No justice for Jack Straw

jackstrawJack Straw must be having a bad day. The media outlets have been alive all day reporting on his online misfortune. I was really taken with the way in which Charles Arthur reported this in The Guardian.  What has happened here is that someone has managed to gain access to Jack Straw’s personal email account on Gmail. The finger of suspicion falls onto a group of Nigerian 419 scammers, as the emails they sent out are of the ‘Help, I am stuck in a tricky predicament, please send cash’, which is a current favourite of theirs.

As to whether we ever get to the bottom of how this came to happen, we will have to wait and see. Either the gang managed to ‘brute-force’(trial and error method used by application programs to decode encrypted data such as passwords) and discover his login/password, or he just used really easy to guess credentials. Or, he fell for a keylogger, that recorded his credentials and forwarded it onto the miscreants for them to use at their will.  Whatever sense of ‘injustice’ that Jack is feeling, he  should be kicking himself that, for the sake of some using some strong passwords and ensuring that his PC had an up to date internet security application, he could have avoided such a public humiliation.

February 25, 2009 | Filed Under Security | Leave a Comment 

Excel Exploited

excelWe sent out an alert yesterday, in conjunction with Microsoft, warning of a vulnerability in Excel.  We have also seen some limited exploits of this vulnerability in the wild.  On opening a malicious spreadsheet file, this triggers the vulnerability. This in turn, causes shellcode to execute and then drops two files on the system—the first being the malicious binary, and another file being a valid Excel document, which is used to try and mask what is actually happening in the background as the malicious code is run. Our testing shows that the exploit has been created for, and works with Excel 2007, but only with .xls files and not  with .xlsx files.  We have added detection for the malicious spreadsheet files that we have detected.

The exact motivation of the threat and it’s use, are still unclear. The ability to drop files onto a remote system and then execute them is worrisome.  The discovery of this vulnerability, using infected spreadsheets, is a hark back to the past. There was an era when many viruses were embedded within macros in word processing and spreadsheet files. I am not predicting a return to the exploitation of these applications in this way, however, it shows the predilection of the malware authors to revisit old favourites. Talking of which. In the CNET coverage of this vulnerability, they mention that the US Defense Department has temporarily banned the use of USB thumb drives. We have been warning for some time, that the malware gang, would look to exploit these devices in a throw-back to the days of infections passed around on floppy-disks. Plus ca change!

February 25, 2009 | Filed Under Security | Leave a Comment 

Trojan.Brisv – an interesting backing track

trojanMy colleagues at Symantec Security Reponse have seen a significant uptick this week regarding Trojan.Brisv.A, a threat that infects multimedia files.  This trojan searches for multimedia files with extensions .asf, .mp2, .mp3, .wma and .wmv, and injects additional functionality into the multimedia files it finds. While playing these infected multimedia files, Windows Media Player will access a malicious link on the Internet, which may in turn, result in more malware being downloaded.  Symantec Security Response has seen 400,000 AV pings over a few day period, which translates to an estimated rate of 200,000 to 1.6 million people impacted. Symantec Security Response believes the threat has reached its peak. 

We have updated our virus defintions to spot and neutralise this trojan. In addition, We have also created a removal tool to repair the infected multimedia files, which is available to customers online here. We have tracked more than 135,000 downloads of the fix tool to date.

All of which, is a useful reminder that when downloading multimedia files, you need to be careful. People are gradually, but it is slow progress, becoming vigilant when downloading files and application executables from web sites. However, what  Trojan.Brisv.A brings to the forefront is that even the ‘content’ can become compromised.

February 5, 2009 | Filed Under Uncategorized | Leave a Comment