× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. PCTECH
  3. March 2007

New computer virus threatens biz nets

New computer virus threatens biz nets

Technology security firm warns the latest strains of the RINBOT or DELBOT
virus are starting to multiply rapidly.
By Parija B. Kavilanz, CNNMoney.com staff writer
March 1 2007: 12:25 PM EST

NEW YORK (CNNMoney.com) -- A disgruntled hacker with a personal grudge
against Symantec, which provides anti-virus software to leading Fortune 500
companies, could be behind a new, crippling computer virus that's already
hit a division of at least one big U.S. corporation on Thursday. 

If it spreads, technology experts warn the latest strains of the insidious
RINBOT computer virus could hijack network systems of businesses worldwide.

New strains
Graham Cluley, senior technology consultant with Boston-based IT security
firm Sophos, said his company has been aware of "a number" of new versions
of the RINBOT or DELBOT virus produced since Feb. 15.

"We believe this latest strain is the 7th version of RINBOT which first
emerged in March 2005," Cluley said.

According to Cluley, this version is designed to exploit security
vulnerabilities embedded in anti-virus software. 

"Traditionally hackers always went after Microsoft's anti-virus programs.
But now they're increasingly targeting other commonly used programs such as
Symantec programs and others," he said.

Cluley said this strain appears to be hitting MS SQL servers. It looks for
networks that run the Microsoft (Charts) Windows operating system, including
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP.
It then spreads through the network by manipulating "weak" spots such as
simple passwords.

Getting hijacked
Once it's in, Cluley said the virus quickly spreads and takes over many
computers with the intention of turning the network into a botnet, or a
"zombie" network.

"Without you knowing it, hackers will use your computer for a variety of
purposes like sending out spam, or distributing denial of service attacks,
or even blackmailing other Web sites. There was a case where hackers
blackmailed a gambling site and said they would bring down the site for a
few days unless they were paid thousands of dollars" Cluley said. 

Cluley warned that the virus is not geographically limited. "It's very
stealthy and insidious and works without you knowing it," he said.

Turner Broadcasting System, a division of Time Warner (Charts) and parent of
CNN and CNNMoney.com, confirmed that its systems were hit by a virus
Thursday.

"A virus has affected the network and we are actively working to rectify the
situation," said company spokeswoman Shirley Powell.

Thomas Parsons, an IT specialist with Symantec (Charts), confirmed to
CNNMoney.com that the most recent variants of RINBOT have targeted
Symantec's anti-virus programs.

"We're not sure what the motivation is, but we are aware of a hacker that
has been adding his own commands into the strain," Parsons said. Using those
codes, Parsons said the hacker let it be known that he wasn't happy that
Symantec was calling the virus RINBOT.

Read About It
Information about W32/Sdbot.worm!678b37ba is located on VIL at: 
http://vil.nai.com/vil/content/v_141606.htm 

Detection
W32/Sdbot.worm!678b37ba was first discovered on March 1, 2007 and detection
will be added to the 4975 dat files (Release Date: March 2, 2007).

If you suspect you have W32/Sdbot.worm!678b37ba, please submit a sample to
<http://www.webimmune.net>

Mike Grant
Bytware, Inc.
775-851-2900 

http://www.bytware.com

CONFIDENTIALITY NOTICE:  This e-mail message and any attachment to this e-mail 
message contain information that may be privileged and confidential.  This 
e-mail and any attachments are intended solely for the use of the individual or 
entity named above (the recipient) and may not be forwarded to or shared with 
any third party.  If you are not the intended recipient and have received this 
e-mail in error, please notify us by return e-mail or by telephone at 
775-851-2900 and delete this message.  This notice is automatically appended to 
each e-mail message leaving Bytware, Inc.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.