July 16, 2009
There’s a new variant of W32.Koobface, a worm that was discovered in August last year, according to Symantec Security Response. It’s called called W32.Koobface.C.
It’s a good ol’ Twitter hijacker that is activated when a user inadvertently installs an “AntiVirus2008″ program.
Once hijacked, an infected Twitter account posts tweets in an attempt to infect more people. It’s usually a link to the malicious software with titles such as “my home video :)”, “watch my new private video! LOL :)” and “michaeljackson’ testament on youtube”. read more
Tags: malicious, symantec, Twitter, virus, worm
April 9, 2009
Over the past few months, I’ve been writing a lot about cyber crime and security vulnerabilities, especially as it impacts social media and blogs. The April 1, 2009, expansion of the Conficker/Downadup Worm Infection worried many as the 1 in 16 ratio of infected computers increased dramatically around the globe and attacks were aimed at social media services like MySpace, Facebook, and Twitter.
With the increase in cyber crime and security issues, and the growing profit found in cyber crimes, where do you go to report cyber crime if you find it or are a victim of it? read more
Tags: blog security, conficker, cyber-crime, cybercrime, downadup, featured, hacking, how to report cyber crime, how to report online crime, malicious, prevention, protection, report cyber crime, Security, security issues, security vulnerabilities, virus, worm
March 12, 2009
F-secure reports on security vulnerabilities with Adobe Reader and Foxit Reader for reading PDF files.
While this could be seen as another day-in-the-life update, the warning came with an interesting twist:
Do note that while we are recommending users move away from Adobe Reader, we are not recommending any particular replacement.
…Instead, we recommend users to find their own Adobe Reader replacement.
This way we get more heterogeneous userbase, which is a good idea security-wise. Nobody wants to repeat what happened with the great IE —> Firefox switch. As 40% of users switched to Firefox, about 40% of the attacks switched to target Firefox.
Monocultures are bad.
In the new world of online social, more and more people using the same tools, putting us all at risk as hackers and attackers move towards the natural migration of popularity. Monocultures are bad as they open the door to mass risks. read more
Tags: API, blog security, exploring social media, exploring social media tools, f-secure, Internet Security, Security, Social Media, social media tools, Twitter, virus, worm
January 21, 2009
As a quick update from the information in Downadup Worm Infection: Cyber Attacks on the Rise in 2009 and Security and Hacking: Protect Thyself and Thy WordPress Blog concerning the still spreading Downadup worm, ComputerWorld and others are reporting that the Downadup worm now infects 1 in every 16 PCs for an estimated current total of over 9 million infections.
It now has its own Wikipedia page called Conficker as the worm is also known as Downup, Downadup, Conficker, and Kido.
According to the Wikipedia article, the computer work first appeared in October 2008 but spread fast after the first of the year. It specifically targets Microsoft Windows and Windows Server services using Windows 2000, Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008. It has infected a few governments and hospitals, but mostly corporate computer networks.
On October 15, 2008 Microsoft released a patch to fix the bug. Heise Online estimated that it had infected 2.5 million PCs by January 15, 2009, while The Guardian estimated 3.5 million infected PCs. By January 16, 2009, an antivirus software vendor reported that Conficker had infected almost 9 million PCs making it one of the most widespread infections in recent times. Conficker is reported to be one of the largest botnets created because 30 percent of Windows computers do not have a Microsoft Windows patch released in October 2008.
The virus can spread through websites and USB drives, like flash drives, cameras, portable hard drives, and other USB connecting devices that trigger AutoRun, so Microsoft is recommending people upgrade their Windows programs and turn off AutoRun. read more
Tags: antivirus, blog security, conficker, downadup, downup, hackers, infection, kido, password, Security, virus, worm
January 16, 2009
SecurityFocus reports an estimated 3.5 million computers have been compromised due to a “Downadup worm,” a malicious bot that spreads through websites and blogs.
The Downadup worm, a malicious program that spreads using a recently patched Windows flaw, has compromised more than 3.5 million computers, security firm F-Secure stated this week.
The Downadup worm has successfully spread because it uses a major flaw that Microsoft patched in October to remotely compromise computers running unpatched versions of the Windows operating system. However, the malicious program’s greatest strength appears to be a feature that allows worm-controlled computers to download malicious code from a random drop point.
The program generates addresses for 250 different domains each day. The botnet controller need only register one of the domains and set up a download server to update the bot program with different functionality, said Mikko Hyppönen, chief research officer at F-Secure.
“The bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website, and they then gain access to all of the infected machines — pretty clever,” Hyppönen said in a blog post.
According to the report, the Downadup worm uses Windows XP’s vulnerability in processing remote procedure call (RPC) requests. While a patch was issued and warnings announced, not everyone has upgraded. The top countries hit by the MS08-067 Worms, as F-Secure calls them, are China, Brazil, and Russia, but it is expected to spread further unless server administrators and webmasters update and patch their Windows Servers and Windows programs immediately, including Internet Explorer.
ZD-Net Security Threats reports that the first sign of infection is usually found when users accounts cannot access their accounts and they are locked out of the Active Directory domain as the worm tries to crack passwords in Windows Servers.
Tracking the Downadup infection, F-Secure reported that reports of infections are up by more than one million within just one day, and growing. As last check, they estimate 3,521,230 infections worldwide. read more
Tags: alert, blog attacks, blog hacks, blog security, cyber-attack, cyber-crime, cyberattack, cybercrime, downadup, hacking blogs, infection, Internet Security, malware, prevention, protection, Security, security vulnerabilities, virus, warning, web browser, worm