Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at Sûnnet Beskerming.

Username: | Password: Contact us to request an account

Beware of Clicky, and Where is Google?

Instant Messaging (IM) applications, such as MSN Messenger, ICQ, AIM and iChat have grown in popularity in recent years as they allow near realtime text communication between two or more people across the internet (or local networks). Some applications even include voice chat, video chat, games, file transfer, and a range of other features.

While computer users are slowly becoming more aware of the risks of clicking random links in unsolicited or strange looking emails, the perceived increased personalisation of IM means that some users let down their guard slightly and will click links suggested by other IM users. Worms, viruses and trojan horses are now taking advantage of this mannerism by hijacking, or creating new, IM sessions and sending suggested links to other users listed in the 'Buddy Lists'. When these links are clicked, a range of malicious software is downloaded such as spyware, adware and viruses. The malware installs itself at this time, and then looks to propogate itself again using the new list of IM users on the victim's computer.

Unless a computer user is expecting to be sent a link as part of the normal conversation flow, the same caution should be applied as that which should be applied to unsolicited email message links. That is:

Beware of the Clicky.

In further news, Time Warner has had 600,000 of its employees' Identities compromised when an external storage company lost the tapes that they were stored on. The tapes contained identifying information for employess, dependents and beneficiaries dating back as far as 1986.

The latest in a long list of US Universities suffering from network intrusion is Florida University, which effectively had its network compromised recently. Although only 5% of the computers were compromised, 3,000 systems are being inspected, upgraded and updated on the basis that the intrusion could have gained access to all systems easily. This intrusion was only discovered when a single file was discovered on one of the compromised systems. Given the number of files on an average computer, this would be an extremely fortuitous discovery for Florida University.

The SANS Institute has released their list of the top 20 most critical vulnerabilities discovered or patched in the first quarter of 2005. In addition to the expected Microsoft vulnerabilities, the DNS cache poisoning issue (subject of previous columns) was mentioned, as well as buffer overflow vulnerabilities for various anti-virus products and media players. The anti-virus vendors affected included Symantec, F-Secure, Trend Micro and McAfee. The media players affected included RealPlayer, iTunes and Winamp.

A buffer overflow is where specially crafted content is forced into the memory allocated to an application. This content overflows the amount of memory allocated (i.e. overflows the buffer) and allows the attacker to execute the commands now placed in the overflowed area of memory, effectively compromising a system.

In other, more recent, news, popular Internet browser Firefox has been found to be vulnerable to arbitrary code execution in all versions, which would allow a remote attacker to execute code at will on a victim's computer with the victim only needing to click on a link / visit a website to activate the attack. There is currently (at time of writing) no known solution except to disable JavaScript in the browser.

DNS issues continue to be reported, with Google creating their own nightmare over the weekend. Although temporary, and with the details still being resolved, it appears that the records for Google were modified, with different results delivered to users depending on how their local DNS servers were responding. As well as the site not appearing, some users were directed to sogosearch.com (which identified as google.com). This was not a hack, but a result of google.com being sent to google.com.net. Sogosearch owns the domain records for *.com.net (i.e. any sitename.com.net), and this is actually correct behaviour. Google is denying that it was an attack, and it appears that it was the result of modifications by Google to their own DNS record.

9 May 2005

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.