New breed of virus beats AV gateways

IT departments could soon be battling a new breed of virus, security experts have warned.

IT departments could soon be battling a new breed of virus, security experts have warned.

The creators of the Bofra worm, a variant of MyDoom, which was released last week, have devised a way to bypass anti-virus gateway security, according to security company ClearSwift.

The virus uses the iFrame security hole in Internet Explorer. Microsoft has issued a patch to fix this hole and Windows XP Service Pack 2 blocks the vulnerability that Bofra exploits.

But Phil Cracknell, chief technology officer at security firm netSecurity, said IT departments would find it hard to speed up deployment of SP2 because of potential conflicts with applications.

Bofra installs small web servers on infected PCs. These send out e-mail messages that contain no attachments or malicious script code, but have a simple web link to the infected machine. This means e-mails pass through anti-virus gateways unhindered.

If a user clicks on the link, the browser opens up the HTML page being run on the infected PC, which contains a virus program. This causes a buffer overflow, which allows the virus to install and run a web server on the infected machine.

Pete Simpson, ThreatLab manager at Clearswift, said this mode of operation made it very difficult for ISPs to stop a Bofra-type virus.

Microsoft advance advice >>

Multi-layered security is vital >>

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.