One of the reasons the Sober.p worm continues to spread is because of the way it hides from some antivirus scanners, a Russian security firm says.
Sober.p--also called Sober.s, Sober.o, and Sober.v by various antivirus companies--includes a mechanism that prevents other programs from accessing its files, Kaspersky Lab said last week. That presents problems for some antivirus software.
The tactic has been seen in previous Sobers, but it has been refined so that no applications can access them, according to the firm. If the malicious code can't be accessed, it can't be detected when antivirus software runs scans. Instead, the software must have the means to detect Sober running in memory, then kill those processes.
Several antivirus vendors have posted free detection and deletion tools that can see through Sober's cloak of invisibility, including Panda Software's QuickRemover. Microsoft's Windows Malicious Software Removal Tool, which was updated last week as part of the monthly security bulletin release, also sniffs out Sober.p.
-- TechWeb News
Firefox Holes Outfoxed
The Mozilla Foundation last week posted a release candidate of a security update to its Firefox Web browser that patches a pair of vulnerabilities rated "extremely critical" that were leaked earlier this month.
The Windows, Mac, and Linux versions of Firefox 1.0.4 security update can be downloaded from the Firefox File Transfer Protocol server. Like the three previous updates released this year, 1.0.4 is a bug fix, in this case one that plugs a cross-scripting vulnerability that could let an attacker gain control of a Firefox-equipped computer if its user simply surfs to a malicious site.
The vulnerabilities were discovered by a pair of security researchers who had notified Mozilla earlier in the month but were keeping mum until a patch was written. However, details of the vulnerabilities were leaked by someone close to one of the researchers.
According to security vendor Secunia, which tagged the bugs with its highest "extremely critical" warning--the first time it has used that to describe a Firefox flaw--a hacker can trick the browser into thinking a download is coming from one of the default sites permitted to install software automatically: addons.mozilla.org or update.mozilla.org.
Firefox 1.0.4 is the fourth security update to the browser since the beginning of the year. In that time, Microsoft has released two patches for its Internet Explorer browser.
-- Gregg Keizer, TechWeb News
Telco Act Needs VoIP Security
The Cyber Security Industry Alliance has called on Congress to include recommendations related to securing voice-over-IP technologies as it reviews the 1996 Telecommunications Act.
"As Congress considers revisiting the Telecommunications Act of 1996, the cybersecurity alliance strongly recommends that the serious implications of VoIP cyberattacks be addressed since they can affect critical government services such as 911 and other emergency first-responder services," executive director Paul Kurtz said in a statement.
The alliance has made a number of recommendations for securing VoIP and has asked Congress to provide support for research into and development of security technologies.
-- Matthew Friedman, Networking Pipeline