McAfee calls Jessica Biel the most…dangerous celebrity? I wonder how she would respond to that one. Well, it appears that she is one of the most heavily searched for actresses on the tubes.
From CTV:
Security technology company McAfee Inc. on Tuesday reported that searches for the 27-year-old actress are more likely to lead to online threats such as spyware and viruses than searches for any other celebrity.
McAfee said fans searching for the actress have a one-in-five chance of ending up at a website designed to damage one’s computer. Its the third annual report on the subject from McAfee, which last year found that Brad Pitt was the “most dangerous” celeb online.
No word at press time from Brad Pitt’s people as to his frame of mind, having learned that he had lost the coveted title to Ms. Biel.
Here’s an interesting run down of the “top ten” botnets according to their respective size and amount of activity.
From Network World:
Botnet attacks are increasing, as cybercrime gangs use compromised computers to send spam, steal personal data, perpetrate click fraud and clobber Web sites in denial-of-service attacks. Here’s a list of America’s 10 most wanted botnets, based on an estimate by security firm Damballa of botnet size and activity in the United States.
But, how many of them are thoroughly pwned by the Secret Service?
For the full list read on.
Twitter had a rough Easter weekend. The little blue bird (and its friend the fail whale) came down with a case of worms this weekend.
Ouch.
From ReadWriteWeb:
Just hours after Twitter began removing the first cross-site scripting vulnerability that hit its site this weekend, a new modified strain has been found, and according to F-Secure, it’s not the last one we’re likely to see over the next few days.
“This is not over. There’s going to be quite a few modified Twitter worms for a day or two. Be careful in Twitter, don’t view profiles, don’t follow links. It’s beautiful outside, maybe go for a walk instead?” Mikko said on the F-Secure blog earlier today.
According to Breaking News, Mikeyy Mooney, the 17 year-old owner of StalkDaily.com, has reportedly admitted responsibility for yesterday’s attack.
The odd thing was that a complete fix was not the mode of repair but, from all reports the approach was a piecemeal one. Odd. So, variants of the worm were able to propagate simply by obfuscating the code.
Blargh.
The part that amazes me is that the author of the worm put his hand up and said (paraphrase) “my bad”. Um, yeah.
The source code for the worm is published here and has lead to several versions causing trouble.
For the full article read on.
More from Mashable
Tags: Twitter, XSS Worm, Twitter Vulnerability
Ah, yes. I said that word, conficker. Well the loathsome malware made a foray into the networks a the University of Utah this week.
From AP:
University health sciences spokesman Chris Nelson said the outbreak of the Conficker worm, which can slow computers and steal personal information, was first detected Thursday. By Friday, the virus had infiltrated computers at the hospitals, medical school, and colleges of nursing, pharmacy and health.
Nelson says patient data and medical records have not been compromised.
“That’s secured in a much deeper way because of the implications,” he said.
Great to hear that the patient data wasn’t compromised but, that begs the question. How are they certain in such a short space of time since the infection was detected? University staff went so far as to disable internet access for six hours to help combat the outbreak.
For the full article read on.
Amidst all the press on the impending doom of the Conficker worm it was interesting to note that one infection had an other worldly feel to it.
Part of the current ISS mission is to delve into the workings or germs and how they behave in space,
Germs are virtually everywhere on Earth and it’s natural that they would stow away for the ride into space when humans go there. New NASA research shows some of those germs, or microbes, are more infectious after spending time in “zero-gravity.”
According to reports from NASA that the International Space Station (ISS) has developed an infection of its own. The Conficker worm which has received more than its share of media attention apparently was introduced to the system some time ago and has only now become active. The downside to the infection is that it has found a host in the ISS oxygen management system. At this point there is only a remote chance that they will have to abandon the platform.
For more on this story please head over to the press release at NASA.gov
Well, it appears that the malicious software, Conflicker, managed to work its way into the halls of the UK Parliament.
From The Register:
The House of Commons IT systems has reportedly been infected by the infamous Conficker superworm, which has previously infected millions of Windows PCs and affected the operation of hospitals, military and large corporate systems.
Political blog Dizzy Thinks first reported that a memo (below) sent out to parliamentary IT network users on Tuesday night warned that Conficker had disrupted the operation of parliamentary systems.
The infection has reportedly prompted a clean-up operation as well as a temporary ban on the use of mass storage devices, including MP3 players, on parliamentary systems.
For a full reprint of the memo follow the link below to the story on the Reg.
(thx Quine)
An ominous thought. An even more unsettling mental picture. But, are you or your corporate systems now enlisted in one of the largest recorded botnets?
From Computer World:
Early Wednesday, Helsinki, Finland-based security firm F-Secure Corp. estimated that 3.5 million PCs have been compromised by the “Downadup” worm, an increase of more than 1.1 million since Tuesday.
OK, that is a substantial number by any analysis. Back in October Microsoft released an out of cycle patch to address the problem in the Windows Server service that, at the time, was part of “limited targeted attacks”. And Marc Maiffret said at the time, “The reality is that bad guys do not like worms because they cause more people to patch.”
Well, that appears now to no longer be the case for some malicious types.
From F-Secure:
Downadup worms attempt to call home.
They do this by trying to connect to various Web addresses. And if the worm finds an active Web server at one of these domains, it will download and run a particular executable — thus giving the malware gang a free hand to do whatever they want with all of the infected machines.
They could build a large botnet for example. The framework is in place.
Normally malware uses only one or maybe a handful of websites. Such sites are generally easy to locate and shut down.
Then there is Downadup. It uses a complicated algorithm which changes daily and is based on timestamps from public websites such as Google.com and Baidu.com. With this algorithm, the worm generates many possible domain names every day.
Hundreds of names such as: qimkwaify .ws, mphtfrxs .net, gxjofpj .ws, imctaef .cc, and hcweu .org.
This makes it impossible and/or impractical for us good guys to shut them all down — most of them are never registered in the first place.
However, the bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website — and they then gain access to all of the infected machines. Pretty clever.
Now with the escalating spread one can only wonder, what is afoot? Not like anything major is going to be in the news tomorrow.
Is there?
A touch sensational as headlines go but, not nearly anywhere near as sexy as it might seem. It turns out that the perennial favourite, the malware infected digital picture frame, has struck again. This happens enough nowadays to qualify as a bad joke.
Apparently,
An Amazon.com customer posted the warning a week ago to the online retailer’s user forum. It its note to customers, Amazon.com noted that a Samsung advisory had been issued for the SPF-85H, an 8-in. digital photo frame that Amazon sold for approximately $150 starting in October.
The Samsung SPF-85H is no longer available on Amazon.com.
“We have recently learned that Samsung has issued an alert… our records indicate that you have purchased one of the digital photo frames through the Amazon.com website and are therefore affected by this alert,” said Amazon in the note.
The root of the problem was malware that was resident on the accompanying CD. There was no explanation from the frame vendor, Samsung, as to how the malware came to be on the CD.
One pretty picture frame…and you’re done.
Read the full story over on Network World.
Macs are vulnerable to malware? Say it ain’t so! (ok, in case it was missed I’m being sarcastic)
From Washington Post:
In a notable shift, Apple is now recommending that Mac users install anti-virus software to help users secure their systems.
In a technical note quietly published to its support site on Nov. 21, Apple issued the following advice:
“Apple encourages the widespread use of multiple anti-virus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.”
This is news to me. Just under three months ago, I asked an employee at our local Apple store whether I needed anti-virus for my MacBook, and was told not to bother, that it was not necessary.
Even if it was nothing more than a malware that happened to be stored on a Mac its enough to warrant a check. Antivirus software is not the ‘be all’ but, it’s a damn sight better than none at all. The fact that Apple has suggested the use is just prudence. No operating system is 100% secure and they won’t be any time soon.
I had a similar encounter to Brian Krebs, when I got my Macbook, with an Apple store employee where I was told that “antivirus isn’t necessary on a Mac”. Hmm.
So, you can look at it like this. You can use security on your systems or you can drink the $VENDOR koolaid of your choice.
Social media as an attack vector is not a stretch. A group of researchers from Greece have created a tool that can be used to attack users.
From vnunet:
In a paper entitled Antisocial Networks (PDF) the researchers demonstrated an application that causes Facebook users to unknowingly participate in denial-of-service (DoS) attacks against other sites.
The ‘Facebot’ tool was disguised as a National Geographic ‘picture of the day’ application which users install into their Facebook profile page, thus allowing it to access account information and request new photos.
This type of thing has been discussed for a while in the media and with talks such as Shawn Moyer and Nathan Hamiel’s “Satan is on my friends list” at Black Hat last month.
Not entirely new on the face of it but, interesting nonetheless.
