Criminals target CA's BrightStor in new attack
CORRECTION: This story incorrectly referred to the version of the software under attack. The software is CA's BrightStor ARCserve Backup for Laptops and Desktops. The first and fourth paragraphs have been corrected.
Just days after Microsoft warned of attacks targeting its Jet Database Engine software, cybercriminals have found a new program to attack: CA's BrightStor ARCserve Backup for Laptops and Desktops.
The new attack was reported Monday by Symantec, which said that a malicious
Web page with a .cn domain was serving the attack code. By tricking an ARCserve
user into visiting the Web site in question, attackers could leverage the flaw
to install malicious software on a victim's PC, Symantec said.
A proof-of-concept example of the code was made public last week on the Milw0rm.com
Web site. Symantec quickly predicted that it would likely be modified and
used for attack.
The flaw lies in the Unicenter DSM r11 List Control ATX ActiveX control, found in ARCserve Backup for Laptops and Desktops version 11.5, Symantec said. Other versions of the product may also be vulnerable, however.
CA has not commented on the bug, so there is no indication when it might be
patched.
Symantec is advising users to turn off the buggy ActiveX control within the
Windows Registry, something that should only be attempted by technically savvy
users.
"Until a patch is available, we urge users to set the kill bit on the
affected CLSID [Class identifier] for workstation or terminal server computers
that have this software installed," Symantec said in an alert sent out
Monday to users of the company's DeepSight threat management system. The CLSID
for the CA control is BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3. Symantec said.
It's not the only vulnerability that system administrators are worrying about
this month.
On March 3, Panda
Security reported that a flaw in the Jet Database Engine software that ships
with Windows was being exploited by attackers who were distributing malicious
.mdb (Microsoft Access Database) files in public forums.
Late Friday, Microsoft issued
an advisory on the issue, saying that it could affect Word users, and possibly
users of other Microsoft products as well. According to Symantec, Microsoft's
advisory relates to the same malware that Panda had spotted.
Microsoft has not said when it intends to patch this bug, but has not ruled
out the possibility of an emergency patch.
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Enterprise 2.0 Implementation
By Aaron C. Newman, Jeremy Thomas
Published by McGraw-Hill
Learn more!
Deploying Cisco Wide Area Application Services
By Zach Seils, Joel Christner
Published by Cisco Press
Learn more!
