Security & Privacy

Updated at 9 p.m. PDT with more details from a Symantec representative.

Symantec is investigating allegations that a call center in India leaked credit card numbers of its customers to someone who then sold them to BBC News reporters posing as criminals.

The security company has informed U.K. privacy authorities and attorneys general and officials in eight U.S. states and Puerto Rico of the allegations that three U.K. customers had credit card information leaked and that about 200 U.S. customers may have been affected because of interactions with the call center, Symantec spokesman Cris Paden … Read more

Let's assume you're on the receiving end of the worst April Fool's Day joke of 2009: your computer's been infected with the Conficker virus. It's a frustrating but not insurmountable problem. This guide will walk you through how to cleanse your computer and inoculate against other Conficker variants.

First off, make sure that you are actually infected. There aren't many warning signs, but a few will stand out if you know what to look for. One fast way to check is to try to visit any major security software publisher's Web site. If you've cleared your browser cache beforehand, and you can load the sites of Symantec, Eset, Avira, or AVG, you're clean because Conficker blocks access to them.

Another good litmus test is to check on the status and functionality of Windows services such as Automatic Updates, the Background Intelligent Transfer Service, Windows Defender, and Error Reporting Services. If any of those have been disabled without your consent, or if your account lockout policies have changed without approval, you might be infected. Other warning signs include unusually high traffic on your local area network, and domain controllers responding slowly to client requests.

If you're running an up-to-date virus scanner, it's unlikely you'll get infected unless you've configured your computer to not receive automatic Windows updates. Checking your list of installed updates for security update MS08-067 (KB 958644) is not recommended because the worm, alternatively known as Kido, Downup, or Downadup, fakes the patch job. … Read more

Hosting company GoGrid suffered a distributed denial-of-service attack Monday afternoon that affected approximately half of its thousands of customers, co-founder David Hecht said on Tuesday.

The DDoS attack hit Monday afternoon, slowing customers' Web sites, creating latency issues, and making clients' Web sites inaccessible, Hecht said.

Although GoGrid was able to stabilize the situation by late Monday afternoon, getting most of its customers' sites back online, the company faced a decision whether to stay on course with a scheduled maintenance later that night or reschedule for another date.

The maintenance, which required GoGrid to take its portal down and troubleshoot … Read more

Correction 2:19 p.m. PDT: An earlier version of this story and its headline significantly mischaracterized a key metric used in the IC3 report. The overall finding of the report was that complaints regarding Internet-related crimes rose 33 percent in 2008.

Complaints of Internet-related crimes soared 33 percent last year, countering two years of consecutive declines, according to a report released Monday by the Internet Crime Complaint Center (IC3).

The IC3 Web site received 275,284 complaints last year, up from 206,884 the previous year. The organization referred 72,940 of those 2008 complaints to federal, state, and … Read more

It has taken spammers only four months to get their botnets back up after hosting company McColo Corp. was shut down, according to statistics due to be released on Tuesday from Google's Postini e-mail security provider.

Spam volumes dropped as much as 70 percent or 80 percent overnight when San Jose, Calif.-based McColo was shut down on November 11, 2008. McColo was hosting command and control servers that were being used to send instructions--like send spam or Trojans--to bot software planted on PCs, mostly in the U.S.

By the second half of March, seven-day average spam volume … Read more

With recent coverage in The New York Times, The Washington Post, and 60 Minutes, the sophisticated Conficker worm has become mainstream news. Yes, the underlying concepts may be a bit complex for John Q. Public, but I think this media attention is a great public service. Users need this type of education to better understand the risks associated with Internet connectivity.

Plenty of people have written detailed descriptions about what Conficker is, where it may have come from, and future potential damage. I prefer to focus on the relationship between Conficker and overall IT security. Given its properties, Conficker goes … Read more

Credit card information of 19,000 British Web surfers was exposed on Google search before being removed, according to a report this weekend.

It is unclear exactly when and for how long the information was available to Google searchers, although most of the cards had been canceled, The Telegraph reported the UK payments association APACS as saying. Visible were names, addresses, and credit card data for thousands of people.

Originally, the data was posted on an unsecured server in Vietnam used by criminal gangs that was closed in February, the newspaper said. However, the "cached" version of it … Read more

Even worm creators write buggy software.

Once it infects a computer, the Conficker worm closes the hole in Windows that it used to get onto the system so no other malware can get in. This also makes it difficult for organizations to detect which computers have the legitimate Microsoft patch and which have the fake Conficker patch.

However, Conficker's "patch" has a weakness that can be used to distinguish between patched computers and infected computers that look patched, according to the nonprofit Honeynet Project.

Some of the researchers have released a proof-of-concept scanner that can be used … Read more

China is coming under scrutiny as the possible source of malicious software and Internet attacks directed at foreign governments and other institutions.

A pair of recent research reports have cast some light on shadowy online initiatives with roots in China. Completed separately, both reports--"Tracking GhostNet," from the Munk Centre for International Studies in Toronto, and "The snooping dragon," from the University of Cambridge Computer Laboratory--address the Chinese government's efforts to monitor the activities of the Dalai Lama and the governing of Tibet.

Asked about the reports, analysts in China say that such claims are … Read more