Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Find a Review
Dads & Grads Gift Guide Audio & Video Business Center Cameras Cell Phones & PDAs Communications Components & Upgrading Desktop PCs DVD & Hard Drives Gaming Hardware & Software HDTV Laptops Macs & iPods Monitors Printers Spyware & Security The PCW Test Center Windows Vista & XP
Resource Centers
Asus Notebook Center
CDW Solution Center
HP Ink Center
Intel Technology Center
Lenovo Laptop Showcase
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Free Newsletters
Receive the latest reviews, how-to's, news, and more.
Security & Privacy
Weekly Brief
Daily Technology News
Go
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
RSS Feeds
Get our latest content via convenient RSS feeds.
Latest News
Today @ PC World
Become a PCW Member
Join the community and start enjoying the benefits:
  • Get tech advice from thousands of PC World Members
  • Rate and recommend the latest tech products
  • Share your thoughts in blog and article comments
  • Get free excerpts and exclusive discounts on Super Guides
Signing up is free and easy.
Read More About: Online SecurityCybercrimeSecurity

Criminals Target CA's BrightStor in New Attack

Robert McMillan, IDG News Service

Monday, March 24, 2008 5:00 PM PDT
Recommend this story?
Yes
No

Just days after Microsoft warned of attacks targeting its Jet Database Engine software, cybercriminals have found a new program to attack: CA's BrightStor ARCserve Backup for Laptops and Desktops.

The new attack was reported Monday by Symantec, which said that a malicious Web page with a .cn domain was serving the attack code. By tricking an ARCserve user into visiting the Web site in question, attackers could leverage the flaw to install malicious software on a victim's PC, Symantec said.

A proof-of-concept example of the code was made public last week on the Milw0rm.com Web site. Symantec quickly predicted that it would likely be modified and used for attack.

The flaw lies in the Unicenter DSM r11 List Control ATX ActiveX control, found in ARCserve Backup for Laptops and Desktops version 11.5, Symantec said. Other versions of the product may also be vulnerable, however.

CA has not commented on the bug, so there is no indication when it might be patched.

Turn Off ActiveX Control

Symantec is advising users to turn off the buggy ActiveX control within the Windows Registry, something that should only be attempted by technically savvy users.

"Until a patch is available, we urge users to set the kill bit on the affected CLSID [Class identifier] for workstation or terminal server computers that have this software installed," Symantec said in an alert sent out Monday to users of the company's DeepSight threat management system. The CLSID for the CA control is BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3. Symantec said.

It's not the only vulnerability that system administrators are worrying about this month.

On March 3, Panda Security reported that a flaw in the Jet Database Engine software that ships with Windows was being exploited by attackers who were distributing malicious .mdb (Microsoft Access Database) files in public forums.

Late Friday, Microsoft issued an advisory on the issue, saying that it could affect Word users, and possibly users of other Microsoft products as well. According to Symantec, Microsoft's advisory relates to the same malware that Panda had spotted.

Microsoft has not said when it intends to patch this bug, but has not ruled out the possibility of an emergency patch.


Recommend this story?
Yes
No
Related Searches: attack symantec activex windows

Comments
Related Content
Tags at a Glance
HP Ink Center
Bring improved color and brilliance to your printed material. Visit the Resource Center for more info...
CDW Solution Center
Deliver speed and scalability in your storage systems. Find out how at the CDW Solution Center.
Asus Notebook Center
Ultra-fashionable thin and light notebooks with SmartLogon Face Recognition. Find out more at the Asus Resource Center.
Intel Processor Technology
Which Intel Processor is Right for You?
Which Intel Processor is Right for You?Centrino, Core 2 Duo, Core 2 Quad, Core 2 Extreme? Check out the Intel Technology Center for more info...
Are you a gamer?
Are you a gamer?Visit the Intel's Gaming section for the latest downloads, hottest gaming events and to learn about Intel & Gaming.
See what Intel can do for Vista...
See what Intel can do for Vista...Discover how Windows Vista technology work in the benchmarks with Intel Centrino processor technology.
VoIP Web Demo
Join Altigen for a Live Web Demo and learn how VoIP technology can improve your business communications.
The Future Sales Force - A Consultative Approach
This white paper discusses the challenges of selling complex products and services, and the new skill sets sales professionals must employ.
Latest News
Vodafone Acquires Social-networking Platform Company
Vodafone is acquiring ZYB, a Danish company that has developed a social networking and online management tool for backing-up... 16-May-2008
Apple's IPhone May Face Uphill Battle in Some Regions
The iPhone's reach expanded again Friday, with Orange announcing plans to sell the phone in Europe, the Middle East and... 16-May-2008
Seeing Is Believing With High-definition Train Simulator
A new train simulator codeveloped by Fujitsu offers unparalleled realism thanks to high-definition video shot on actual train... 16-May-2008
Samsung to Unveil 'Blue Phase' 240Hz LCD Panel
Samsung Electronics will unveil this weekend the first prototype of a new LCD (liquid crystal display) technology that won't... 16-May-2008
Panasonic's Car Navi Reaches Home While Away From Home
With all the time spent on the road, most drivers consider their cars to be their second homes. Reaching their primary home... 16-May-2008
Hearts Turn to Rainbows in Quake's Wake
Internet users in China have begun expressing solidarity with the victims of Monday's earthquake via their instant messaging... 15-May-2008
Sony Names New Head of Worldwide Games Studios
Sony has promoted a senior executive at its U.S. games studio to lead its global studios, it said Friday. 15-May-2008
Fujitsu Tackles E-paper's Slow Screen Speed
Fujitsu has developed a prototype electronic paper screen that tackles one of the technology's biggest weaknesses: the amount... 15-May-2008
Windows Coming on Dual-boot OLPC
The One Laptop Per Child Project and Microsoft plan to make both Windows and Linux available on a version of the project's XO... 15-May-2008
Yahoo Tells Icahn That Its Own Board Knows Best
Yahoo has responded to investor Carl Icahn's threat to take control of Yahoo's board and force it back to the negotiating... 15-May-2008

PC World's Marketplace

PC World's Free Whitepapers

Name City
Address 1 State Zip
Address 2 E-mail (optional)