 | |
 |
| Virus Warnings / Patches | Risk | Virus Name | Date Discoverd |
|
| From The Forum: SecurityWatch | |
| |
Google has put a stop to a security flaw that threatened to allow cyber attackers full control over members email accounts. Gmail was having problems in the way it authenticated users. The attacker could steal a cookie file that identifies the user by making a harmless link to Google’s own website.
"Google was recently alerted to a potential security vulnerability affecting the Gmail service. We have since fixed this vulnerability, and all current and future Gmail users are protected," Google spokesman Nathan Tyler said.
Nir Goldshlagger, an Israeli hacker, stated in Nana NetLife Magazine that the cookie could allow an attacker to sign on to Gmail as the unsuspecting victim from any computer without having to enter a password. The hacker would continually be able to access the account even if the password were changed.
Only a handful of Gmail users were victimized by this security flaw, a source close to Google said.
Seeing Red Over Bagle.BC. The recently discovered Bagle.BC virus has been upgraded to “Red Alert” as the worm continues to excessively spread worldwide. Panda Software has reported just mere hours after Bagle.BC was discovered it had ranked in the top portion of the most frequently detected viruses by their online antivirus scanner.
"This has prompted Panda Software to declare a Red Virus Alert as a preventive measure, so that all users can protect themselves against these worms and prevent their computers from being infected," the security firm said.
"Similarly, companies also risk their communications being slowed down by the large number of emails that mail servers will have to process."
Some new variants of the Bagle worm, similar to Bagle.BC, have emerged into the playing field. The new mutated strains are being called Bagle.BD and Bagle.BE.
The newest members to the very unpopular Bagle family spread via email, networks and P2P software including Kazaa.
"This is a technique that is being used more often," he said. "Virus creators know that the reaction time to new threats is critical, so the faster they can release various viruses the easier it is for users to take too long to update their system."
Google-Bashing Worm Making The Rounds. Over this past weekend two new malicious email worms were traveling around the Internet. One is designed to attack the infected computer, while the other is designed to execute a denial of service attack.
 In an article written by Chris Richardson, WebProNews editor, he states that the first worm, a Bagle variant, is being once again being transported through email communication. According to The Register, the infected email contains an executable file in either the COM, EXE, or SCR category, housed in an attachment with names like Joke or Prince. Subject lines of these offending emails are typically 'Re: Hello' or 'Re: Thank you!'.
Bagle-AT can be spread across p2p networks by making copies of itself into folders that are shared out. The variant also carries a backdoor that will allow other malicious files to be executed on an infected computer. Bagle-AT has been labeled a medium to high security threat.
The other email worm targets a DOS attack against Google, Microsoft and the Hungarian Prime Minister's website. The worm, called Zafi-C, is categorized a low risk threat, and all seem to only affect computers running the Windows operating system.
“Spimming” Has First Lawsuit Filed Against It. The first known lawsuit against instant-message (IM) spam, dubbed “Spim” was announced by America Online as part of a campaign to stop unwanted IM’s.
 This announcement came as a series of lawsuits against spam by AOL and other providers including Microsoft, Yahoo, and EarthLink. AOL has said they targeted 20 “John Doe” defendants in the first lawsuits against IM spam. The first legal action targeting a spammer who is peddling controlled substances which require a physician’s prescription.
AOL and the others sued under the new CAN-SPAM law that went into effect this year, but which analysts say have done little to stop the occurrence of unwanted email or IM messages.
Enjoy!
Jeremy Muncy + The SecurityProNews Team
| |
|
 About SecurityProNews
SecurityProNews is updated in real time with vital internet security alerts, news and in-depth articles for IT Managers. SecurityProNews understands that IT Management Begins With Security. |
|
SecurityProNews is brought to you by:
|
|  |
|
|
|
|
|
, Inc. 880 Corporate Drive, Lexington, KY 40503
