Notebook: Google/Orkut worm, Leaky HP laptops; Google text ad Trojan; Sun patches
Today's dose of security items includes an Orkut worm, HP's laptop woes; Google ad Trojan and Sun Management Center patches.
Trend Micro: Google/Worm compromises 400,000+ accounts
Trend Micro said in an advisory that a worm is making life hell for Google/Orkut.
According to the advisory:
There appears to be a Web worm that has replicated at an alarming rate through Google’s Orkut social network in the last few hours.
Infection starts when the user is sent an email telling them that they have a new Scrapbook entry (essentially a guestbook). Upon visiting their page the user sees the text:
“2008 vem ai… que ele comece mto bem para vc”
No interaction is necessary; simply looking at the scrap starts the infection sequence. The scrap deletes itself, and the user is added to the Orkut Community “Infectados pelo Vírus do Orkut.” It then downloads and executes a heavily obfuscated JavaScript from http://files.myopera.com/virusdoorkut/[REMOVED]/virus.js, which in turns sends a copy of the original Scrapbook post to all of the user’s Orkut Contacts, so that they too will be infected by the threat.
At last count the group had over 400,000 users who had been infected.
Good times. McAfee also has an entry on the Orkut problems.
HP laptops spring more security leaks
Ryan Naraine reports that a Polish hacker who goes by the handle "porkythepig" has found a remote exploitable zero-day vulnerability in software that comes with HP laptops.
The software, HP Software Update, is leaky. According to Ryan:
A Polish security researcher who uses the online moniker "porkythepig" plans to issue an alert—with accompanying exploit code—within the next 24 hours to demonstrate the impact of the vulnerability on Windows-powered HP machines.
In an e-mail interview with eWEEK, the researcher warned that hackers could use rigged Web sites to launch remote attacks on every HP laptop running Internet Explorer.
If our Polish porkythepig pal delivers, this will be the third HP laptop security issue this year. Actually, I'm surprised we haven't seen more of this. Is Dell next?
BitDefender: Google text ad Trojan detected
Advertisements placed by Google in Web pages are being hijacked by so-called Trojan horse software that replaces the intended text with ads from a different provider, Romanian antivirus company BitDefender says.
The Trojan redirects queries meant to be sent to Google servers to a rogue server, which displays ads from a third party instead of ads from Google, BitDefender said in a statement.
Google said on Wednesday: "We have cancelled customer accounts that display ads redirecting users to malicious sites or that advertise a product violating our software principles."
Here's the BitDefender statement.
Sun Management Center security issue
A moderately critical security issue is affecting Sun Management Center. The gist via Secunia:
A security issue has been reported in Sun Management Center, which can be exploited by malicious people to bypass certain security restrictions.
The problem is caused due to an existing default account within the Oracle database component and can be exploited to gain access to the database and execute arbitrary code with privileges of the Oracle database server.
The security issue is reported in Sun Management Center 3.6.1, 3.6, and 3.5 Update 1.
The Secunia advisory points you to your patches, which cover Sun Management Center on Solaris 8, 9 and 10.