funsec mailing list archives
New computer virus attacks biz networks
From: "'Richard M. Smith'" <rms () computerbytesman com>
Date: Thu, 1 Mar 2007 11:49:24 -0500
http://money.cnn.com/2007/03/01/news/companies/virus/index.htm?cnn=yes New computer virus attacks biz networks Technology security firm warns the latest strains of the RINBOT or DELBOT virus are starting to multiply rapidly. By <mailto:parija.bhatnagar () turner com> Parija B. Kavilanz, CNNMoney.com staff writer March 1 2007: 11:28 AM EST NEW YORK (CNNMoney.com) -- A disgruntled hacker with a personal grudge against Symantec, which provides anti-virus software to leading Fortune 500 companies, could be behind a new, crippling computer virus that's already hit divisions of at least one big U.S. corporation on Thursday. If it spreads, technology experts warn the latest strains of the insidious RINBOT computer virus could hijack network systems of businesses worldwide. New strains Graham Cluley, senior technology consultant with Boston-based IT security firm Sophos, said his company has been aware of "a number" of new versions of the RINBOT or DELBOT virus produced since Feb. 15. "We believe this latest strain is the 7th version of RINBOT which first emerged in March 2005," Cluley said. According to Cluley, this version is designed to exploit security vulnerabilities embedded in anti-virus software. "Traditionally hackers always went after Microsoft's anti-virus programs. But now they're increasingly targeting other commonly used programs such as Symantec programs and others," he said. Cluley said this strain appears to be hitting MS SQL servers. It looks for networks that run the <http://money.cnn.com/quote/quote.html?symb=MSFT> Microsoft ( <http://money.cnn.com/quote/chart/chart.html?symb=MSFT> Charts) Windows operating system, including Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP. It then spreads through the network by manipulating "weak" spots such as simple passwords. Getting hijacked Once it's in, Cluley said the virus quickly spreads and takes over many computers with the intention of turning the network into a botnet, or a "zombie" network. "Without you knowing it, hackers will use your computer for a variety of purposes like sending out spam, or distributing denial of service attacks, or even blackmailing other Web sites. There was a case where hackers blackmailed a gambling site and said they would bring down the site for a few days unless they were paid thousands of dollars" Cluley said. Cluley warned that the virus is not geographically limited. "It's very stealthy and insidious and works without you knowing it," he said. One company affected by the virus is Turner Broadcasting, which is a division of <http://money.cnn.com/quote/quote.html?symb=TWX> Time Warner ( <http://money.cnn.com/quote/chart/chart.html?symb=TWX> Charts), and the parent company of CNN and CNNMoney.com. Thomas Parsons, an IT specialist with <http://money.cnn.com/quote/quote.html?symb=SYMC> Symantec ( <http://money.cnn.com/quote/chart/chart.html?symb=SYMC> Charts), confirmed to CNNMoney.com that the most recent variants of RINBOT have targeted Symantec's anti-virus programs that include its Norton security products. "We're not sure what the motivation is, but we are aware of a hacker that has been adding his own commands into the strain," Parsons said. Using those codes, Parsons said the hacker was let it be known that he was wasn't happy that Symantec was calling the the virus RINBOT. Regarding the network issues facing Time Warner on Thursday, Parsons said he believed it was an isolated incident, since Symantec had not received complaints from any of its other corporate clients. "We also believe that Time Warner was not impacted by RINBOT but by a variant of the SPYBOT virus called W32.SPYBOT," he said. "This is a particularly nasty virus which overlaps with what RINBOT does and it also exploits a whole pile of vulnerabilities in Microsoft and Symantec." <http://money.cnn.com/2007/03/01/news/companies/virus/index.htm?cnn=yes#TOP> Top of page
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- New computer virus attacks biz networks 'Richard M. Smith' (Mar 01)