Monday, March 30, 2009
In an event that hits the computer world only once every few years, security experts are racing against time to mitigate the impact of a bit of malware which is set to wreak havoc on a hard-coded date. As is often the case, that date is April 1.
Malware creators love to target April Fool's Day with their wares, and the latest worm, called Conficker C, could be one of the most damaging attacks we've seen in years.
Conficker first bubbled up in late 2008 and began making headlines in January as known infections topped 9 million computers. Now in its third variant, Conficker C, the worm has grown incredibly complicated, powerful, and virulent... though no one is quite sure exactly what it will do when D-Day arrives.
Thanks in part to a quarter-million-dollar bounty on the head of the writer of the worm, offered by Microsoft, security researchers are aggressively digging into the worm's code as they attempt to engineer a cure or find the writer before the deadline. What's known so far is that on April 1, all infected computers will come under the control of a master machine located somewhere across the web, at which point anything's possible. Will the zombie machines become denial of service attack pawns, steal personal information, wipe hard drives, or simply manifest more traditional malware pop-ups and extortion-like come-ons designed to sell you phony security software? No one knows.
Conficker is clever in the way it hides its tracks because it uses an enormous number of URLs to communicate with HQ. The first version of Conficker used just 250 addresses each day -- which security researchers and ICANN simply bought and/or disabled -- but Conficker C will up the ante to 50,000 addresses a day when it goes active, a number which simply can't be tracked and disabled by hand.
At this point, you should be extra vigilant about protecting your PC: Patch Windows completely through Windows Update and update your anti-malware software as well. Make sure your antivirus software is actually running too, as Conficker may have disabled it.
Microsoft also offers a free online safety scan here, which should be able to detect all Conficker versions.
Saturday, March 07, 2009
It's malware that actually removes other malware from its victims' PCs. And so far, nobody is exactly sure how it's being distributed.
Security experts this week are buzzing about a new Trojan called Tigger.A, also known as Syzor. The data-stealing malware has quietly claimed about 250,000 victims since it was first spotted by security intelligence company iDefense in November, according to a Washington Post report.
Tigger.A allows attackers to gain access to "administrator" privileges on Windows machines, even if the user himself doesn't have those privileges, according to the report. It takes advantage of a vulnerability (MS08-066) in Windows' "privilege escalation" feature that Microsoft revealed -- and patched -- in October.
"Tigger removes a long list of other..... More Here
Tuesday, March 03, 2009
Koobface Variant Hits Facebook -- Again
In this scam, detected by researchers at Trend Micro, users receive a message with a link, purporting to be from a friend from the user's contact list, along with a spoofed version of YouTube. Once users click the link, they are taken to a site supposedly hosting a video that appears to be from the alleged sender, containing the name as well as the photo of the user's "friend" from his or her Facebook profile. Here
Facebook Corporate Security
The range of security threats around social networking sites, including LinkedIn, MySpace, Facebook and others, ranges greatly, Amit said. Here
Facebook Turns Site into a Democracy:
In addition to "poking" former classmates and updating your status update with what you had for lunch today, Facebook will now allow you to vote on the site's terms of service. Here