Briefs

E-mail fraud and vulnerabilities, plus the impact of Microsoft's source code leak

E-mail Fraud and Phishing Attacks Jump

Reports of e-mail fraud and phishing attacks increased 50 percent in last month, according to research from Tumbleweed Communications and the Anti-Phishing Working Group. On average, consumers received an average of 5.7 new attacks each day.

Phishing attacks, as Tumbleweed explains, “involve the mass distribution of ‘spoofed’ email messages with return addresses, links, and branding which appear to come from banks, insurance agencies, retailers or credit card companies.” The goal is to get the recipient to enter personal information—bank account numbers, PINs, or passwords—into the form. Such data is immediately relayed back to the attacker, or “phisher.”

In January, 176 new phishing attacks were reported to the Anti-Phishing Group, a 52 percent increase over December. Other interesting findings, according to the group: eBay was the company most often used by phishers to try and dupe recipients, and eight percent of phishing e-mails utilized a recent Microsoft Internet Explorer vulnerability to disguise their true URL. Also, phishing attacks are growing even more dangerous, since some attacks now “fool recipients into downloading keyloggers and other Trojan programs,” says the group.

On average, says Tumbleweed, up to five percent of recipients respond to any one message. The repercussions can include identity theft for customers (and the associated headaches), loss of sensitive corporate information, plus financial loss for consumers and corporations.

Organizations should consider blocking fraudulent e-mails when investing in new messaging security products, says International Data Corp. analyst Brian Burke. “Enterprises need to accurately distinguish valid email from illegitimate messages, and ensure that their employees are protected from scams designed to obtain personal identity information. There is increasing demand for messaging security solutions that protect enterprises from potentially significant losses caused by e-mail fraud.”

Link: http://www.antiphishing.org

Microsoft Source Code Leak Could Herald New Attacks

Weeks after Microsoft revealed portions of its Windows NT and 2000 source code were stolen and posted on the Internet, experts are still debating the security repercussions of the leak.

Most agree: it will take some time, but expect viruses will be more virulent than ever before. If the severity doesn’t shock users, the decreasing time between vulnerability and exploit code will still cause headaches for many security managers.

For example, sample exploit code based on the source code took only four days to appear online. That gives virus writers a “path for a worm exceeding the size and scope of Blaster,” says Jeffrey Guilfoyle, vice president of e-security at managed security services provider Solutionary. "Coupled with the recent leak of Microsoft's Windows source code, virus writers have tools at their disposal as never before.” He recommends companies get their patch management approach worked out now. “Corporations are being given less and less time to react and secure their networks and systems from threats.” Furthermore, “there is no reason to believe things are going to get any calmer.”

Two New Threats Arrive in E-mail

Symantec warned of two new threats: W32.Netsky.B@mm, and W32.Beagle.B@mm. Netsky.B, says Symantec, “is a mass-mailing worm that uses its own SMTP engine to send itself to the e-mail addresses it finds when scanning the hard drives and mapped drives.” In addition, should a user activate the worm, it will search the user’s hard drive for any folder names containing the words “share” or “sharing”—common for file-sharing programs such as Kazaa—and copy itself to those folders, presumably to spread more easily.

Beagle.B is a mass-mailing e-mail worm that, if executed, “opens a backdoor on TCP port 8866,” which can allow an attacker to upload files to the infected computer, according to Symantec. The worm can also send the attacker the port number, and an identification number (perhaps for tracking). The worm also spreads via its own SMTP engine.

Symantec notes, “W32.Beagle.B@mm is coded to stop at the end of February 25, 2004.”

Netsky.B information: http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.b@mm.html

Beagle.B information: http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.b@mm.html

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.