January 21, 2009
As a quick update from the information in Downadup Worm Infection: Cyber Attacks on the Rise in 2009 and Security and Hacking: Protect Thyself and Thy WordPress Blog concerning the still spreading Downadup worm, ComputerWorld and others are reporting that the Downadup worm now infects 1 in every 16 PCs for an estimated current total of over 9 million infections.
It now has its own Wikipedia page called Conficker as the worm is also known as Downup, Downadup, Conficker, and Kido.
According to the Wikipedia article, the computer work first appeared in October 2008 but spread fast after the first of the year. It specifically targets Microsoft Windows and Windows Server services using Windows 2000, Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008. It has infected a few governments and hospitals, but mostly corporate computer networks.
On October 15, 2008 Microsoft released a patch to fix the bug. Heise Online estimated that it had infected 2.5 million PCs by January 15, 2009, while The Guardian estimated 3.5 million infected PCs. By January 16, 2009, an antivirus software vendor reported that Conficker had infected almost 9 million PCs making it one of the most widespread infections in recent times. Conficker is reported to be one of the largest botnets created because 30 percent of Windows computers do not have a Microsoft Windows patch released in October 2008.
The virus can spread through websites and USB drives, like flash drives, cameras, portable hard drives, and other USB connecting devices that trigger AutoRun, so Microsoft is recommending people upgrade their Windows programs and turn off AutoRun. read more
Tags: antivirus, blog security, conficker, downadup, downup, hackers, infection, kido, password, Security, virus, worm
January 19, 2009
The front page of CERT/CC, the Carnegie Mellon Software Engineering Institute and cyber security experts, looks back at 2008 as the 20th anniversary of the Morris worm, sometimes called the “Great Worm,” which crippled the Internet in 1988. Created by Robert Morris, now an associate professor at MIT, it was one of the first computer worms to infect the brand new Internet, exploiting known vulnerabilities and causing millions in damages. It also was the first conviction in the United States as part of the 1986 Computer Fraud and Abuse Act.
Years ago, a friend of mine worked for Boeing IT and taught many company workshops and training programs that began with an amusing lecture on “Safe Computer Sex.” She taught fellow employees to take care when flipping floppies to avoid transferring computer program infections across the network. How far we have come from those days.
As our dependence upon the web increased with email communication, spammers, hackers and attackers spread evil through your email inbox. Now, they are attacking our websites, social media tools, and web browsers.
Microsoft announced recently security issues with the Internet Explorer web browser and the dangers of visiting websites that could exploit that security vulnerability. Many warned to not use Internet Explorer until it was patched and updated.
Google created the Browser Security Handbook to help people and developers understand the security issues facing web browsers and the steps to take to protect individuals and web applications.
As mentioned in the last article in this series on web and blog security and hacking, Security and Hacking: The State of WordPress Blogs, WordPress, Movable Type, and other popular web services are not immune from security hacks or vulnerabilities. read more
Tags: blog hackers, blog security, blog vulnerabilities, hack, hackers, protect your wordpress blog, Security, security issues, security news, security vulnerabilities, upgrade, WordPress, wordpress hackers, wordpress news, wordpress plugins, wordpress security, wordpress themes, wordpress upgrade
January 16, 2009
SecurityFocus reports an estimated 3.5 million computers have been compromised due to a “Downadup worm,” a malicious bot that spreads through websites and blogs.
The Downadup worm, a malicious program that spreads using a recently patched Windows flaw, has compromised more than 3.5 million computers, security firm F-Secure stated this week.
The Downadup worm has successfully spread because it uses a major flaw that Microsoft patched in October to remotely compromise computers running unpatched versions of the Windows operating system. However, the malicious program’s greatest strength appears to be a feature that allows worm-controlled computers to download malicious code from a random drop point.
The program generates addresses for 250 different domains each day. The botnet controller need only register one of the domains and set up a download server to update the bot program with different functionality, said Mikko Hyppönen, chief research officer at F-Secure.
“The bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website, and they then gain access to all of the infected machines — pretty clever,” Hyppönen said in a blog post.
According to the report, the Downadup worm uses Windows XP’s vulnerability in processing remote procedure call (RPC) requests. While a patch was issued and warnings announced, not everyone has upgraded. The top countries hit by the MS08-067 Worms, as F-Secure calls them, are China, Brazil, and Russia, but it is expected to spread further unless server administrators and webmasters update and patch their Windows Servers and Windows programs immediately, including Internet Explorer.
ZD-Net Security Threats reports that the first sign of infection is usually found when users accounts cannot access their accounts and they are locked out of the Active Directory domain as the worm tries to crack passwords in Windows Servers.
Tracking the Downadup infection, F-Secure reported that reports of infections are up by more than one million within just one day, and growing. As last check, they estimate 3,521,230 infections worldwide. read more
Tags: alert, blog attacks, blog hacks, blog security, cyber-attack, cyber-crime, cyberattack, cybercrime, downadup, hacking blogs, infection, Internet Security, malware, prevention, protection, Security, security vulnerabilities, virus, warning, web browser, worm
December 8, 2008
Happy Monday, folks! I’m sure by now you’ve heard the big news: Six Apart bought Pownce. The Pownce team will join 6A, and the Pownce service will shut down. It’s a shame they’re closing the site — it had some really nice features. Hopefully, we’ll see some of those social networking and microblogging features show up in a future version of Movable Type.
Speaking of MT versions, MT 4.23 — the security fix that I told you was coming over a month ago — has finally been released. This is just a security fix, so it should be an easy upgrade. If you’re using the community templates, though, you will need to update those. read more
Tags: email, IM, Movable Type, Movable Type Monday, plugins, Pownce, Security, SMS, Themes, Twitter
October 27, 2008
Happy Monday, folks! We told you last time about this being Movable Type’s 7th birthday. The celebration concludes this week with a huge party at MT HQ. If you’re going to be in San Francisco, don’t miss it.
But before the party starts, we’ve got work to do. On with the MT news!
October 24, 2008
A new version of WordPress is available, version 2.6.3. It is a security release to fix a vulnerability reported in the Snoopy library, which WordPress uses to fetch the feeds you see in the Dashboard. It doesn’t seem to be very serious flaw, and you don’t have to download the full release if you’re running 2.6.4, you can just get the two files needed. Links in the dev blog post, and the full 2.6.3 release is available on the download page now.
Tags: blog platform, release, Security, WordPress
October 20, 2008
If you’re running WordPress 2.1.1 on your blog, and are using Google Webmaster Tools, you might get a security warning from Google. They are conducting a test to warn publishers if your publishing platform of choice is vulnerable to hacking, and WordPress 2.1.1 is just that, and also the test platform of choice. Should the test be successful, Google will expand this service to more platforms and versions in the future.
This is good, because it creates even more awareness to the need for upgrading to safer versions, not matter what CMS you’re using. Read more on the Official Google Webmaster Central blog. Hat tip to Quick Online Tips.
Tags: CMS, Google, Google Webmaster Central, Security, WordPress
October 7, 2008
With the line between a legit blog and scam blog getting harder to detect, how do you really know when the blog you are reading is a scam blog? As part of this ongoing series on blog scams, we’ve covered how blog scams are growing and the impact on the economy and job market for stay-at-home workers. Learning to tell the difference between a legit blog and a scam blog is becoming more and more important as the work force moves online looking for jobs.
You begin the process of detection of a scam blog by checking the facts. I covered a lot of information previously on how to check the facts in:
Some of the sites I recommend you use to check your facts when it comes to the hoaxes, scams, and snake oil claims some blogs can make include: read more
Tags: blog safety, blog scams, fact check, fact checking, hoax, phishing, phishing scams, scam blog, scams, Security, snopes, splog, urban legend, webwatch
September 9, 2008
There’s a new version of WordPress out now, 2.6.2, which addresses a database issue as well as the weakness of mt_rand(). This is especially important if you accept registrations to your blog. Also, some bug fixes, but other than the MySQL/PHP issue mentioned, this is another one of those small security releases. Check out the release post for more, and download the new version as well.
Tags: MySQL, PHP, Security, upgrade, WordPress
August 27, 2008
Wired has the story of the latest major security hole on the internet, the routing protocol BGP:
Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.
The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.
The demonstration is only the latest attack to highlight fundamental security weaknesses in some of the internet’s core protocols. Those protocols were largely developed in the 1970s with the assumption that every node on the then-nascent network would be trustworthy. The world was reminded of the quaintness of that assumption in July, when researcher Dan Kaminsky disclosed a serious vulnerability in the DNS system. Experts say the new demonstration targets a potentially larger weakness.
Tags: BGP, Defcon, DHS, DNS, Internet Security, Security, Wired