Ad: Manage updates with the Download App
ie8 fix

botnets

Countdown to Conficker--a bust so far

This post will be updated continually to track activity on the Conficker worm, the latest variant of which had been expected to hit the Internet on April 1. For more background on Conficker, click here or read below.

April 1, 6:35 a.m. PDT: McAfee says its Avert Labs is seeing Conficker-infected hosts attempting to call their "master" to get instructions, but those calls are not getting through. "This could be deliberate and the infected hosts may try again later, perhaps over the weekend when people aren't watching as closely," McAfee spokesman Joris Evers … Read more

Conficker worm might originate in China

Updated at 9:13 p.m. PDT with information provided by BKIS stating that its free version of BKAV antivirus software can remove the worm from any infected computer.

There's been a lot of fuss about the Conficker worm. And here's the a $250,000 question: what is the origin of the virus?

$250,000 is the amount of money Microsoft is putting up as a reward for any information leading to an arrest related to the case. Folks at BKIS, a Vietnamese security firm that makes the BKAV antivirus software, announced Monday that they found clues that the virus may have originated in China. Previously, there were rumors that it might have been from Russia or Europe.

The firm's conclusion is based on its analysis of the virus' coding. It found that Conficker's code is closely related to that of the notorious Nimda, a virus that wreaked havoc on the Net and e-mail in 2001. At that time, BKIS determined that Nimda was made in China, based on the firm's own data.

It's important to note that the origin of Nimda was never verified. Though Nimda contained text indicating that it may have originated from China, that is in no way hard evidence. … Read more

BBC buys, uses botnet to show dangers to PCs

To demonstrate the threats from botnets, the BBC purchased a network of 22,000 infected computers, used it to spam its own e-mail accounts and for a denial-of-service test, and then left messages on the hijacked computers that they were infected.

The BBC's Click technology program said it acquired the "low value" botnet after visiting Internet chat rooms and used the network to spam a Gmail and Hotmail account it created for the spam test. It demonstrated the test in a video that accompanies a BBC article about the expose on Thursday.

The e-mail accounts received thousands … Read more

Conficker worm targets Southwest Airlines site

The Conficker worm, also known as Downadup, is targeting the Web site of Southwest Airlines and could disrupt online flight check-in and other services on March 13 as a result, security firm Sophos warned on Monday.

Mike Wood of SophosLabs Canada did some digging and found that the millions of computers infected with Conficker are programmed to contact wnsux.com, which redirects visitors to the main Southwest.com site, on March 13 to get instructions. That would cause a denial of service, shutting the site down temporarily, he wrote in a blog entry.

The worm is targeting about 7,750 … Read more

New antivirus software looks at behaviors, not signatures

It could be argued that security vendors are losing the battle with online scammers whose programs sneak onto computers and drop malicious programs, opening the computers up to remote attacks and turning them into zombies in botnet armies.

The problem is that most computers today rely on antivirus software that blocks malware by checking the code in a file against a database of signatures of known viruses. With thousands of new viruses arriving each day, many of them encrypted in part or otherwise disguised with modification, the signature lists require frequent updates and many new viruses slip through undetected.

As … Read more

Microsoft offers $250,000 reward for Conficker arrest

Correction, 1:08 p.m. PST: This story initially misstated the amount of the reward. It is $250,000.

Microsoft on Thursday said it is offering a $250,000 reward for information that leads to the arrest and conviction of whoever is responsible for creating the Conficker Internet worm that has infected millions of PCs.

Microsoft said it is offering the reward because the worm constitutes a "criminal attack" and offering compensation should hasten prosecution. Residents of any country are eligible for the reward and should contact their international law enforcement authorities, the company said in a statement. … Read more

Conficker spreads as Waledec delivers mal-entine

Security experts are tracking two computer worms that have infected millions of PCs and are creating botnets that can be awakened at any time.

More than 9 million computers have already been infected with the Conficker, or Downadup, worm that spreads via a hole on unpatched Windows machines (Microsoft issued an emergency patch to plug the hole in October), by USB devices and other removable storage devices, and can use a built-in password cracker to guess weak network passwords.

Infected machines send an alert back to a host machine, providing location and other information about the infected machine, and attempt … Read more

Buzz Out Loud 890: Mad Molly Mondays

Yahoo's got a new chief, AT&T is spamming Idol fans and non-Idol fans alike, and the Storm Worm has been cracked. That's all big news, but the biggest news comes from me at the end of the show. Be sure to listen all the way through. Listen now: Download today's podcast Episode 890

Yahoo names new chief executive http://news.bbc.co.uk/2/hi/business/7827518.stm http://news.cnet.com/8301-1001_3-10142085-92.html http://news.cnet.com/8301-1023_3-10142275-93.html http://www.paidcontent.org/entry/419-yahoo-react-bartzs-selection-considered-safe-uninspiring/

AT&T spams 75 million users with ‘Idol’ … Read more

Study: DDoS attacks threaten ISP infrastructure

Internet service providers now spend most of their IT security resources detecting and mitigating distributed denial-of-service attacks, concludes a report from Arbor Networks.

The fourth edition of the Worldwide Infrastructure Security Report, released Tuesday, was based on how 70 lead security engineers responded to 90 questions. As in the previous three reports, ISPs reported attacks where their networks were overloaded with packets, what's called a distributed denial-of-service (DDoS) attack. However, this year, the ISPs indicated the attacks were not only larger in size but that most of them were stretching the upper limits of their security resources in order … Read more

Security expert talks Russian gangs, botnets

In February of 2005, a Miami man sued Bank of America for not adequately protecting him against a $90,000 fraudulent wire transfer to the Parex Bank in Latvia. Joe Lopez was the first online user to sue his financial institution for not protecting his assets from a computer hacker.

Lopez, owner of a computer and copier supply business, accused Bank of America of negligence and breach of contract for not alerting him in advance to the existence of a piece of malware known as "Coreflood" prior to April 6, 2004, when the alleged theft took place.

Shortly … Read more