New breed of virus beats AV gateways


New breed of virus beats AV gateways

Cliff Saran
IT departments could soon be battling a new breed of virus, security experts have warned.

The creators of the Bofra worm, a variant of MyDoom, which was released last week, have devised a way to bypass anti-virus gateway security, according to security company ClearSwift.

The virus uses the iFrame security hole in Internet Explorer. Microsoft has issued a patch to fix this hole and Windows XP Service Pack 2 blocks the vulnerability that Bofra exploits.

But Phil Cracknell, chief technology officer at security firm netSecurity, said IT departments would find it hard to speed up deployment of SP2 because of potential conflicts with applications.

Bofra installs small web servers on infected PCs. These send out e-mail messages that contain no attachments or malicious script code, but have a simple web link to the infected machine. This means e-mails pass through anti-virus gateways unhindered.

If a user clicks on the link, the browser opens up the HTML page being run on the infected PC, which contains a virus program. This causes a buffer overflow, which allows the virus to install and run a web server on the infected machine.

Pete Simpson, ThreatLab manager at Clearswift, said this mode of operation made it very difficult for ISPs to stop a Bofra-type virus.

Microsoft advance advice >>

Multi-layered security is vital >>

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy