Security news highlights: Check Point to acquire NFR Security

In other security news: New flaws affect Microsoft, McAfee and Yahoo Messenger, while Trend Micro discovers a so-called Vista zero-day flaw on sale for $50,000 a sample.

Check Point to acquire NFR Security
Check Point Software Technologies has signed a definitive agreement to acquire NFR Security for approximately $20 million. With the acquisition of NFR, Check Point will enhance its technology leadership and raise the security bar in defending enterprise networks against today's most dynamic threats.

In a statement, the company said Check Point's SmartDefense and NFR's Hybrid Detection Engine (HDE) will offer customers "precise, real-time attack prevention" by combining pre-emptive type-based protection from SmartDefense with the "highly granular and accurate attack detection" provided by the HDE.

"This acquisition is an important step in Check Point's leadership strategy to continuously raise the level of security available to enterprises for protecting their mission-critical networks. It is part of our focus on two primary layers: network security as our core platform and our recently announced expansion into data security," Gil Shwed, founder and chief executive officer of Check Point, said in the statement.

The price tag for the deal is approximately $20 million including acquisition-related expenses. NFR, established in 1996, is based in Rockville, Md. and has 22 employees.

Worm exploits Symantec flaw
A worm is using an older flaw in Symantec's Client Security and AntiVirus Corporate Edition software to spread, according to Aliso Viejo, Calif.-based eEye Digital Security. But Symantec said the worm, named Big Yellow by eEye, has not spread very far. Symantec released a patch for the flaw back in May.

The worm scans port 2967 for unpatched clients and drops malicious software on the machines it finds. In published reports, Symantec Security Response Senior Director Vincent Weafer said the company first noticed the scanning activity Wednesday. "Since then it's gone to a background level," he told the IDG News Service. "We have had three submissions locally from our customers."

But eEye said the infections are a lot worse than what Symantec's data suggests. Since Thursday, eEye had counted about 70,000 infected systems, eEye CTO Marc Maiffret told the news service.

New flaws affect Microsoft
The French Security Incident Response Team (FrSIRT) is warning of two new security flaws affecting Microsoft products.

The first flaw is a "division-by-zero" error that surfaces in Windows Media Player when the program handles a specially crafted MIDI file with a header chunk containing malformed fields. Attackers could exploit the flaw to crash a vulnerable application via a specially crafted file.

The second flaw is in Microsoft Project Server 2003. "This issue is due to an error when handling HTTP POST requests passed to the 'logon/pdsrequest.asp' script, which could be exploited by authenticated attackers to disclose the username and password of the 'MSProjectUser' SQL account," FrSIRT said in its advisory.

Flaw found in McAfee VirusScan for Linux
Attackers could gain extra network privileges by exploiting a flaw in McAfee VirusScan for Linux, the French Security Incident Response Team (FrSIRT) warned in an advisory.

"This issue is due to an error where the current working directory is included in the 'DT_RPATH' environment variable rather than 'ORIGIN,'" FrSIRT said in its advisory. Attackers could exploit this to execute malicious code with the privileges of the application by tricking the dynamic loader into loading an untrusted ELF DSO. FrSIRT said the flaw was discovered by Gentoo Linux researcher Jakub Moc.

Yahoo warns of Messenger flaw
Yahoo fixed a flaw in its Messenger IM program last week, but the company is asking users to hold off on installing the update until it completes some further testing on the fix. Yahoo spokeswoman Terrell Karlsten told CNET that the company has stopped prompting customers to update the software until it can do more testing to ensure the update works properly. "We're testing the fix until we can get it behaving the way we want it to behave," she told the news organization.

Yahoo had alerted 73 million users worldwide -- specifically those using its IM service before Nov. 2 -- to download the latest version of Yahoo Messenger to correct an ActiveX control error attackers could exploit to cause a buffer overflow. Yahoo said the flaw could cause other applications like Internet Explorer to crash, or cause users to be logged out. The new version fixes the problem and adds new features like compatibility with Windows Live Messenger.

Vista exploits on sale for $50,000?
Researchers at Tokyo-based security firm Trend Micro say someone in the digital underground is selling what they claim to be a zero-day exploit for Microsoft's new Windows Vista for $50,000.

The Vista exploit, which has not been independently verified, was one of many zero-day exploits for sale at an auction-style site that Trend Micro said it infiltrated.

Trend Micro CTO Raimund Genes told eWeek that prices for various exploits were also listed in the $20,000 to $30,000 range. Bots and Trojans designed to attack Windows machines were being sold for about $5,000, he said.

Read more on IT risk management