Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 25th, 2008

CA BrightStor Users Under Attack

A new program is being attacked recently, this time it is CA’s BrightStor ARCserve Backup. POC (Proof-of-concept) example of the vulnerability code was made public last week on Symantec prediction was it would likely be modified and used for attacks in a short time, and they were right.

The attack was reported Monday by Symantec. Malicious website on a .cn domain was serving the attack code. By tricking an ARCserve user into visiting an infected website, attackers could exploit the flaw and install malicious software on a victim’s PC, Symantec said. The flaw is in the Unicenter DSM r11 List Control ATX ActiveX control, found in ARCserve Backup Version 11.5. Other versions of the product may also be vulnerable.

Symantec is advising users to turn off the buggy ActiveX control within the Windows Registry. As usual, unless you are a technically savvy user, you shouldn’t attempt to do it by yourself, since wrong actions might lead to an unbootable system.

According to Symantec, until a patch is available, users should set the kill bit on the affected CLSID [Class identifier] for workstation or terminal server computers that have this software installed. The CLSID for the CA control is BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3.

It’s not the only vulnerability that system administrators are worrying about this month. About two weeks ago Panda Security reported that a flaw in the Jet Database Engine software that ships with Windows was being exploited by attackers who were distributing malicious .mdb (Microsoft Access Database) files in public forums.

Late Friday, Microsoft issued an advisory on the issue, saying that it could affect Word users, and possibly users of other Microsoft products as well.

Microsoft has not said when it intends to patch this bug, but has not ruled out the possibility of an emergency patch.

CA has not commented on the bug, so there is still no indication when it might be patched.

Share this item with others:

More on CyberInsecure:
  • Exploit Targeting Corporate Computer Associates Users
  • BBC Website Hit By DDoS Attack
  • Massive Botnet DDoS Attack Hits
  • Spam From 750 Compromised Twitter Accounts Invited Users To Visit Porn Website
  • WordPress 2.6.2 Released Due To PHP Weakness That Might Lead To Attack

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: CA BrightStor Users Under Attack

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.