Thursday, September 09, 2010

New Email Worm Squirming Through Outlook Users' Inboxes

This SUCKS!

Someone just proved that malware delivery techniques from ten years ago still work. Which means every hacker-for-hire group, every bored college Freshman that's just back at University, and FD script kiddie is going to be analyzing every old technique, seeing which ones still apply. I predict we'll see additional copy-cats of this throughout the next 72 hours. Some may be silly, others will be malicious.

This reminds me of the Solaris in.telnetd vulnerability from 2007. For those not familiar: http://www.kb.cert.org/vuls/id/881872 Basically, there was a vulnerability in Solaris 10's telnet daemon. Not a huge deal except for two things:
  • This vulnerability did not exist in previous versions of Solaris

  • This vulnerability had been fixed in AIX and Linux 13 years prior
To be fair, Solaris in 1994 was not vulnerable; at some point, the vulnerability was added to Solaris 10.

How is this relevant to the "new" email worm? After the Solaris vuln was published (with exploit code), people started going after all kinds of other things that they had assumed were "fixed". Many, but not all, remained fixed. I predict the same will happen here.

What's next? Another remote code execution vulnerability in Windows(R) animated cursors?


New Email Worm Squirming Through Windows Users' Inboxes: "Trailrunner7 writes 'There appears to be an actual email worm in circulation right now, using the tried-and-true infection method of sending emails containing malicious executables to all of the names in a user's email address book. The worm arrives via emails with the subject line 'Here You Have' or something similar, and the messages contain a link to a site that will download a malicious file to the victim's PC. The malware then drops itself into the Windows directory with a file name of CSRSS.EXE, which is identical to a legitimate Windows file. From there, it's 2001 all over again, as the worm attempts to mail itself to all of the contacts in the victim's Outlook address book.'

Read more of this story at Slashdot.

"

No comments: