Bad news for all those Macintosh users who smugly feel themselves above malware attacks. CNet has the story (although, I have to say, it’s a rather abbreviated post). Seems there are not just one, but two new attacks on the Macintosh operating system. Their full post, with links (but without their graphics, which are worth a look for worried Mac users): Security experts have discovered two new attacks targeting Mac users, a new version of a worm and a Trojan hidden inside a porn site. Sophos on Wednesday discovered a new version of the Mac OS X ... more

The dreaded worm Conficker is finally starting to live up to its reputation. Earlier, the worm which has infected millions of machines worldwide, had been running a scam to sell fake security software, but apparently the people behind the botnet have now started sending out garden-variety spam as well. From ZDNet News: The Conficker threat has a new twist, with the worm now reportedly installing a second mass-mailing virus that many know as Waledac. According to a report by Xinhua News Agency, Conficker-infected machines are now being turned into servers for e-mail spam. Quoting Vincent Weafer, vice president of ... more

Due to a teenager being bored over the Easter weekend, the fast-growing site Twitter was attacked by three separate worm attacks. While originally reported as a Conficker attack, it was later determined that it was actually created by a bored teenager up late at night, who was trying to drive traffic to his website. From Computerworld, the whole story: Twitter was hit with at least three different worm attacks that started Saturday and continued into Sunday, the micro-blogging service acknowledged as it promised users it would review its coding practices. Michael “Mikeyy” Mooney, the 17-year-old creator of the StalkDaily ... more

Good news for everyone who uses a computer — now there is a quick and easy way to check if your machine has been infected with the dreaded Conficker worm. This sounds too good to be true, but I have it on the best authority (leading Conficker researchers) that this actually works. Click on the following link: http://www.confickerworkinggroup.org/infection_test/cfeyechart.html …and it will load a simple graphics page on your browser. This “eye chart” (as they are calling it) gives you a quick graphic check on whether your machine is infected with any of the currently-known flavors of Conficker. Let the page load, and then compare the image at the top with the chart below to see the status of your computer. This easy-to-use tool can bring you peace of mind. Unless you have a Macintosh, of course, in which case you weren’t even worried in the first place. But for Windows-based computers, this quick test will allow you to verify the status of your machine in a very easy test, which takes seconds to perform. I highly recommend checking it out.

April Fool’s Day is approaching fast. And the security industry is biting their collective nails in nervous anticipation. Because Conficker may suprise everyone on this un-auspicious date. I don’t usually excerpt such long passages, but in this case I feel it is justified. From Gizmodo, a sober warning, with full details: It’s lurking in millions of PCs around the world. It’s incredibly sophisticated and resilient, with built-in p2p and digital code-signing technology. It revels in killing security software. On April 1, the Conficker worm will activate. The scariest thing about the Conficker worm is that literally millions ... more

Trend Labs is reporting on their blog that a new strain of the Koobface worm has been detected on Facebook. It directs the unsuspecting user to a fake YouTube page, where it directs you to download the latest Flash Player. But, of course, what gets downloaded instead is malware. Check out the full blog posting to see example screen shots, which show how sophisticated the sting is. From their post: Take a second look though, the link had taken me to a site supposedly hosting a video posted by the same person that I had received the ... more

A new version of the Conficker worm has been detected by SRI, and has been dubbed Conficker B++. The new version can update itself from a distributed network, rather than relying on (seemingly) randomly-generated domain names. This was necessary, since the code was reverse-engineered to the point where counterattacking it was possible by denying all of the domain names to the creators of the malware. That is no longer going to be an effective tactic to combat the new version, it seems. Details, from Daily Tech: Controllers of the infamous Conficker worm released another update recently, shifting ... more

There’s an astounding report in Computerworld where Finnish security firm F-Secure Corporation has just estimated that the Downadup worm has infected a total of 3.5 million computers — which represents an increase of over 1.1 million machines within 24 hours. From their report: “[W]e still consider this to be a conservative estimate,” said Sean Sullivan, a researcher at F-Secure, in an entry to the company’s Security Lab blog. Yesterday, F-Secure said the worm had infected an estimated 2.4 million machines. The worm, which several security companies have described as surging dramatically during the past few days, exploits a bug in ... more

OK, I have to admit, that headline just kind of wrote itself. But, while amusing, the facts behind the headline are not amusing in the least. An old worm attack has been born anew on the Facebook and MySpace sites, with devastating consequences. And that is nothing to joke about. From Wired magazine’s website: Attention new viewers: those 5000 “friends” you have on Facebook? They might not actually be your friends. In fact, some of them might be scammers trying to infect your computer with a new virus dubbed “Koobface”. Koobface, which already made the rounds on ... more

In a recent blog post, Robert Vamosi dissects the inner workings of the Storm worm botnet, after speaking with Joe Stewart from SecureWorks. This is a fascinating look into the development and evolution of one particular botnet, assumed to be running from somewhere in Russia. Before getting into highly technical analysis, Vamosi lays out the basic structure: A basic botnet would includes a Command and Control (C&C) server contacted to thousands of compromised desktop computers worldwide. Were that always the case, botnets could be taken down quickly by simply finding and shutting down the C&C server. Storm’s approach is ... more