The Great Geek Manual News

Twitter has been given the all clear after a worm infected “tens of thousands of users”. But experts say the attack could have been much worse.

Over the weekend, a self-replicating computer program, or worm, began to infect profiles on the social network.

The worm was set up to promote a Twitter rival site, showing unwanted messages on infected user accounts.

Michael Mooney, a 17-year-old US student, told the Associated Press he created the worm to promote his site.

Mooney, who lives in Brooklyn, New York, said he wanted to expose vulnerabilities in Twitter. He told AP: “I really didn’t think it was going to get that much attention, but then I started to see all these stories about it and thought, ‘Oh, my God’.”

The worm worked by encouraging users to click on a link to the rival Twitter site, called StalkDaily.com.

Read the Entire Story…
Source: The BBC

The chaos predicted by some as the Conficker worm updates itself have so far failed to materialise.

There had been concerns that the worm could trigger poisoned machines to access personal files, send spam, clog networks or crash sites.

Many of the infected machines are based in Asia where there have been no reports of unusual PC behaviour.

Conficker is believed to have infected up to 15 million computers to date.

Those monitoring the progress of the worm as 1 April dawned around the globe said there was no evidence it was doing anything other than modifying itself to be harder to exterminate.

Read the Entire Story…
Source: The BBC

Against the backdrop of humming computers in the underground lab in Toronto’s Munk Centre for International Studies, a screen flickered, and the most politically explosive cyber-spy network in the world began to reveal itself.

It was March 6, 12:33 p.m., and Nart Villeneuve was getting frustrated. The 34-year-old international relations student and part-time tech geek had tried everything to track down a piece of malicious software that had infected computers around the world, including those in the offices of the Dalai Lama.

Finally, he turned to the ultimate hacker’s tool: He entered some of the code from those infected computers into Google. Just like that, he found one of the cyber-spy network’s control servers, then another, and another. From that Eureka moment came a flood of information, almost all of it suggesting the ring originated in China.

A team of Canadian researchers revealed this weekend a network, dubbed GhostNet, of more than 1,200 infected computers worldwide that includes such “high-value targets” as Indonesia’s Ministry of Foreign Affairs and the Indian Embassy in Kuwait, as well as a dozen computers in Canada.

Read the Entire Story…
Source: The Globe and Mail

Canadian researchers have uncovered a vast electronic spying operation that infiltrated computers and stole documents from government and private offices around the world, including those of the Dalai Lama, The New York Times reported on Saturday.

In a report provided to the newspaper, a team from the Munk Center for International Studies in Toronto said at least 1,295 computers in 103 countries had been breached in less than two years by the spy system, which it dubbed GhostNet.

Embassies, foreign ministries, government offices and the Dalai Lama’s Tibetan exile centers in India, Brussels, London and New York were among those infiltrated, said the researchers, who have detected computer espionage in the past.

Read the Entire Story…
Source: Reuters

The Conficker worm is scheduled to activate on April 1, and the unanswered question is: Will it prove to be the world’s biggest April Fool’s joke or is it the Information Age equivalent of Herman Kahn’s legendary 1962 treatise about nuclear war, “Thinking About the Unthinkable”?

Conficker is a program that is spread by exploiting several weaknesses in Microsoft’s Windows operating system. Various versions of the software have spread widely around the globe since October, mostly outside the United States because there are more unpatched, pirated Windows computers overseas. (The program does not infect Macintosh or Linux-based computers.)

An estimated 12 million or more machines have been infected. However, many have also been disinfected, so a precise census is difficult to obtain.

Read the Entire Story…
Source: New York Times Bit Blog

Surfers on the Internet are at increasing risk from governments and corporations tracking the sites they visit to build up a picture of their activities, the founder of the World Wide Web said on Friday.

Tim Berners-Lee, whose proposal for an information management system at the European Organization for Nuclear Research CERN 20 years ago led eventually to the World Wide Web, said tracking website visits in this way could build an incredibly detailed profile of who people are and their habits.

“That form of snooping I think is really important to avoid,” he told an anniversary celebration at CERN.

Technology now being developed will make it easier to decide who can see material one posts on the Web, and in what circumstances. For instance people may not want prospective employers to see an album of holiday photos, he said.

Berners-Lee, a British software engineer who is now a professor at the Massachusetts Institute of Technology (MIT), said innovation on the World Wide Web was speeding up.

Read the Entire Story…
Source: Reuters

Netbook web surfers beware. That low-cost netbook you’re using could be a high-speed gateway into your life, bank accounts, passwords and other personal data.

Netbooks have made headlines since their 2007 launch, making PCs accessible to millions of non-traditional users. But their cheap cost could also carry a steep price tag due to lax security that makes them easier prey for viruses and hackers.

Since their introduction less than two years ago by Taiwan’s Asustek, nearly all major PC makers, including Hewlett-Packard, Dell, Acer and Lenovo, have jumped on the netbook bandwagon.

But their no frills nature, combined with low computing power and relative lack of sophistication among their users could combine to create the perfect storm for hackers and virus creators looking for easy targets, analysts say.

“The Internet is full of dangers, regardless of what computer you are using,” said Sam Yen, greater China marketing manager at anti-virus software maker Symantec.

Read the Entire Story…
Source: Reuters

Mozilla on Tuesday released an update to Firefox for Windows, Mac, and Linux that its developers said addresses several security and stability issues in the Web browser.

Version 3.0.6 fixes six bugs, the worst of which is a JavaScript issue affecting the browser’s layout engine that developers labeled as critical. The vulnerability, which also affects Mozilla’s Thunderbird e-mail client and SeaMonkey Internet Suite, could allow an attacker to run unauthorized code on exploited machines, Mozilla said.

The update improves how scripted commands, such as those included with Adblock Plus, work with plug-ins. It also addresses display issues, Mozilla said.

Read the Entire Story…
Source: CNet

The US Department of Justice (DOJ) has admitted that it has been sending phishing emails to its own employees in order to test their security awareness.

Over the last two weeks DOJ employees have been receiving emails from the ” Thrift Savings Plan Account Coordinator” asking them to input their login details by anuary 31st to get inofrmation about their 401k savings plans.

However, many people have recognised that this was a phishing email and began filling up email mailboxes with warnings about the bogus message. Now the DOJ has admitted that it was just a test of how security minded its staff are.

“We have learned that the messages are part of a hoax invented and distributed by DOJ to test employee security awareness,” said a memo was circulated by Ted Shelkey, assistant director for information systems security.

“The bailout Web site are not malicious. There is no need to distribute warning messages to colleagues and law enforcement contacts. Please delete all such messages and associated alerts.”

Read the Entire Story…
Source: iT News

In less than a week, two different forms of Trojan horses have invaded Macs whose users downloaded pirated copies of first Apple iWork 09 and now Adobe Photoshop CS4.

As of Monday morning, 21,000 people had downloaded the first Trojan horse in a pirated copy of iWork, according to Intego, a UK-based developer of privacy and security software for the Mac. The second Trojan horse in a pirated copy of Photoshop had been downloaded 5,000 times.

“If we extrapolate the total number, it is twice that,” said Peter James, a spokesperson for Intego. The company is warning Mac users to avoid downloading pirated software.

Security analyst Jose Nazario of Arbor Networks advised, “Pay for your software. It is not antivirus, it is not patch. There is no vulnerability other than your gullibility.”

Read the Entire Story…
Source: News Factor

A new variant of a worm that attacks Windows operating system has infected more than 3.5 million computers worldwide since October, according to anti-virus companies.

Helsinki-based F-Secure said the Conficker worm even infected one million PCs in just one day as the virus spreads through USB devices and Windows-run PCs that lack the patch MS08-067 issued by Microsoft in November.

Microsoft said most of the infected computers are in China, Brazil, Russia, and India.

The Conficker allows hackers to download files from a website. The worm enters the Windows system through the service.exe file and changes the Registry setting to activate itself. Once running, the worm generates hundreds of different domain names every day and one of these will be used by the hacker to download files from. Because of the high number of websites, it is hard to detect the hacker’s website and stop the intrusion.

Microsoft said the MS08-067 patch can remove the Conficker and clean infected PCs. For PCs without a patch yet, Todd Hooper, CEO of network security vendor Napera Networks, advised isolating infected machines to prevent its spread on corporate networks.

Source: All Headline News

Britain’s Royal Navy reckons it rules the waves, but that doesn’t apply in cyberspace, and as proof, as many as 75% of its vessels may have been bitten by an electronic bug that’s chewed into communication systems.

Virus infections which have, “shut down ‘a small number’ of MoD systems, most notably including admin networks aboard Royal Navy warships,” says The Register.

NavyStar (N*) systems, based on a server cabinet and cable-networked PCs on each warship and used for purposes such as storekeeping, email and similar support functions, have been hit, says the story.

N* ship nets connect to wider networks by shore connection when vessels are in harbour and using satcomms when at sea, it says, pointing out the system is supplied by Fujitsu, “with most of the Navy’s fleet being equipped in the early years of the century”.

“N* is, “intended to stay in service, coming under the Defence Information Infrastructure now being rolled out,” it states. Weapons and navigational systems were unaffected by the computer virus, the BBC has an MoD spokesman saying, adding:

“He said personnel were able to use ‘welfare phone systems’ to contact family but would not comment on reports that 75% of the fleet was affected.”

Source: P2P Net

A worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users.

The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008.

Although Microsoft released a patch, it has gone on to infect 3.5m machines.

Experts warn this figure could be far higher and say users should have up-to-date anti-virus software and install Microsoft’s MS08-067 patch.

According to Microsoft, the worm works by searching for a Windows executable file called “services.exe” and then becomes part of that code.

It then copies itself into the Windows system folder as a random file of a type known as a “dll”. It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.

Once the worm is up and running, it creates an HTTP server, resets a machine’s System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker’s web site.

Read the Entire Story…
Source: The BBC

The trojan in question (Troj/Qhost-AC) identified by anti-virus company Sophos, is a rather unusual one. It doesn’t seem to install spyware or traditional malware, but instead blocks access to the two most popular BitTorrent sites.

One of its victims, who got the trojan from downloading a torrent from The Pirate Bay, contacted TorrentFreak. He told us: “I didn’t follow the well established rules of downloading. It was a file with a low number of seeds, many leechers and no comments. I’ve downloaded the file and didn’t visit the torrent page again to view if there were any negative comments.”

It turned out that the trojan originated from a keygen supplied with a copy of pirated software. Instead of generating a key, it modified the hosts file of the computer so that it redirects The Pirate Bay, Suprbay (The Pirate Bay forums) and Mininova to 127.0.0.1, which means that the sites never load.

Read the Entire Story…
Source: Torrent Freak