You are currently browsing the tag archive for blog security

January 21, 2009

Downadup Spreads – Infects 1 in 16 PCs

As a quick update from the information in Downadup Worm Infection: Cyber Attacks on the Rise in 2009 and Security and Hacking: Protect Thyself and Thy WordPress Blog concerning the still spreading Downadup worm, ComputerWorld and others are reporting that the Downadup worm now infects 1 in every 16 PCs for an estimated current total of over 9 million infections.

It now has its own Wikipedia page called Conficker as the worm is also known as Downup, Downadup, Conficker, and Kido.

According to the Wikipedia article, the computer work first appeared in October 2008 but spread fast after the first of the year. It specifically targets Microsoft Windows and Windows Server services using Windows 2000, Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008. It has infected a few governments and hospitals, but mostly corporate computer networks.

On October 15, 2008 Microsoft released a patch to fix the bug. Heise Online estimated that it had infected 2.5 million PCs by January 15, 2009, while The Guardian estimated 3.5 million infected PCs. By January 16, 2009, an antivirus software vendor reported that Conficker had infected almost 9 million PCs making it one of the most widespread infections in recent times. Conficker is reported to be one of the largest botnets created because 30 percent of Windows computers do not have a Microsoft Windows patch released in October 2008.

The virus can spread through websites and USB drives, like flash drives, cameras, portable hard drives, and other USB connecting devices that trigger AutoRun, so Microsoft is recommending people upgrade their Windows programs and turn off AutoRun. read more

Tags: , , , , , , , , , , ,

January 19, 2009

Security and Hacking: Protect Thyself and Thy WordPress Blog

WordPress Security Tips and TechniquesThe front page of CERT/CC, the Carnegie Mellon Software Engineering Institute and cyber security experts, looks back at 2008 as the 20th anniversary of the Morris worm, sometimes called the “Great Worm,” which crippled the Internet in 1988. Created by Robert Morris, now an associate professor at MIT, it was one of the first computer worms to infect the brand new Internet, exploiting known vulnerabilities and causing millions in damages. It also was the first conviction in the United States as part of the 1986 Computer Fraud and Abuse Act.

Years ago, a friend of mine worked for Boeing IT and taught many company workshops and training programs that began with an amusing lecture on “Safe Computer Sex.” She taught fellow employees to take care when flipping floppies to avoid transferring computer program infections across the network. How far we have come from those days.

As our dependence upon the web increased with email communication, spammers, hackers and attackers spread evil through your email inbox. Now, they are attacking our websites, social media tools, and web browsers.

Microsoft announced recently security issues with the Internet Explorer web browser and the dangers of visiting websites that could exploit that security vulnerability. Many warned to not use Internet Explorer until it was patched and updated.

Google created the Browser Security Handbook to help people and developers understand the security issues facing web browsers and the steps to take to protect individuals and web applications.

As mentioned in the last article in this series on web and blog security and hacking, Security and Hacking: The State of WordPress Blogs, WordPress, Movable Type, and other popular web services are not immune from security hacks or vulnerabilities. read more

Tags: , , , , , , , , , , , , , , , , ,

January 16, 2009

Security and Hacking: The State of WordPress Blogs

WordPress SecurityLast year, there was a lot of noise about WordPress being especially vulnerable to attacks and hacks. Not all of those reported hacks and wild fire assuptions about WordPress security were true.

In “SecurityFocus SQL Injection Bogus,” talked about one false report:

Online, apparently, it’s fine for someone to run into a crowded theatre and yell “fire” and the less basis there is in fact the more people link to them. It’s not uncommon to see crying-wolf reports like the above several times in a week, and a big part of what the WP security team is sifting through things to see what’s valid or not.

…All that said, there is a wave of attacks going around targeting old WordPress blogs, particularly those on the 2.1 or 2.2 branch. They’re exploiting problems that have been fixed for a year or more. This typically manifests itself through hidden spam being put on your site, either in the post or in a directory, and people notice when they get dropped from Google. (Google will drop your site if it contains links they consider spammy, you’ll remember this is one of the main reasons I came out against sponsored themes.)

“Sponsored” WordPress Themes were banned from the official WordPress Theme Directory due to inclusion of ads, spam, and malicious links in Themes offered for free, with a hidden price. WordPress Theme scams continue and WordPress users are warned repeatedly to be cautious about downloading and using WordPress Themes without careful inspection and testing.

In the last issue of this series on “Cyber Attacks on the Rise in 2009,” I covered the current spread of the Downadup Worm Infection that uses websites to spread its evil, impacting more than 3.5 million sites worldwide. Such attacks are becoming more rare, but hackers targeting blogs are growing in numbers and resourcefulness. We must be on our guard to protect our blogs more this year than ever before. read more

Tags: , , , , , , , ,

Downadup Worm Infection: Cyber Attacks on the Rise in 2009

SecurityFocus reports an estimated 3.5 million computers have been compromised due to a “Downadup worm,” a malicious bot that spreads through websites and blogs.

The Downadup worm, a malicious program that spreads using a recently patched Windows flaw, has compromised more than 3.5 million computers, security firm F-Secure stated this week.

The Downadup worm has successfully spread because it uses a major flaw that Microsoft patched in October to remotely compromise computers running unpatched versions of the Windows operating system. However, the malicious program’s greatest strength appears to be a feature that allows worm-controlled computers to download malicious code from a random drop point.

The program generates addresses for 250 different domains each day. The botnet controller need only register one of the domains and set up a download server to update the bot program with different functionality, said Mikko Hyppönen, chief research officer at F-Secure.

“The bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website, and they then gain access to all of the infected machines — pretty clever,” Hyppönen said in a blog post.

According to the report, the Downadup worm uses Windows XP’s vulnerability in processing remote procedure call (RPC) requests. While a patch was issued and warnings announced, not everyone has upgraded. The top countries hit by the MS08-067 Worms, as F-Secure calls them, are China, Brazil, and Russia, but it is expected to spread further unless server administrators and webmasters update and patch their Windows Servers and Windows programs immediately, including Internet Explorer.

ZD-Net Security Threats reports that the first sign of infection is usually found when users accounts cannot access their accounts and they are locked out of the Active Directory domain as the worm tries to crack passwords in Windows Servers.

Tracking the Downadup infection, F-Secure reported that reports of infections are up by more than one million within just one day, and growing. As last check, they estimate 3,521,230 infections worldwide. read more

Tags: , , , , , , , , , , , , , , , , , , , ,

December 26, 2008

WordPress News: 650,000 WP 2.7 Downloads, BuddyPress, Theme Threat, Schwag, and More

WordPress 2.7 downloads now past 650,000. Poll out for WordPress 2.8 input. Possible WordPress Theme threat you need to know about. BuddyPress beta released. Imagine moving millions of Typepad blogs to WordPress? Want some WordPress schwag? WordCamps coming up in January – are you going to a WordCamp near you? And if the weather permits, and electricity holds, we’ve got more WordPress news for you!

WordPress News

Get Ready for WordPress 2.8: Already work is ongoing for WordPress 2.8 and WordPress wants your feedback. In “Prioritizing Features for WordPress 2.8,” Jane Wells invites people to take a poll on what are the top priorities WordPress developers should be putting their energy into. Currently, they are focused on WordPress Widget management, automatic Theme updates and installs, and performance improvements. The poll features the most popular features requests from the Ideas forum and more that the WordPress developers want to work on. Vote by noon on December 31 to have your say in what you want to see in WordPress 2.8.

Half-Million Downloads of WordPress 2.7 and Growing: Last week, there were 500,000 WordPress 2.7 Downloads and Miroslav Glavic caught the rollover of the counter. As I write this, there are now 654,434 downloads, moving fast for 1 million. Bets are on Twitter as to when one million downloads will be counted on the counter. There is now the WordPress Download Counter which adds a counter to your blog’s sidebar featuring the number of official WordPress version downloads from the WordPress Download Counter for WordPress fan blogs.

Friendster Moves Millions of Blogs from Typepad to WordPressMU: Matt Mullenweg and the WordPress Publisher Blog have switched “millions of blogs from Typepad to WordPress” to .

WordPress Theme Intruder Reported: A lot of people are reporting notifications from their web hosts regarding the remv.php file creating malicious behavior on your WordPress blog. Jason Cosper offers a good step-by-step tutorial and Ronald Davies has a video tutorial on how to remove this malicious file from your WordPress Theme folder. After removal of the file from your server via FTP, update your site immediately to WordPress 2.7. For more information, see these discussions on the WordPress Support Forums: Blog hacked, host said to upgrade and WTF is remv.php in wp-content/themes folder. read more

Tags: , , , , , , , , , , , ,