/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsA trojan on your handheld
As if the havoc wreaked on PCs the world over wasn’tenough, trojans and viruses have found their way to handhelds too.
A trojan called Liberty Crack, Palm. Liberty.A,Trojan.Palm.Liberty, or a combination of these words infects handhelds runningthe PalmOS. On a PC, this trojan appears with the name liberty_1_1_ crack.prc.
The trojan can find its way to your device from a hostcomputer during a HotSync operation, or from another PalmOS device via infrared.OmniSky wireless Internet users can receive it as an e-mail attachment too.
It arrives as a "crack" for an application calledLiberty, which allows a PalmOS device to run Nintendo GameBoy games. It claimsto convert the free shareware version of Liberty to a fully registered one. Whenyou run it, it tries to delete all applications from your handheld and thenreboot it.
Most anti-virus software can catch this trojan, so be sure toupdate it. Also, add PRC to the file extensions to be scanned by your anti-virussoftware. If you’ve already been infected, search your device for the trojanand delete it.
Patch for Outlook and Outlook Express vulnerabilities
Microsoft has released a patch that fixes threevulnerabilities in its mail clients–Outlook and Outlook Express. The patch isavailable at: www.microsoft. com/windows/ie/download/critical/patch9.htm.However, if you’ve done a default installation of IE 5.01 SP1, or a defaultinstallation of IE 5.5 on a machine that doesn’t run Win 2k, you won’t beaffected by these vulnerabilities. We explain the vulnerabilities and the damagethey can do here.
Crashing your mail client
A component shared by Outlook and Outlook Express–inetcomm.dll–hasa vulnerability that can be exploited by a remote user to crash your mailclient, or run code on it that could format your hard drive, change data on yourPC, connect to a Website, etc.
The vulnerability exists in the way this component parsese-mail headers when downloading mail via POP3 or IMAP4. However, if you useMAPI, you’re unlikely to be affected.
The inetcomm.dll component contains an unchecked buffer inthis functionality. A buffer is a storage area within a program that the programuses to store inputs while it’s reading them. However, the program needs toensure that the data would fit into the buffer before attempting to store it.Otherwise, a buffer overrun condition will occur–the length of the data willexceed the length of the buffer–which will enable new code to be introduced inthe program. This is what happens in this case.
When e-mail with a special kind of header is sent to yourmail client, a buffer overrun occurs and new code is introduced into theprogram. Depending on what the header says, this could either cause your e-mailclient to crash, or let the code do anything on your machine that an authorizeduser could do on it. You wouldn’t need to open the mail for this to happen–thevulnerability would have been exploited when the mail was being retrieved fromyour server, that is, even before it appeared in your inbox.
The patch discussed above fixes the vulnerability for OutlookExpress users. If you use Outlook, you’ll have to install a new or patchedversion of Outlook Express, for the patch to be available for your Outlook mailclient. This is because though Outlook and Outlook Express use this component,it ships as part of Outlook Express and IE.
Exposing your e-mail to remote users
If you’re using Outlook Express as your mail client, andhave the preview pane feature enabled, an HTML mail you read in your clientcould open a browser window, link your mail client to that, and open all yoursubsequent mail in the browser window for any malicious user to read.
By design, it’s possible for an HTML e-mail to open abrowser window, and link it to an Outlook Express window. However, the linkshouldn’t be persistent–it should be broken as soon as you close your HTMLmail. This vulnerability allows this link to remain intact even after you’veclosed your HTML mail. So, a malicious user could send you an HTML mail thatopened a browser window and linked your mail client to it (you would see the IEicon on your taskbar in this case). Any mail you preview after that using thepreview pane feature will be visible in the browser, and can be sent via HTTP tothe malicious user’s Website. However, if you double-click on a mail and itopens in a new window, the link can’t be established and your mail is safe.
The patch above prevents a browser window from creating apersistent link to an Outlook Express window. This vulnerability doesn’taffect Outlook users.
Exposing your local files over the Internet
A vulnerability in Outlook Express and Outlook allows amalicious user to send you an HTML e-mail, which, if opened, will allow him toread files in your computer. He can also place executable files in your harddisk, and use other means to launch them and wreak havoc on your machine.
The vulnerability happens because it’s possible for an HTMLe-mail to create a file in your system that lies outside the cache. The cache isa special set of folders controlled by the IE security architecture for HTMLprocessing. Whenever an HTML mail needs to create a file on your system, it’ssupposed to do so in the cache. These files are contained within the HTMLe-mail, and are usually used to provide formatting information, backgroundimages, animation, etc, for use in displaying the e-mail’s text. Storing themin the cache ensures that the e-mail will have to go through the securityarchitecture to retrieve the cached file. Thus the security architecture willhave control over what the file can do.
Due to this vulnerability, an HTML e-mail can bypass thecache and create such a file in a known location on your hard disk. This meansthat the file is stored in the Local Computer Zone of your system, instead ofthe Internet Zone, and can access other files on your system. So, a malicioususer can send an HTML e-mail that could create a file on the local computer. Thee-mail will then open the file using IE, and the file will be controlled by themalicious user’s HTML e-mail. The page will then be able to open other fileson your hard drive, and send their contents to the malicious user, provided themalicious user knows the exact path of the files on your machine that he wantsto access.
However, the malicious user can only read your files, he can’tdelete or modify them in any way. He can read only those file types that can bedisplayed in a browser–TXT, JPG, GIF, or HTM being the common ones.
The vulnerability also allows him to place an executable fileon your machine via the HTML e-mail. He can then use other means to launch thisprogram.
The patch above prevents the HTML e-mail from creating fileson your local disk.
Security hole in Netscape Navigator
A security hole in Netscape Navigator 4.0 to 4.74 allows aJava applet to read files from your local computer.
A malicious Java applet that runs in your browser can causeyour machine to connect to a malicious Web server. After this, any machine onthe Internet will be able to access your local file system, using a command likefile:///C:/somefile.txt. However, the person accessing your machine should knowthe name and path of the file he wants to access. Also, the remote Web server,using protocols like FTP, HTTP, and HTTPs, can access the contents of URLsbehind firewalls.
A firewall wouldn’t protect your system in this case,because instead of a remote Web server trying to connect to your machine, it’sthe Java applet on your machine that’s connecting to the remote Web server.
The vulnerability is caused because of an implementationerror in the Java Runtime Environment that comes with Netscape Navigator.
To protect yourself, you can upgrade your browser to version4.75, which is not susceptible to this vulnerability.
Compiled by Pragya Madan