Attackers target unpatched QuickTime flaw

Attacks using QuickTime flaw appeared aimed at Windows users, but Mac OS users could also be at risk

By Sumner Lemon, IDG News Service
December 03, 2007

Talkback

E-mail

Printer Friendly

Reprints

Attackers are trying to exploit an unpatched vulnerability in Apple's QuickTime software that could let them run code on a victim's computer, Symantec warned in a DeepSight Threat Management System alert issued Sunday.

First observed on Saturday, the attacks appear to be aimed at Windows users, but Mac OS users could also be at risk since the QuickTime vulnerability in question affects both operating systems, the alert said. That vulnerability, called the Apple QuickTime RTSP Response Header Stack-Based Buffer Overflow Vulnerability, was first disclosed on Nov. 23 and remains unpatched by Apple.

Researchers have shown that the QuickTime vulnerability affects a range of operating systems, including Windows XP, Windows Vista, MacOS X 10.4, and the recently released MacOS X 10.5, also called Leopard. The vulnerability can be exploited through Internet Explorer, Firefox, Opera, and Safari.

There are two types of attacks underway, Symantec said. In the first, victims' computers are being redirected from an adult Web site, Ourvoyeur.net, to another Web site that infects the computer with an application called loader.exe, which can be saved to the computer as metasploit.exe, asasa.exe, or syst.exe. Once installed on a computer this application downloads another binary file, which Symantec identified as Hacktool.Rootkit, a set of tools that can be used to break into a system.

Symantec said it was possible attackers had managed to compromise Ourvoyeur.net as part of the attack.

The second attack also involves redirection, and Symantec is currently investigating the attack to determine what if any malicious code is involved.

To protect systems from attack, Symantec recommended blocking access to affected sites. "Filter outgoing access to 85.255.117.212, 85.255.117.213, 216.255.183.59, 69.50.190.135, 58.65.238.116, and 208.113.154.34. Additionally 2005-search.com, 1800-search.com, search-biz.org, and ourvoyeur.net should be filtered," it said, adding IT managers can also block outgoing TCP access to port 554.

Alternatively, IT managers could take more drastic steps.

"As a last measure, QuickTime should be uninstalled until patches are available," the alert said.

Add to:

Digg

Talkback:

comment Post a Comment

MOST COMMENTS

Vista 'inevitable' for enterprises, says Forrester analyst

XP SP3 cripples some PCs with endless reboots

OpenOffice.org beta fails the Office 2007 test

Steve Ballmer can't hear your 'Save XP' pleas

>> Talkback: Have your say

BRINGING PERFORMANCE VALIDATION "INTO THE LIFECYCLE"
Today's enterprise apps are complex and ever-changing, which makes delivering high performance difficult. By virtualizing the behavior of application services and data in a VSE, teams can answer this challenge with validation best practices and test tools to ensure solid performance throughout the lifecycle. Register now to attend this webcast! Sponsor: ITKO

» Click here to view this Webcast

The Data Protection You've Been Looking For
Enterprise data is of supreme importance. If you can't find it quickly, it's worthless. If you lose it, it's a crisis. This IT Strategy Guide explores how to keep your data safe.

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Virtually Limitless Virtual Storage - Do you need virtualization space savings of 50% or more with virtually no performance impact? You might be able to get storage...
Invisible IT? - The goal of IT is to become an invisible entity within a larger organization. Eliminating visibility and road blocks IT ...
It Really Is Easy to be Green - "Green IT" is a popular concept. And IT organizations are learning the influence that IT purchase decisions have on data...
Key Strategies For SOA Testing - SOA requires a unique approach to testing. Unless you're willing to reorient your testing procedures and technology now,...
Eliminate Botnet Security Risks - Botnets are widely regarded as the top threat to network security. This Whitepaper explains how botnets have traditionally...
Zero Day Protection For Your Network - Zero day attacks are a growing threat because they pass undetected through conventional signature-based defenses. Rather...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

Attackers target unpatched QuickTime flaw

MOST COMMENTS

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Video

Podcasts

InfoWorld Blogs

Columnists

Find Products and Companies

Resource Center

Sponsored Technology Links

Sponsored Technology Links
Rackspace - Fanatical Support Promise: Live Support 24x7x365 HP - HP LaserJet M3035 MFP series Starting at $1,599. ?? SHOP NOW Collabnet - Virtual Test Lab Automation: Manage development infrastructure HP - StorageWorks All-in-One Storage Systems. hp.com/betterstorage HP - Improve Resource Utilization and Lower Operating Costs Ipswitch - WhatsUp Gold V12 - network management & monitoring for any size network. HP - Webcast: 5 Things You Need to Know About Storage Virtualization Xerox - Typhoon 8860: Enter to win a Xerox PhaserTM 8860 network color printer! BEA - Webcast: Dialing up Agility with Business Transformation Verisign - Protect Your Data with SSL HP - Speed, agility, flexibility - The HP BladeSystem c-Class. InterSystems - Development, integration, BPM, and BAM together in Ensemble Citrix - Need simple, low cost server virtualization? AMD - We're putting more and more of our energy into saving IT Xerox - Enter to win a Xerox Phaser(TM) 6180 network color printer! Mindreef - Key Strategies For SOA Testing Citrix - Go green.Virtualize servers with Citrix XenServer(TM) - FREE Citrix - Instant server virtualization. Citrix XenServer(TM) - Free! HP - Virtualization: A Step by Step Approach to Success		Neterion - The Missing Piece of Virtualization Microsoft - Tech-Ed 08\|Microsoft's largest tech conference\|June 08 in Orlando Seagate - Maxtor OneTouch(tm) 4 Mini backs up your PC on the go Box.net - Upgrade Your Classic Collaboration Tools Overland Security - The Data Protection You've Been Looking For Lefthand Networks - Free White Paper on Matching Server & Storage Virtualization Vkernel - Resolve Capacity Bottlenecks and Enhance Your Virtual Environment Tripwire - Secure your virtual and physical environments with the same software. Crosscheck Networks - Accelerate Your SOA Projects Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM Microsoft - Microsoft Forefront security products for business. Learn more. Oracle - Fueling the Responsive Enterprise Microsoft - Meet Windows Server 2008. The server unleashed. Microsoft - Tech-Ed 08\|Microsoft's largest tech conference\|June 08 in Orlando Microsoft - {Open Source} Heroes Happen Here Xerox - Enter to win a Xerox Phaser(TM) 6360 network color printer! Vizioncore - Vizioncore has solutions for virtually any virtual need.

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS IT EXEC-CONNECT	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist