Skype, ZoneAlarm, Windows security risks scrutinized
Last Updated: Monday, April 16, 2007 | 3:00 PM ET
CBC News
Related
Internal Links
External Links
- F-Secure blog post
- Security Focus ZoneAlarm advisory
- Matousec ZoneAlarm advisory
- Microsoft Security Response Center blog post on Windows hole
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)
A Skype worm is loose, computer security software ZoneAlarm could be used to hijack or crash a machine and Window's Server users should implement a vulnerability workaround, researchers say.
An instant-messaging worm that spreads through Skype and Skype-enabled programs is spreading links to malware through people's Skype contacts list on infected machines, Finnish computer security firm F-Secure Corp. said Monday.
Before sending the link, the worm also sets the infected Skype user's online status to "do not disturb," stopping notifications of incoming calls or messages, an F-Secure researcher wrote in a post to the company's security labs weblog.
Upon clicking the link in the message, malware is downloaded to the victim's machine, and once executed, displays a picture of a scantily clad woman, F-Secure said.
The worm appears to promote a series of identical websites focused on African tourism, which are likely being used as a counter to track infections, F-Secure said.
Another vulnerability, reported Sunday on Symantec Corp.'s Security Focus site, involves the popular PC firewall software ZoneAlarm.
The software, which comes in free and paid-use versions, has a weakness that could allow an attacker to send unverified instructions or data to a component of the program, resulting in a crash or potentially giving full access to the system. The vulnerability's effect is to deny people access to their computers.
The problem affects ZoneAlarm Pro versions 6.1.744.001, 6.5.737.000 and possibly others.
Check Point Software Technologies Ltd. had in January issued an update to the software — version 7.0.302 and higher — that already addresses the newly discovered bug.
The flaw was originally reported on Sunday by David Matousek of Matousec security.
Microsoft touts Windows Server hole workaround
Also on Sunday, Microsoft updated customers about a "highly critical" vulnerability in the Domain Name System (DNS) Server service for its Windows Server versions 2000 and 2003 and urged them to implement a workaround issued on Thursday.
The world's largest software maker found another way to gain access to the vulnerability and discovered that the workaround may have unexpected effects on some systems.
Administration and configuration of the DNS Server "may not work if the server has a computer name of 15 characters or longer," Microsoft said in its updated advisory and recommended that technicians use the system's full name to manage it.
"Our teams are continuing their work to develop a security update to address this issue. Our ongoing monitoring … indicates that attacks are still limited," researcher Christopher Budd wrote in a post to the Microsoft Security Response Center blog.
"We continue to urge customers to deploy the workarounds in their environments as quickly as possible."
Share Tools
Top News Headlines
- Everest victim's husband says family not seeking government help
- The husband of a Toronto woman who died trying to climb Mt. Everest on Saturday says his family is not seeking government help to cover the cost of bringing his wife's body home. more »
- B.C. premier unhappy with disgraced Mountie's transfer
- B.C. Premier Christy Clark says she is not happy with the RCMP decision to transfer a disgraced Alberta Mountie to the West Coast. more »
- Henrique's OT goal sends Devils into Stanley Cup final
- The New Jersey Devils will vie for a potential fourth Stanley Cup in franchise history after defeating the New York Rangers in six games in the Eastern final, courtesy of rookie Adam Henrique's goal early in overtime. more »
- Employment Insurance review boards to be scrapped
- The federal government is scrapping two review boards used by people appealing decisions made about their employment insurance. more »
Latest Technology & Science News Headlines
- Unloading of docked SpaceX capsule to start Saturday
- The privately bankrolled SpaceX Dragon capsule made a historic arrival at the International Space Station on Friday, and astronauts will begin unloading some of the 544 kilograms of food, water, clothing and other supplies its carrying starting Saturday. more »
- South Africa, Australia to share world's largest telescope
- South Africa and Australia will jointly host the Square Kilometre Array, which promises to be the world's largest telescope, the international consortium in charge of the project said Friday. more »
- Bonavista, N.L., 'coyote' was really wolf, tests confirm
- Wolves have not been seen in Newfoundland since around 1930 and were believed to have been hunted to extinction on the island, but genetic tests have confirmed that an 82-pound animal shot on the Bonavista Peninsula in March was, in fact, a wolf. more »
- Once-rare argus butterfly thriving thanks to climate change
- Global warming is threatening the existence of many species, such as the giant polar bear, but in the case of Britain's brown argus butterfly, it took a species in trouble and made it thrive. more »
- Yahoo scraps digital magazine designed for iPad
- Yahoo has killed Livestand, a tablet magazine, just six months after its debut on the iPad. more »
Bob McDonald's Blog
Government to shut down unique fresh water research area May. 25, 2012 12:31 PM The Experimental Lakes Area research facility in Northern Ontario is being closed down after 44 years of providing invaluable data to scientists in Canada and internationally, a decision that has stunned researchers and environmental groups.
Quirks & Quarks
- May 26: Before the Lights Go Out May. 25, 2012 4:15 PM A new book, "Before the Lights Go Out: Conquering the Energy Crisis Before It Conquers Us", suggests that the unpredictable, unplanned, ad-hoc way our energy use developed in the past will shape our energy future.
Latest Features
- Aylmer triple stabbing leads to first-degree murder charges
- Everest victim's husband says family not seeking government help
- B.C. premier unhappy with disgraced Mountie's transfer
- Third B.C. salmon farm quarantined
- What a Greek euro exit could mean for Canada
- RCMP officer charged in fatal crash
- Canada ending 'Buffalo shuffle' for visas, closing consulate
- Reclaiming the dead on Mt. Everest
- Employment Insurance review boards to be scrapped
