Security & Privacy

With recent coverage in The New York Times, The Washington Post, and 60 Minutes, the sophisticated Conficker worm has become mainstream news. Yes, the underlying concepts may be a bit complex for John Q. Public, but I think this media attention is a great public service. Users need this type of education to better understand the risks associated with Internet connectivity.

Plenty of people have written detailed descriptions about what Conficker is, where it may have come from, and future potential damage. I prefer to focus on the relationship between Conficker and overall IT security. Given its properties, Conficker goes … Read more

Even worm creators write buggy software.

Once it infects a computer, the Conficker worm closes the hole in Windows that it used to get onto the system so no other malware can get in. This also makes it difficult for organizations to detect which computers have the legitimate Microsoft patch and which have the fake Conficker patch.

However, Conficker's "patch" has a weakness that can be used to distinguish between patched computers and infected computers that look patched, according to the nonprofit Honeynet Project.

Some of the researchers have released a proof-of-concept scanner that can be used … Read more

China is coming under scrutiny as the possible source of malicious software and Internet attacks directed at foreign governments and other institutions.

A pair of recent research reports have cast some light on shadowy online initiatives with roots in China. Completed separately, both reports--"Tracking GhostNet," from the Munk Centre for International Studies in Toronto, and "The snooping dragon," from the University of Cambridge Computer Laboratory--address the Chinese government's efforts to monitor the activities of the Dalai Lama and the governing of Tibet.

Asked about the reports, analysts in China say that such claims are … Read more

Updated at 9:13 p.m. PDT with information provided by BKIS stating that its free version of BKAV antivirus software can remove the worm from any infected computer.

There's been a lot of fuss about the Conficker worm. And here's the a $250,000 question: what is the origin of the virus?

$250,000 is the amount of money Microsoft is putting up as a reward for any information leading to an arrest related to the case. Folks at BKIS, a Vietnamese security firm that makes the BKAV antivirus software, announced Monday that they found clues that the virus may have originated in China. Previously, there were rumors that it might have been from Russia or Europe.

The firm's conclusion is based on its analysis of the virus' coding. It found that Conficker's code is closely related to that of the notorious Nimda, a virus that wreaked havoc on the Net and e-mail in 2001. At that time, BKIS determined that Nimda was made in China, based on the firm's own data.

It's important to note that the origin of Nimda was never verified. Though Nimda contained text indicating that it may have originated from China, that is in no way hard evidence. … Read more

Correction, April 1, 9:19 a.m. PDT: "60 Minutes" made a mistake in using a photograph in its story called "The Internet is Infected." The picture was described in the story as a group of young Russian computer hackers, which was inaccurate. The picture, provided to the CBS television news magazine by an Internet security company, had appeared on a Russian hacker magazine Web site.

The following is the updated, corrected transcript and video of the "60 Minutes" report on Internet viruses that aired Sunday.

The Internet is infected. Malicious computer hackers have … Read more

A correction was made to this story. Read below for details.

A decade ago there was no Facebook, no iPhone, and no Conficker. There was dial-up and AOL and a nasty virus called Melissa that ended up being the fastest spreading virus at the time.

CNET News talked to Dmitry Gryaznov, a senior research architect at McAfee Avert Labs who was among the researchers who worked to fight the Melissa outbreak and track down the creator.

Q: How was Melissa discovered? Gryaznov: Avert as a whole discovered it as did some of the competitors. It was submitted to us by … Read more

You'd think the British government would be up on the latest and greatest security practices, but apparently even officials there have their problems.

The U.K. parliament's computer network has been infected with the Conficker worm, according to the Dizzy Thinks blog.

In his own blog post, Trend Micro security researcher Rik Ferguson questioned the security practices that could have allowed Conficker onto such hallowed turf. "Dear Parliament, if you are having trouble cleaning this up, give us a call, we'll come and do it for nothing," he offers.

Below is the text of the … Read more

There's been lots of hype about the fact that the latest variant of the Conficker worm is set to start communicating with other computers on the Internet on April 1--like an April Fool's Day time bomb with some mysterious payload.

But security researchers say the reality is probably going to be more like what happened when the clocks on the world's computers turned to January 1, 2000, after lots of dire predictions about the so-called millennium bug. That is, not much at all.

"It doesn't mean we're going to see some large cyber event … Read more

The Conficker worm, also known as Downadup, is targeting the Web site of Southwest Airlines and could disrupt online flight check-in and other services on March 13 as a result, security firm Sophos warned on Monday.

Mike Wood of SophosLabs Canada did some digging and found that the millions of computers infected with Conficker are programmed to contact wnsux.com, which redirects visitors to the main Southwest.com site, on March 13 to get instructions. That would cause a denial of service, shutting the site down temporarily, he wrote in a blog entry.

The worm is targeting about 7,750 … Read more