Monday, May 08, 2006

Malware Threat Report For Q1 2006

Seventy percent of malware detected during thefirst quarter of 2006 was related to cyber crime and more specifically,to generating financial returns.

This is one of the conclusions of the newly published PandaLabs report, which offers a global vision ofmalware activity over the first three months of the year.

Similarly, the report offers a day by day analysis of the most important events in this area. This report can be downloaded, free of charge, from: http://www.pandasoftware.com/pandalabsQ12006/

One of the principal conclusions of the report is the confirmation of the new malware dynamic, in which financial profit has become a priority.

The figures speak for themselves: of all malware detected bythe Panda ActiveScan free online scanner between March and January 2006, some 40 percent was spyware, a type of malicious code used specifically for financial gain, primarily through the collection of data regarding users' Internet movements.

On the other hand, Trojans, including BankerTrojans that steal confidential data related to bank services, and Droppers or Downloaders that download all types of malicious applications onto systems, account for 17 percent of the total.

Dialers-malicious code that dials up premium-rate numbers without a user's knowledge- were responsible for 8 percent of the total, while bots -a type of malware used in an elaborate business model involving the sale or rental of networks of infected computers- accounted for four percent of the total.

Another statistic that confirms this new dynamic is that the traditional e-mail worm, until recently the major player on the Internet threat scene, made up only four percent of the total.

According to LuisCorrons, director of PandaLabs: "Epidemics caused by e-mail worms stirup too much publicity and are therefore no use when it comes to generating profits.

Currently, the types of malware we are seeing more of are those such as spyware, Trojans and bots, which can be installed silently and remain hidden on systems while they operate maliciously.

With respect to new examples of malware discovered in the first three months of 2006, Trojans have been the most prolific, in particular Downloaders and Bankers, and have accounted for some 47 percent of the total.

" Trojans are extremely versatile, as they are a type of malware that can be used for a wide range of actions. For this reason it is not surprising that malware creators have relied so heavily on them when designing new specimens," adds Luis Corrons.

Second in the list come bots, underlining the growing interest that cyber-crooks have in this particular type of malicious code.

The PandaLabs report also looks at a series of other equally important events occurred during the first quarter. It offers a complete report on the WMF vulnerability in Windows, which has been widely used by malware writers to distribute their creations, or the appearance of the Sober.A Hand Kamasutra worms among others.

Sunday, May 07, 2006

MySQL Vulnerabilities Patched

Several vulnerabilities have been reported in theMySQL database manager, which could be exploited by attackers toc ompromise a vulnerable system or obtain sensitive information.

The first flaw is caused by a buffer overflow in script "sql_base.cc", which cannot handle specially crafted "COM_TABLE_DUMP" packets properly. This could be exploited by authenticated attackers to run arbitrarycommands.

The second vulnerability stems from an input validation error in file "sql_parse.cc", which fails to validate "COM_TABLE_DUMP" packets. This could be exploited by an attacker to have portions of memory disclosed in error messages.

Finally, the third vulnerability, which could also lead to portions ofthe memory to be disclosed in error messages, is due to an inputvalidation error in script "sql_parse.cc" which cannot handle malformed login packets properly.

Affected users are advised to upgrade their products to MySQL version 5.0.21, available at http://dev.mysql.com/downloads/.

The originalsecurity advisory can be found athttp://www.frsirt.com/english/advisories/2006/1633.