Both PCWorld and SANS are reporting two separate cases of malware that attempts to use the recent Microsoft-announced JPEG security hole. In the first article, the malware targets AOL Instant Messaging, trying to lure people to a website that will download malicious code to your PC and open a backdoor to the malware author.  In the SANS report, the hacker used porn images to attract attention. These images use the JPEG hole to gain access to the computer.

If you haven't done it yet, run the JPEG toolkit on your system to detect vulnerable code. This exploit exists on multiple non-Microsoft products.  See the SANs report for more information on this toolkit.

SANS just made available a toolkit that can help detect software on your system that is vulnerable to this security hole. This is definitely a tool worth checking out.

Microsoft recently announced a security patch, MS04-028, which closes a hole in JPEG and other online image technologies. It will only be a matter of time now before the first malware appears in the wild, using this vulnerability.

As the Internet grows and feeds the increase in new technologies, malicious coders are there, willing and able to exploit new vulnerabilities as fast or faster than vendors can protect against it. Thus we will always be in the position where we must educate the end user to avoid online behavior patterns that these malware authors depend on.

It is fairly well-known that emails from unkown senders may have a malicious intent. These emails have executables that the user opens and unwittingly infects her machine. There is also a tendency by some users to assume only .exe files are bad. This is not that case. Recent exploits have been announced for pdfs and zip files. Open these, and you are once again invected.

The lesson to learn - avoid all unknown emails. This is harder and harder in the world of increasing spam, but it is a lesson we all must take to heart.

Symantec and Incidents.org are reporting that the first trojan to attack mobile Windows software (that is, Pocket PC software) has been released into the wild. This trojan will attempt to open a udp port and comunicate back to the hacker's site. While it is not particularly distructive (yet), it does open up the next wave of attacks on computer devices.

Meanwhile, other reports are out that with the advent of more advanced peripheral protection  (firewalls, anti-virus, etc) for edge computers and servers, the hacker community will focus more on these simple handheld devices. PDAs are a common occurance in the business communities. With built-in wireless as well as cradle-based wired connectivity, PDAs can open up a security hole inside the corporate intranet. Symantic and others are offering security software for PDAs, but the market is still untapped in this area. That means its an open hole for hackers.

The latest MyDoom variant released today is using search engines to scan and verify email domains. This variant has likely been the reason why Google has been useless all day. SANS Incidents reports on this problem and how the malware code is disrupting target search engines. Symantec and other anti-virus companies have updated anti-virus protection patches for this so please update your software ASAP. Google, lycos, yahoo and altavista search engines are effected.

A recent article describes the latest malicious trend in network attacks. The Witty worm showed a number of advances in worm propegation and attack.  This worm had a small target - BlackIce users who had failed to patch a very recently found vulnerability. BlackIce is a personal intrusion detection system.  The worm infected 12000 machines. This seems a small number, but the frightening fact is that it found and destroyed the entire set of unpatched BlackIce users in 45 minutes. The attack itself was particularly malicious. The worm gained access the the vulnerable machines and then randomly erased RAM in 64K sections, effectively destroying the victim machines.

The timeline for this attack is frightening.  ISS, the company that produces BlackIce, discovered a stack overflow problem in its products on March 8th.  On March  9th ISS made a patch available to fix this problem, and on March 18th they announced the vulnerability .  On March 19th Witty struck. Did the malware author have prior knowledge of the vulnerability, or was he or she exceptionally fast in creating an exploitation of the problem?

The sad fact is that other hackers will pick up the lessons learned in Witty and apply them to newer, more malicious attacks against vunlerable machines.

It was only a matter of time, and now the malicious hacker world has entered the realm of cell phone technology. The Cibir virus has been detected in Symbian OS- based cell phones (including Nokia, Sony and Seimens, according to this  article from NewsFactor.  The virus is spread over a BlueTooth connection, which is a common short-range (30 feet or less) wireless connection between devices like cell phones, PDAs and printers.

More interesting perhaps, is Symantec's announcement that the are now supporting anti-virus software for handheld devices (PDAs) running Microsoft or Palm-OS software. It seems there is now critical mass for supporting anti-virus software on these operating systems, though the current attack ratio is comparitively small.

While this seems an unlikely topic for a security blog, a recent report from Security Focus shows that old or lost laptops continue to be a security risk. In that article, a major firm let out significant company-confidential material by not taking the necessary steps to wipe the hard disk clean before selling off the old equipment. This problem extends to lost or stolen laptops as well. There are a number of techniques to crack into a weakly protected laptop and gain access to significant sensitive data. It was interesting to learn that no attempt is made to remove sensitive data when laptops are auctioned off (from airports and even police stations).

The recent edition of Cisco's IQ Magazine has introduced their new focus on small and medium businesses. One of the articles introduces some basic security concepts. This introduction highlights the three branches of security threats that Cisco uses to categories all network or information security breaches. The three branches are:
  * Unauthorized data access (i.e. snooping)
  * Data integrity breach (i.e. changing the data for any reason)
  * Denial of Service (i.e. making data unavailable)