Security Web Digest: New Worm Poses as Software Patch From Microsoft or Symantec

Destructive attack spreads on KaZaA or e-mail P2P file sharing software in use in corporations House Bill would criminalize copyrighted file sharing Authentication Software market to grow in coming years Privacy


Several security firms have identified a new worm that poses as a critical software patch from Microsoft or an antivirus update from Symantec Corp. The worm, which for the moment goes by multiple name, including W32.Gruel@mm and W32/Fakerr@mm, modifies a slew of system settings in Microsoft Windows machines and attempts to delete a host of crucial system files. Like most worms, Gruel/Fakerr propagates via E-mail by lifting addresses from the Microsoft Outlook address book. However, it can also spread through the Kazaa file-sharing network.

Intellectual Property

Peer-to-peer file-sharing software for trading music, movies, and software has more than a toehold in corporate networks, Canadian asset monitoring company AssetMetrix said in a global survey of 560 companies that it released Wednesday. The survey, conducted by the companys AssetMetrix Research Labs arm, poked through computers at companies of all sizes in the United States, Canada, the United Kingdom, Europe, Africa, and the Pacific Rim. File-sharing applications such as Kazaa, Morpheus, and Imesh were spotted on machines at three out of every four businesses, said Steve OHalloran, the director of the lab and one of the founders of AssetMetrix. All companies with more than 500 employees had at least one computer with the software on the hard drive.

A bill pending before the House of Representatives would make the intent to share a copyrighted file grounds for prosecution. The proposed bill, submitted by Rep. John Conyers (D-MI) and co-sponsored by Howard Berman (D-CA) would modify the U.S. Title Code, adding the stipulation that if a user makes accessible a copyrighted file to a file-sharing service without permission he can be charged with up to ten counts of copyright violations.

Homeland Security

The next five years will see the authentication market nearly double, a Yankee Group report said Thursday. Spending levels for authentication systems and tools will rise from this years $1.4 billion to $2.4 billion in 2008, the report said. The figure represents a compounded annual growth rate of 11.5 percent, well ahead of other tech segments. Homeland Security spending will power much of the climb, kicking it toward higher gear almost immediately.

The Bureau of Customs and Border Protection is hiring a deputy CIO. Among the deputy CIOs numerous duties, described in a nearly 1,900-word job notice posted on the USAJobs Web site, are monitoring and evaluating the performance of the departments IT programs and acting on or advising the CIO whether to initiate, modify, or terminate programs and projects. The position describes a job much like the one thats been vacant since June 5 when Laura Callahan, a top aide to CIO Steve Cooper, went on administrative leave after a published report said she had obtained her bachelors, masters, and doctorate degrees from Hamilton University, an alleged diploma mill. A department spokesman declined to comment on whether its the same job.


Privacyware recently released ThreatSentry version 1.0, threat prevention and management software for Windows Web servers. ThreatSentry is a neural application that combines modeled metrics and machine learning to deliver protection from known and undocumented network threats and other misuse. Using a complex automated learning process, a knowledge-base of documented exploits, and an analysis model specifically designed for Microsoft Internet Information Services (IIS), ThreatSentry continuously collects, analyzes and organizes server events to create an evolving baseline of acceptable activity. Each server connection is compared against this adaptive baseline to identify and prevent any activity falling outside of acceptable parameters.