A recap of the top IT security news of the past week features a mass-mailer worm, attacks against a zero-day vulnerability in Adobe Reader and Acrobat and more.
A mass-mailer worm caused agita for IT administrators and topped the past
week's security news.
Dubbed the "Here you have" worm based on the subject line of a
carrier e-mail that flooded inboxes around the world Sept. 9, the worm
disrupted e-mail systems at a number of high-profile companies and
institutions. Reminiscent of old-school attacks such as the Anna Kournikova
virus, the worm infected Windows computers, terminated security software
processes and services, and attempted to download malicious files.
an analysis of the malware,
Joe Stewart, director of malware research at
SecureWorks, uncovered a tie between the attack and a self-proclaimed
cyber-jihadist group behind a similar attack in August. The organizations
affected by the worm reportedly ran the gamut from NASA to Wells Fargo and
Attackers also set their sights on a zero-day bug affecting Adobe Reader and
Acrobat. With attacks under way, Adobe Systems and Microsoft reported the
Mitigation Experience Toolkit 2.0
could be used to mitigate attacks. Adobe
is planning a patch to address the issue.
Microsoft also made headlines when it was reported that a magistrate judge
recommended Sept. 3 that the U.S. District Court for the Eastern District of
Virginia rule in the company's favor in a lawsuit filed to take down the
Waledac botnet. The recommendation was to grant a default judgment that would
transfer ownership of the 276 domains behind the botnet to Microsoft.
"In this case, Microsoft presented evidence to the court that although
the defendants did not come forward, they were aware of the case and actively
tried to retaliate, attempting to launch a distributed-denial-of-service (DDOS)
attack against the law firm that filed the suit and even going so far as to
threaten one of the researchers involved in the case," Microsoft said.
Microsoft is also prepping nine security bulletins for Patch Tuesday. The
bulletins will be released Sept. 14, and follow an August update that covered
nearly three dozen vulnerabilities in a number of products. The upcoming
bulletins will address problems in Windows, Microsoft Office and Microsoft ISS
(Internet Information Services), according to Microsoft.
and Mozilla did some patching
in the past week as well, pushing out updates
to their Web browsers to address the DLL loading issue affecting applications
running on Windows. Both Apple Safari and Mozilla Firefox were on the list of
vulnerable applications, which researchers have said also includes Microsoft
Word 2007 and Adobe Photoshop.