Conficker Worm: Not Finished Yet

Ian Paul

April 1 has come and gone, and the Internet has not disintegrated and no major cyber-attacks were reported. But Conficker still remains a threat. Now don't panic, this doesn't mean cyber-Armageddon could strike at any minute, it just means you need to make sure your computer is fully updated if it isn't already. Feel better? Good, then let's take a look at what's going on.

Why It Ain't Over Yet

The Conficker Working Group -- which is made up of 27 tech companies and agencies including AOL, F-Secure, Facebook, ICANN, Kaspersky, McAffee, Microsoft, Symantec -- says that Conficker, also known as Downup, Downadup, and Kido, is the largest worldwide computer infection since the SQL Slammer in 2003. The CWG estimates anywhere from 3 to 15 million computers are infected worldwide, and says 30 percent of Windows computers across the globe are not updated with the latest patches to protect against Conficker. The virus authors are also still at large and able to communicate with Conficker, although that capability has been significantly reduced.

Read More Here

A list of more than 8,000 user names and passwords for customers of Comcast, one of the nation’s largest Internet service providers, sat unprotected on the Web for the last two months.

Kevin Andreyo, an educational technology specialist in Reading, Pa., and a professor at Wilkes University, came across the list Monday on Scribd, a document-sharing Web site.

Mr. Andreyo was reading a recent article in PC World entitled “People Search Engines: They Know Your Dark Secrets… And Tell Anyone,” when he was inspired to find out what information about him was online. He searched for his own e-mail address on the search engine Pipl.

The list on Scribd was one of four results, and it also included his password, which was a riff on his love for a local sports team. Statistics on Scribd indicated that the list, which was uploaded by someone with the user name vuthanhan2004, had been viewed over 345 times and had been downloaded 27 times.

More Here

It would make 'one big badass botnet,' says Finnish security companyThe computer worm that exploits a months-old Windows bug has infected more than a million PCs in the past 24 hours, a security company said today.

Early Wednesday, Helsinki, Finland-based security firm F-Secure Corp. estimated that 3.5 million PCs have been compromised by the "Downadup" worm, an increase of more than 1.1 million since Tuesday.

"[And] we still consider this to be a conservative estimate," said Sean Sullivan, a researcher at F-Secure, in an entry to the company's Security Lab blog. Yesterday, F-Secure said the worm had infected an estimated 2.4 million machines.

The worm, which several security companies have described as surging dramatically during the past few days, exploits a bug in the Windows Server service used by all supported versions of Microsoft Corp.'s operating system, including Windows 2000, XP, Vista, Server 2003 and Server 2008.

More Here

By now, it's common knowledge that the ISP megalomaniac, Comcast, has finally disclosed exactly where its bandwidth cap is. While I had often thought that Comcast's cap was low enough to trap anybody that's ever used YouTube, it turns out that the cap has actually been placed at 250GB.

Let me begin by saying that, if my last two months of router logs are any indicator, I don't use 250GB of bandwidth in a full year's time.

Of course, Comcast's own explanation of their quota is still somewhat ambiguous - a certain number of photos or songs, without actually mentioning the size or bitrate of the media being downloaded. Are we talking the 64kbps-sort-of-music that can be streamed from band websites, or can I actually assume that I can download some ridiculously large number of songs at 256kbps from the Amazon music store? Is that millions of photos taken with camera phones, or millions of high-res pictures from NASA? I did a bit of math to try and figure it out while at the same time being slightly more descriptive. Not considering traffic overhead, 250GB will give you:

* 40 hours of ATSC 1080i-quality audio and video, assuming a 17.82Mbps ATSC channel
* 2840 hours of music from the Amazon MP3 store (assuming songs average five minutes, that's roughly 34000 songs)
* Just over four million photos from an average 0.3-megapixel cameraphone, with shots averaging 65k
* Just under 375,000 photos shot at the 1600x1200 "High-Quality" mode on a 3.3-megapixel Olympus C-3000Z, with shots averaging 700k
* 8500 standard-quality, ten-minute YouTube videos; even I don't know anyone with a YouTube addiction that's this bad
* And for those that frequently download Linux on DVDs: 67 copies of Ubuntu 8.10, 58 copies of openSuSE 11 or Mandriva 2008 Spring, or about thirteen copies of the entire Debian "main" repository

That's more than ample breathing room, I'd say, regardless of whether or not Comcast is being deceptive with their numbers. I normally transfer about 20GB a month, and as of late had tried to refrain from using streaming audio and video services just in case Comcast's barrier was something considerably lower; say, 50GB. Now that I know the real figure... Well, my bandwidth for today is already 2GB, since I've spent the day streaming the news feeds from both Fox and CNN while following Hurricane Gustav, downloading a 600mb ISO image, and then uploading that same image back to someone else (it's legal). In other words, I increased my bandwidth usage, which probably isn't exactly what Comcast had in mind...

Nothing can beat having a great Linux distro installed on a super-fast hard drive, with all your favourite apps configured just how you like them and all your files at your fingertips.

But this has one major drawback: perfect as your setup is, it's also just one machine, and sooner or later you'll be forced to leave that computer behind and use something else.

Something that might run Windows. Something that might not even have Firefox. Because no one likes being parted from their data for too long, we present a smarter option: store it all on a USB flash drive.

In older days, you were able to store Linux on a CD and use a flash drive just to save changes. After some advancements, you were able to run Linux straight from the flash drive, but it didn't store any changes you made. But the latest generation of Linux distros – namely Ubuntu 8.10 and Fedora 9 – have a memory overlay system that allows you to store your Linux distro and any changes you make to it on a single flash drive. Sure, you'll need at least 1GB to be able to fit the entire distro on there, but it does mean everything you need is all on the one device.

Read more here

Users of Internet Explorer, the world's most popular web browser, are at risk of having their computers hijacked because of a security flaw.


By Matthew Moore
Last Updated: 2:22PM GMT 16 Dec 2008

The flaw allows criminal gangs to take control of people's computers and steal their personal information when they visit websites that have been corrupted by malicious hackers.

It is believed that as many 10,000 sites have been compromised since last week.

Microsoft said that it had detected attacks on machines using Internet Explorer 7, the most widely-used version of the browser, but that other versions are "potentially vulnerable".

"We are actively investigating the vulnerability that these attacks attempt to exploit," the firm, which also makes the Windows operating system, said in a security statement.

Read More Here