By Jon Swartz and Byron Acohido, USA TODAY

SAN FRANCISCO

Tainted Web pages first appeared in late 2005. Now, they’re turning up as Google advertising links, on Wikipedia and elsewhere, “from top-tier names to mom and pop bakery shops,” says Dan Hubbard, vice president of security research at Websense.

full story here

When we last wrote about the Storm Worm in September, Heise Security had noted that the growing botnet had not yet been used for much, but could be a threat in the future. “[A]lthough the network has so far been primarily used to send spam, it could also be used for DDoS attacks on businesses or even countries,” said Heise. Since then, Heise’s prediction has come true; the worm now attacks those who publish new information on the inner workings of the worm. Researchers are allegedly “running scared” from the worm, which seemingly has a sentient ability to detect and attack whoever threatens it.

IBM/ISS host-protection architect Josh Korman told Interop New York conference attendees this week that the worm has the ability to see who is probing its servers and launch a DDoS attack on that IP as retaliation. As a result, some researchers are afraid to publish any of their findings about the worm for fear of even harsher retaliation. “As you try to investigate [Storm], it knows, and it punishes,” Korman said, as recounted by Network World. “It fights back.”

Since its inception early this year, the Storm Worm has been spreading like wildfire. It first came as spam e-mail and claimed to provide information on storms going on in Europe, but soon began to morph into many different forms—presumably to avoid easy tracking. In almost every instance, the worm sent spam that contained a link, which would then infect the user’s computer in order to send more spam. It appeared as if the worm’s only purpose was to get as many computers as possible as part of its massive botnet, which (as we now know) is used to launch DDoS attacks.

There has been some level of debate over just how serious the Storm Worm’s threat really is, and whether the botnet is as big as some researchers claim. Some had estimated that up to 15 million computers had become part of the Storm Worm’s botnet, but others disagree, citing numbers in the hundreds of thousands. Detractors also point out that awareness of the worm allowed antivirus and malware-removal programs to target the worm in recent months, cutting down the number of infected computers even further. Indeed, Microsoft’s anti-malware team added the Storm Worm to its Malicious Software Removal Tool on September 11th. That update was pushed out to millions of Windows users and eliminated many infected nodes almost overnight.

story here

Changes to some variants may mean the Trojan’s creators are ’selling’ compromised systems to spammers.
The hackers behind the pernicious, persistent Storm Trojan are getting ready to slice off pieces of the botnet created by their malware so that they can “sell” the compromised computers to spammers and denial-of-service attackers, a researcher said Tuesday.
That’s the most likely explanation for the encryption added to secure the command-and-control traffic between the bot herder and some bots, said Joe Stewart, a senior security researcher at SecureWorks Inc. According to Stewart, who has closely tracked Storm since its debut in January, the newest variants include a 40-byte key that encrypts the command traffic. Unlike other bot-building Trojans, Storm uses peer-to-peer (P2P) rather than IRC (Internet Relay Chat) to receive commands, a tactic that has made its bots harder to take down.
“One possibility is that they’re splitting [the botnet] and selling off individual botnets to spammers,” said Stewart. “If they’re going to sell, they need to have it so each botnet is on a separate network. The easiest way to do that is to scramble the peer-to-peer Overnet traffic.”
If Stewart is right and the people responsible for Storm are getting ready to cash in, it would be a first. Until now, Storm has busied itself only with spreading more copies to uninfected PCs, and with several pump-and-dump stock-scam spam campaigns. There’s no evidence that the botnet has been rented out or sold before, said Stewart.
“This could be a precursor to selling Storm to other spammers, as an end-to-end spam botnet system, complete with fast-flux DNS [domain name system] and hosting capabilities,” Steward said. “If that’s the case, we might see a lot more of Storm in the future.”
Stewart, who characterized the new encryption used by Storm as “not strong,” said that the addition would actually help security researchers in the long run: It should be easier to separate the command-and-control from the rest of the Overnet P2P traffic. “It makes it a little easier. We should be able to tell at a glance whether the traffic is coming from a Storm node or an eDonkey [P2P] client.

full story

In the latest round of hysteria to be written about Windows Vista, Don Reisinger regurgitates the usual hysteria about Windows Vista mixed in with a pinch of facts here and there. Don spouts off the usual nonsense about sales, UAC, and even DRM. Despite the fact that bashing Vista is quite the popular sport these days, I’m going to see if I can set him straight with an honest and factual assessment of Windows Vista.

Are Vista sales really poor?
Everyone knows that Windows Vista retail box sales are poor, but does that matter when Microsoft relies overwhelmingly on sales to OEM PC makers? If you focus only on the retail box sales, you’re missing the real picture because Vista has sold more than 60 million licenses and ~78% of those sales are Vista Premium edition. Don complains about Windows Vista Ultimate edition and I actually agree with him that it’s overpriced and under delivers but Microsoft doesn’t need to “save itself” if Vista Ultimate fails, more like an “oh well”.

Does it matter if a few people revert to XP?
Even if a whopping 20% of computer buyers downgrade and revert to Windows XP for whatever reason, that still leaves 80% who stay with Windows Vista. That means hardware makers and ISVs (Independent Software Vendors) have to deal with Windows Vista now or later whether they like it or not if they want to stay in business. The fact that 60 million copies were sold in the first 6 months since launch pretty much confirms Vista will become the dominant OS by default.

How about Vista drivers?
There are no questions about it, a fair number of Vista drivers during the first 2 months stunk badly. Vista implements a brand new driver model which offers a little more separation between the driver and the kernel so that a bad driver is less likely to crash the entire system. The price for this is that there is a brand new learning curve and it took a few months for the hardware companies to get it right. For the most part, everything is working well but there are still some older devices that don’t have drivers and will never get drivers for Windows Vista and much of that is because the hardware vendors want you to buy new hardware. finish article here

BOSTON – A few weeks ago Candace Locklear’s office computer quietly started sending out dozens of instant messages with photos attached that were infected with malicious software.

She was sitting at her desk, with no sign that the messaging software was active. By the time she figured out what was going on, several friends and colleagues had opened the attachments and infected their computers.

It took eight hours for a technician to clean up her computer. But because the malicious software worked so secretly, she’s still not convinced that all’s clear.

“I’d like to think that it’s gone. But I just don’t know,” said Locklear, 40, a publicist in San Francisco. “That’s what is so frustrating.”

Computer security experts estimate that tens of millions of personal computers are infected with malicious software like the one that attacked Locklear’s machine. Such programs, generally classified as malware, attack companies along with consumers.

Some are keyloggers, recording every key stroke that the user enters—sending valuable bank account information, passwords and credit card numbers to hackers.

In July, hackers used keylogging software to gather passwords to databases at the U.S. Department of Transportation, consulting firm Booz Allen, Hewlett-Packard Co and satellite network company Hughes Network Systems, according to British Internet security software maker Prevx Inc.

And other malware programs turn PCs into “zombies,” literally giving hackers full control over the machine. The zombies can be instructed to act as servers, sending out tens of thousands of spam emails promoting counterfeit medications, luxury watches or penny stocks without the PC owner ever knowing about it.

The computer that controls the zombies—known as the command and control center—is able to change the text of the spam depending on what his or her customer wants to sell

full story here

The authors behind a specific strain of malware are trying every trick in the book to get users to succumb to their ill-meaning plans. You name it, they’ve used it: weather news, personal greetings, reports that Saddam Hussein is still alive, reports that Fidel Castro is dead, sexy women, YouTube, and even blogs. The group seems hellbent on creating the largest botnet to date, and they just might do it.

The “Zhelatin gang”—named after the trojan it installed—was responsible for what started out as the “storm worm.” First spotted earlier this year, the spread of the “storm worm” started via e-mails purporting to provide information on some dangerous storms in Europe at the close of January. Users who fell for it were directed to a web site containing malicious code aimed at turning Windows PCs into spam bots. finish story here

Nobody is a stranger to messages from wealthy folks in Nigeria offering millions of dollars, and we all know that if we need information on Viagra or penny stocks, all we have to do is check our inboxes. Of course, those e-mails are just trash, and we all delete them, right? Well, not according to a recent survey sponsored by Microsoft.

The May 2007 survey, which included 2,482 American adults, revealed that 17 percent of U.S. adults have fallen victim to an Internet scam. Worse yet, 81 percent of the victims admitted that they were at fault by opening e-mails or sending information to companies that seemed legitimate just because they had professional logos or recognizable names. With all of the anti-virus software pre-packaged on new computers and firewalls built into operating systems, how is this still happening? full story here

Andreas Clementi, who runs the web site av-comparatives.org, has released his latest report that looks at how well antivirus programs do against threats that have not yet been identified and included in standard AV signatures. The test looked at 17 different products, including offerings from Symantec, McAfee, AVG, Kaspersky, and Microsoft, and tested how well releases dated February 2 (with no updates) fared against a swath of new malware—viruses, scripts, trojans, and other nasties—that were discovered between February 2 and May 2.

The winner of this antivirus sweepstakes was a product called Avira, which managed to detect and defeat 71 percent of the unknown malware. Right behind it was the equally-obscure NOD32, which swept away 68 percent of the threats. The more well-known commercial products fared more poorly. Norton Antivirus and McAfee tied at a mere 24 percent, while Microsoft’s OneCare did even worse by only identifying 18 percent of the new threats. Resting at the bottom of the barrel were Kaspersky and eScan at nine percent, and AVG, which detected only eight percent of malicious software in addition to producing many false positive.full story here

Research by Symantec and Indiana University (Bloomington) has discovered a new attack technique that could badly compromise home networks. They call it “drive-by pharming.”

In the attack, the user surfs a malicious Web page which, through a combination of Java and Javascript, determines the address and model of the network router. This turns out not to be that hard to do. Then, using a database of default usernames and passwords, it reprograms the router, which is typically done through a simple HTML form submission, to change the DNS server addresses for the network to one controlled by the attacker.

With the network now doing DNS resolution using a malicious server, high-quality and convincing phishing attacks become possible. When the browser points to “www.paypal.com” the attacker can use their own server and it will look completely legitimate, including the use of https.

Note that this attack is extremely easy to block: Just change the default administration password for your router. Sadly, many users don’t do this, but with drive-by pharming the arguments for changing the defaults become much more compelling. finish story here

There is mounting evidence that the cellular service companies are going to do whatever they can to kill Wi-Fi. After all, it is a huge long-term threat to them. We’ve seen that the route to success in America today is via public gullibility and general ignorance. And these cell-phone–service companies are no dummies.

The always-entertaining Pew Internet & American Life Project ran a survey, and the results show that 34 percent of Internet users have gone online with a Wi-Fi connection or one of those newly popular and overpriced cell-phone services. Two years ago, this number was 22 percent. Another factoid from the survey: 19 percent of all users have Wi-Fi in the home. This number was a mere 10 percent just one year ago. The last tidbit from the survey worth noting is that only 56 percent of the people who have PDAs that hook to the Internet have actually gone on the Net via their PDA. The same goes for the people who have cell phones with Internet capability; not much more than half have actually used it. full story here