Assessment for New Mydoom Variant to High

Filed under: — Aviran Mordo

Computer Associates International, Inc. has raised the threat assessment for the Win32.Mydoom-AU (also known as Mydoom BB and Mydoom-AW) variant to high. This is because of the pervasiveness of the variant and its ability to download the Win32.Gavvo trojan, and recruit the infected machine into a Zombie network for further destruction.

“The variant knocking at the front door is fairly familiar, but it is leaving the backdoor open to something much more sinister,” said Simon Perry, senior vice president, eTrust Security Management. “Over the last 18 months we have seen a general trend toward the creation of zombie or slave-machine armies, used to create further attacks against the Internet at large, such as spam or denial of service attacks. For that reason, we want Internet users to be extra vigilant and are raising the threat assessment to high.”

Win32.Mydoom-AU is a worm that spreads via e-mail, searching an infected computer’s hard drive for email addresses and then uses major search engines such as Lycos, Altavista, Yahoo and Google to harvest additional addresses in the same domain as the infected computer.

The worm also creates a mutex to ensure only one copy of the worm runs at a time. The mutex name is generated by combining the affected machine’s name with the string “root” repeated multiple times.

The worm arrives attached to an e-mail with a variable Subject and Message Body. It decides on the variable name and file extension by utilizing the user’s email address and domain. This appeals to the user because it appears to be a personalized message. It exploits information about the user’s email address and domain in the message, while enticing the user to open the message, ultimately infecting them.

The Subject line may be randomly generated or include one of the following:
hello, hi, error, status, test, report, delivery failed, Message could not be delivered, Mail System Error - Returned Mail, Delivery reports about your e-mail, Returned mail: see transcript for details or Returned mail: Data format error

The worm attempts to close windows with these names:
rctrl_renwnd32, ATH_Note and IEFrame

It also downloads and executes arbitrary files from a web site.

CA urges users to update their anti-virus protection with the latest signatures.

Microsoft recalls Xbox power cords

Filed under: — Aviran Mordo

Microsoft is recalling power cords on 14.1 million Xbox consoles worldwide, following reports of injuries due to defective electrical components.

The company announced the recall on Thursday, saying it is aimed at protecting the consoles from electrical-component failures that can pose a fire hazard. So far, such failures have been reported in 30 consoles, causing minor injury or property damage, Microsoft said. Seven customers reported burns to their hands. In the rest of the cases, the defect caused smoke damage or minor damage to a carpet or entertainment center.

In Europe, consoles made before Jan. 13, 2004, will need replacement cords, the company said. In all other areas, the recall covers consoles manufactured before Oct. 23, 2003.

Orders for replacement cords can be placed at the Xbox Web site. New cords will take up to four weeks to arrive. Until the new cord comes, customers should turn off consoles when not in use, the company said.

Source: News.com

Powered by WordPress