Virus writers have crafted another example of malicious software that can infect computers running Windows or Linux.

The proof-of-concept was submitted to Russian antivirus company Kaspersky Lab, which calls it Bi.a. The virus was written in low-level computer code called "assembler" and is limited, as it only infects files in the current directory, Kaspersky said Friday on its Web site. However, it can infect files in the different formats used by Linux and Windows–ELF and PE, respectively, Kaspersky said.

The virus is a classic proof-of-concept, written to show that it's possible to create a cross-platform virus, Kaspersky said. "However, our experience shows that once proof-of-concept code is released, virus writers are usually quick to take the code and adapt it for their own use," Kaspersky said.

That concern is shared by Swa Frantzen, who tracks incidents at the SANS Internet Storm Center, which monitors network threats. "The impact of the proof-of-concept at this point is very low in itself, but it is a sign the cross-platform aspects are becoming important," Frantzen wrote on the ISC blog. "As the developers of viruses continue to research this, we will see more cross-platform malware come about in the future."

Kaspersky has added detection for the malicious software to its antivirus databases.

Excerpt

Courtesy Joris Evers
Staff Writer, CNET News.com

Another security hole found in IE

An unpatched vulnerability in Internet Explorer could aid fraudsters in pulling off phishing scams, experts have warned.

The error could be exploited to fake the address bar in a browser window, security monitoring company Secunia said in an advisory published on Tuesday. This tactic could be used in phishing scams that attempt to trick people into believing they are on a legitimate site, when in fact they are viewing a fraudulent Web page.

Phishing is a prevalent type of online scam that seeks to pilfer personal information from unsuspecting Internet users. The scams typically combine spam e-mail with fraudulent Web sites that appear to come from a trusted source, such as a credit card company or a bank.

The flaw exists because of an error in the way the Microsoft Web browser loads Web pages and Macromedia Flash animations, according to Secunia. The company rates the issue "moderately critical" and has created a special Web page where users can test their Web browser to see if they are affected.

Secunia has confirmed that the vulnerability affects IE 6.0 on Windows XP with all current security patches. It also affects the latest IE 7 Beta release, Secunia said. Other versions may also be affected, it said.

Microsoft is investigating the newly reported flaw, a representative said in an e-mailed statement late Wednesday. "Our initial investigation has revealed that customers who have set their Internet security settings to high, or who have disabled active scripting, are at reduced risk from attack as the attack vector requires scripting," the representative said.

Additionally, Microsoft noted that it has not seen any active attacks that take advantage of this issue, which Secunia has dubbed the "Internet Explorer Window Loading Race Condition Address Bar Spoofing" flaw.

This is the fourth unpatched vulnerability for IE that has become public in the last few weeks. Microsoft plans to release a security update for the Web browser on Tuesday. At least one of the disclosed bugs will be fixed in that update, the company has said. That flaw, related to how IE handles the "createTextRange()" tag in Web pages, has been exploited in attacks to install spyware, remote-control software and Trojan horses on vulnerable PCs.

Excerpts

Courtesy Joris Evers
Staff Writer, CNET News.com