Free Republic

A "tremendous" amount of financial data has been stolen by a Trojan that has infected hundreds of thousands of corporate and personal PCs, according to information security specialist SecureWorks. Clampi, also known as Ligats, Ilomo or Rscan, has spread across Microsoft networks in a "worm-like fashion" and is "one of the largest and most professional thieving operations on the Internet" says Joe Stewart, director of malware research at SecureWorks' counter threat unit. Once it has infected a PC, the Trojan monitors Web sessions to see if one of 4500 targeted sites are visited. If a victim uses one of these...

SNIPPET: "UPDATE: The Koobface gang is upgrading the command and control infrastructure in response to the positive ROI out of the takedown activities." SNIPPET: "Related posts: Dissecting Koobface Worm's Twitter Campaign Dissecting the Koobface Worm's December Campaign Dissecting the Latest Koobface Facebook Campaign The Koobface Gang Mixing Social Engineering Vectors"

PCs Used in Korean DDoS Attacks May Self Destruct There are signs that the concerted cyber attacks targeting U.S. and Korean government and commercial Web sites this past week are beginning to wane. Yet, even if the assaults were to be completely blocked tomorrow, the attackers could still have one last, inglorious weapon in their arsenal: New evidence suggests that the malicious code responsible for spreading this attack includes instructions to overwrite the infected PC's hard drive. Update: This is already happening. Please be sure to read the updates at the end of this post. Original post: According to Joe...

MOSCOW, Idaho – The giant Palouse earthworm has taken on mythic qualities in this vast agricultural region that stretches from eastern Washington into the Idaho panhandle — its very name evoking the fictional sandworms from "Dune" or those vicious creatures from the movie "Tremors." The worm is said to secrete a lily-like smell when handled, spit at predators, and live in burrows 15 feet deep. There have been only a handful of sightings. But scientists hope to change that this summer with researchers scouring the Palouse region in hopes of finding more of the giant earthworms. Conservationists also want the...

IRONTON, Ohio (WSAZ) -- It's not what Amy Darby expected when she woke up Friday morning. She thought it was a string or a blade of grass--but then she noticed it start moving. "It looks like a piece of grass that's alive," Darby said outside her place of work Friday. Darby claims at 4:30 a.m., a brown worm came out of her kitchen faucet. She called the city's water department. Darby said she was referred to the health department. "It's beyond creepy," Darby said. "It looks like a tapeworm that would be inside of a human. And this is coming...

ecurity sites are warning web users to beware fake Twitter invites in their email inboxes. The reports, based on an alert on Wednesday from Symantec, say the emailed invites come with a malicious attachment which, if downloaded, harvests email addresses from your computer and copies itself to removable drives and shared folders. The emails carry the subject line “Your friend invited you to twitter!”, while the sender’s address is spoofed as “invitations@twitter.com”. Unlike a typical Twitter invite, however, the email contains no invitation link: instead it carries the attached file Invitation Card.zip, tempting the receiver to download it. The attachment,...

Was downloading a video from the internet (Kung Fu movie) when my Avast anti-virus software first warned me of a trojan (from the find site) and then a worm. I deleted both. Both Avast and Trend Micro House Call show no infection. However, on my Facebook account, something sent an ugly message with an even uglier link (which also warned on a virus) to everyone on my Facebook. I do not automatically log in to Facebook, I put in my password every time. How did it do that?

In a recent blog post, the Cyber Secure Institute claims that based on their previous studies into the average cost of such malware attacks, the economic loss due to the Conficker worm could be as high as $9.1 billion. Despite that their analysis also considered a much limited infection rate (200,000 infected hosts), they claim that the cost of the virus in this case is still around $200 million. The research excludes an important fact though - not only is Conficker still active and infecting, but also, according to the most recent infection rate estimate courtesy of the Conficker Working...

BOSTON (Reuters) - A malicious software program known as Conficker that many feared would wreak havoc on April 1 is slowly being activated, weeks after being dismissed as a false alarm, security experts said. Conficker, also known as Downadup or Kido, is quietly turning thousands of personal computers into servers of e-mail spam and installing spyware, they said. The worm started spreading late last year, infecting millions of computers and turning them into "slaves" that respond to commands sent from a remote server that effectively controls an army of computers known as a botnet. Its unidentified creators started using those...

Researchers have discovered another feature of the Conficker worm that provides an additional clue about the intent of the creators--the worm installs malware that masquerades as antivirus software, Trend Micro said on Friday. The worm, which has infected millions of Windows-based computers on the Internet, is downloading a program called Spyware Protect 2009 and displaying warning messages saying that the computer is infected and offering to clean it up for $49.95, according to the Trend Micro blog.

Aquarium staff have unearthed a 'giant sea' worm that was attacking coral reef and prize fish. The 4ft long monster, named Barry, had launched a sustained attack on the reef in a display tank at Newquay's Blue Reef Aquarium over recent months. Workers at the Cornwall-based attraction had been left scratching their heads as to why the coral had been left devastated and - in some cases - cut in half.

The conficker worm, aka:Downup, Downadup and Kido, is scheduled to become active at 00:01:00 AM on 04/01/09. It's a complete unknown and has many experts worried. If you aren't sure about being protected on your Windows machine, please download the FREE application from Microsoft called Windows SteadyState , and install it. It only takes a few minutes, it's very easy and simple, and it will protect your hard drive. I use it on my XP Box and my Wife's Vista laptop, and I know it works. Download it, click to install, open it, and select "User Restrictions", and (if...

Aquarium staff have unearthed a 'giant sea' worm that was attacking coral reef and prize fish. The 4ft long monster, named Barry, had launched a sustained attack on the reef in a display tank at Newquay's Blue Reef Aquarium over recent months. Workers at the Cornwall-based attraction had been left scratching their heads as to why the coral had been left devastated and - in some cases - cut in half. After staking out the display for several weeks, the last resort was to completely dismantle it, rock by rock. Halfway through the process the predator was revealed as a...

As computer security firms play down the risk posed by the Conficker/Downadup worm, the Department of Homeland Security on Monday released a DHS-developed detection tool to help organizations scan for computers infected by the worm. The DHS US-CERT team created worm-scanning software for federal and state government agencies, commercial vendors, and critical infrastructure owners. It's being made available through the Government Forum of Incident Response and Security Teams Portal and to private-sector partners through various Information Sharing and Analysis Centers.

The Conficker worm will be active again on 1 April, according to an analysis of its most recent variant, Conficker.C, by the net security firm CA. This malicious piece of software, also known as Downup, Downadup and Kido, spreads among computers running most variants of the Windows operating system and turns them into nodes on a multi-million member "botnet" of zombie computers that can be controlled remotely by the worm's as yet unidentified authors. Since it first appeared in October 2008 it has apparently infected more than 15 million computers around the internet, though even that number is no more...

SAN FRANCISCO – A nasty worm has wriggled into millions of computers and continues to spread, leaving security experts wondering whether the attack is a harbinger of evil deeds to come. US software protection firm F-Secure says a computer worm known as "Conficker" or "Downadup" had infected more than nine million computers by Tuesday and was spreading at a rate of one million machines daily. The malicious software had yet to do any noticeable damage, prompting debate as to whether it is impotent, waiting to detonate, or a test run by cybercriminals intent on profiting from the weakness in the...

<p>Thursday, November 20, 2008 The Pentagon has suffered from a cyber attack so alarming that it has taken the unprecedented step of banning the use of external hardware devices, such as flash drives and DVD's, FOX News has learned.</p> <p>The attack came in the form of a global virus or worm that is spreading rapidly throughout a number of military networks.</p>

A BusinessWeek probe of rising attacks on America's most sensitive computer networks uncovers startling security gaps The e-mail message addressed to a Booz Allen Hamilton executive was mundane—a shopping list sent over by the Pentagon of weaponry India wanted to buy. But the missive turned out to be a brilliant fake. Lurking beneath the description of aircraft, engines, and radar equipment was an insidious piece of computer code known as "Poison Ivy" designed to suck sensitive data out of the $4 billion consulting firm's computer network. The Pentagon hadn't sent the e-mail at all. Its origin is unknown, but the...

Ok, Daughter's laptop with an up to date anti-virus program and firewall has gotten infected with a worm called worm.win32.netsky. Can't find a removal program for this bugger and the scans haven't found or removed it. She was going to various School District web sites to apply for a teaching job when it happened It loaded on it's own new desktop icons, and diabled remove program from the task bar along with Ctl-Alt-Del. Anyone out there got ideas?

The origin of the human brain has been traced back to primitive central nervous systems in worms and bugs, researchers now say. Humans and other vertebrates evolved from an ancient common ancestor that also gave rise to insects and worms, scientists have long known. But they're of course quite different today. Vertebrates have a spinal cord running along their backs, but insects and annelid worms such as earthworms, which have simple organs that barely resemble a brain, have clusters of nerves organized in a chain along their bellies. So biologists have long assumed these systems—key to ultimately putting a brain...

Thursday likely marked the largest proliferation of e-mail virus attacks in more than a year, according to security company Postini. Postini said that two variations of the Storm Worm virus, which originally spread across the Internet in January, have quickly driven global virus levels 60 times higher than their daily average. E-mail users should be on alert for messages with "love"-related subject lines and an executable attachment that would contain a Trojan virus, as well as messages with "Worm Alert!" subject lines that contained a .zip file full of malicious code. Postini, which is based in San Carlos, Calif., says...

Websense® Security Labs™ has discovered that the official website of Dolphin Stadium has been compromised with malicious code. The Dolphin Stadium is currently experiencing a large number of visitors, as it is the home of Sunday's Super Bowl XLI. The site is linked from numerous official Super Bowl websites and various Super Bowl-related search terms return links to the site.

SAN FRANCISCO - A computer worm is attacking some business PCs through a flaw in antivirus software by Symantec Corp., a security company warned Friday. EEye Digital Security, based in Aliso Viejo, Calif., said the worm, dubbed "Big Yellow," began attacking some computer systems on Thursday — seven months after eEye first discovered the flaw. Symantec released a patch to address the flaw in May, but it's up to its corporate customers to install it. Officials at the Cupertino, Calif.-based security software company said Friday it had so far received three reports of systems affected by the worm. "It is...

Google Apologizes in an Update: (Nov. 10,2006) Staffers mistakenly e-mail the virus to subscribers of the Video Blog mailing list. Google accidentally sent out e-mail containing a mass mailing worm to about 50,000 members of an e-mail discussion list focused on its Google Video Blog, the company said Tuesday. "On Tuesday evening, three posts were made to the Google Video Blog-group that should not have been posted," Google said in a statement, posted late Tuesday night. "Some of these posts may have contained a virus called W32/Kapser.A@mm -- a mass mailing worm. If you think you have downloaded this virus...

The world's stocks of seafood will have collapsed by 2050 at present rates of destruction by fishing, scientists said yesterday.A four-year study of 7,800 marine species around the world's ecosystems has concluded that the long-term trend is clear and predictable.   If the rate of over-fishing continues, the world's currently fished seafoods will have reached what is defined as collapse by 2048 By 2048, to be exact, catches of all the presently fished seafoods will have declined on average by more than 90 per cent since 1950.The study, by an international group of ecologists and economists, says the loss of...

SPOKANE, Wash. --It's 3 feet long, pinkish in color, smells like a lily and must be saved from extinction, conservationists said Thursday in asking the federal government to protect the Giant Palouse Earthworm under the Endangered Species Act. Long thought extinct, the worm was rediscovered in the past year to occupy tiny swatches of the heavily farmed Palouse region along the Washington-Idaho border. "This worm is the stuff that legends and fairy tales are made of," worm supporter Steve Paulson declared. "What kid wouldn't want to play with a 3 foot-long, lily smelling, soft pink worm that spits?" The U.S....

Other News: McBot attack is now in the wild... Marc Maiffret, eEye Digital Security, is reportting that an automated botnet malware has been using MS06-040 to infect machines and then scan for new machines to infect. If you have *not* installed the patch for MS06-040 then you are r *at risk* and need to get a move on to patch your network.. ...99% of Arab Websites Are Insecure Islamophobic, you ask? Nope, just the facts, Ma'am.... ... Eagle Eye Walmart Employee foils terrorists by alerting authorities,...& She gets named "Employee of the Month".

Excerpt - A security researcher with expertise in rootkits has created a working prototype of new technology that is capable of creating malware that remains "100 percent undetectable," even on Windows Vista x64 systems. Joanna Rutkowska, a stealth malware researcher at Singapore-based IT security firm COSEINC, says the new Blue Pill concept uses AMD's SVM/Pacifica virtualization technology to create an ultra-thin hypervisor that takes complete control of the underlying operating system. Rutkowska plans to discuss the idea and demonstrate a working prototype for Windows Vista x64 at the end at the SyScan Conference in Singapore on July 21 and at...

CONWAY, Ark. -- The worms in Phyllis Smith's garden are trying to tell her something. They're saying "hi." Smith has found herself losing the battle against the worms. She recently found a fruit with a message on it, clearly written by one of the unwanted guests. "We got down and was pruning and got down there and just pulled open those tomato vines," Smith said. "There was a message that that bold bug had left on that tomato, and it said, 'hi.' And it just blew our minds. I laughed so hard." Smith said she couldn't believe her eyes when...

Hackers are trying to lure people to a malicious Web site using cell phone text messages, a security company has warned. The blended attack uses social engineering techniques in its attempt to trick people to the site, security vendor Websense said in an advisory. An SMS text message is sent to the targets' cell phones, thanking them for subscribing to a fictitious dating service. The message states that they will be automatically charged a fee of $2.00 per day via their phone bill, unless their subscription is cancelled online. The same message has also been sent multiple times to the...

Worm lures victims with 'Naked World Cup'- World Cup malware targets English speakers By Robert McMillan, IDG News Service June 20, 2006 Soccer purists can breathe a sigh of relief. There is no Naked World Cup. IT professionals, on the other hand, may want to be a little more vigilant, as a new e-mail worm is on the loose that preys on the intense worldwide interest in the international sporting event. Called Sixem-A, the worm began circulating earlier this week, and has just recently been blocked by antivirus vendors. So far, the worm has been detected at only a handful...

A robot designed to crawl through the human gut by mimicking the wriggling motion of an undersea worm has been developed by European scientists. It could one day help doctors diagnose disease by carrying tiny cameras through patients' bodies. The team behind the robot includes scientists from Italy, Germany, Greece and the UK. They modelled it on polychaetes, or "paddle worms", which use tiny paddles on their body segments to push through sand, mud or water. "We turned to biological inspiration because, in the peculiar environment of the gut, traditional forms of robotic locomotion don't work," says Arianna Menciassi, a...

At the Cross, piano 1. Alas! and did my Savior bleed, and did my Sovereign die? Would he devote that sacred head for sinners such as I? Refrain: At the cross, at the cross, where I first saw the light, and the burden of my heart rolled away; it was there by faith I received my sight, and now I am happy all the day. 2. Was it for crimes that I have done, he groaned upon the tree? Amazing pity! Grace unknown! And love beyond degree! (Refrain) 3. Well might the sun in darkness hide, and shut its glories...

Washington -- National Security Advisor Samuel R. Berger announced June 16 the appointment of Mary O'Neil McCarthy as Special Assistant to the President and Senior Director for Intelligence Programs.

Excerpt - LAKE BUENA VISTA, Fla. — In a rare discussion on the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation. "When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at...

If six billion humans died, the world would be a better place. That's the message a professor from the University of Texas is proclaiming. An article in The Gazette-Enterprise details Professor Eric Pianka's doomsday beliefs. "In his estimation, 'We've grown fat, apathetic and miserable,' all the while leaving the planet parched. The solution? A 90 percent reduction." Can anyone say "Thomas Malthus wannabe" (high school flashback: Malthus was the guy who said the earth's population would outgrow its food supply). Pianka tells the Gazette, "[Disease] will control the scourge of humanity. We're looking forward to a huge collapse." The professor...

Sophos sees OS X virus ghostsAnti-virus software mistakes real applications for pests, breaks systems Anti-virus vendor Sophos has released an update of the Inqtana-B virus identity file for it Sophos Anti-Virus for OS X software due to false positives. The company initially released an antidote that incorrectly flagged various files in Microsoft Office 2004 and in Adobe Acrobat Reader as being infected with the OS X worm. Users in some cases reported that the anti-virus software claimed over 1,000 infections. The false positives have a great impact on users, as the anti-virus program will block access or delete all "infected"...

Doctors at a clinic in Kragujevac, central Serbia, have removed an 11 centimetre-long intestinal worm from a woman's eye socket. According to preliminary results, the worm taken from the 37-year-old patient's eye belongs to the Ascaris family, a common intestinal parasite in pigs that is also found in humans. No similar case has ever been recorded in Serbia and probably in Europe, Radomir Stojicevic, a doctor at the Kragujevac clinic, told the Tanjug news agency. The parasite had probably travelled through the patient's blood from the digestive tract into the eye socket, doctors at the clinic believe.

Microsoft has joined computer security experts to warn of a malicious software worm that may have already infected hundreds of thousands of PCs and is set to wreak havoc tomorrow. The worm, known variously as "Kama Sutra," "Blackworm" and "My Wife," entices users to open an e-mail attachment purportedly containing sexually explicit images. Once a computer is infected, Microsoft warned, the virus could "permanently corrupt a number of common document format files on the third day of every month." Users should be on the lookout for e-mails with subject headings such as "Hot Movie," "Sex.mpg," "Miss Lebanon 2006" and other...

Security analysts are warning computer users about a new and potentially destructive Internet worm that can obliterate important documents. The worm, called Kama Sutra, is making the rounds now, but is scheduled to execute its first massive attack on February 3. Detected last week, the malicious worm targets computers running Windows and spreads primarily by copying itself to shared network locations and then sending itself to e-mail addresses found on afflicted computers. With subject lines that read "the best videoclip ever," "give me a kiss," and "school girl fantasies gone bad," the worm entices computer users to open the attached...

Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses. The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers. “The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.” The flaw, which allows hackers to infect computers using...

This alert is a follow-up to a post made yesterday on our blog: http://www.websensesecuritylabs.com/blog/ Websense® Security Labs™ has discovered numerous websites exploiting an unpatched Windows vulnerability in the handling of .WMF image files. The websites which have been uncovered at this point are using the exploit to distribute Spyware applications and other Potentially Unwanted Soware. The user's desktop background is replaced with a message warning of a spyware infection and a "spyware cleaning" application is launched. This application prompts the user to enter credit card information in order to remove the detected spyware. The background image used and the "spyware...

Security researchers have released instructions for exploiting a previously unknown security hole in Windows XP and Windows 2003 Web Server with all of the latest patches applied.

Sober Helps Catch Child Porn Offender By BetaNews Staff, BetaNews December 20, 2005, 3:13 PM For once the never-ending Sober worm actually did some good. A 20 year-old child porn offender turned himself in earlier this week after mistaking a message generated by the worm as an actual communiqué from Germany's Federal Criminal Police Office. The e-mail said "an investigation was underway," which apparently spooked the man into believing the authorities were aware of his online activities. He was charged after police found pornographic images of children on his computer. A spokesman for the Paderborn, Germany police credited the worm...

The pesky Sober worm is to blame for disrupting e-mail traffic between Comcast account holders and users of Microsoft-based e-mail, Redmond said on Friday. A variant of Sober known as Win32/Sober.Z@mm is pummeling servers at Hotmail and MSN with "unusually high mail load," causing delays in e-mail delivery to Hotmail and MSN customers, said Brooke Richardson, MSN's lead product manager. Richardson also indicated that Internet service providers besides Comcast may be having problems directing e-mail to Hotmail and MSN servers. "We are working with Comcast and other ISPs to address (the) issues," Richardson said. "We're actively working to take the...

A new variation of the long-running Sober worm uses extremely effective tactics to trick users into infecting their PCs, security companies said Tuesday, including posing as messages from the FBI and CIA. Sober.w -- called Sober.x by Symantec, and Sober.z by Sophos and F-Secure -- is spreading rapidly, said security experts, fast enough for vendors to have amplified their threat levels Tuesday. Symantec raised its warning to a "3" in its 1 through 5 scale, the first time since the Zotob outbreak in August that the Cupertino, Calif.-based anti-virus vendor has taken a worm to that threat level. "The rate...

Sony's controversial copy-protection scheme had been in use for seven months before its cloaking rootkit was discovered, leading one analyst to question the effectiveness of the security industry. "[For] at least for seven months, Sony BMG Music CD buyers have been installing rootkits on their PCs. Why then did no security software vendor detect a problem and alert customers?" asked Joe Wilcox, an analyst with JupiterResearch. "Where the failure is, that's the question mark. Is it an indictment of how consumers view security software, that they have a sense of false protection, even when they don't update their anti-virus and...

When the news first broke in the mainstream press that Windows expert and blogger Mark Russinovich (he wrote a book about Windows for Microsoft) had found that Sony's anti-piracy efforts had gone too far and that Sony's DRM was installing an undetectable rootkit on customers' computers which they couldn't safely remove, the first reaction from Microsoft was guarded. They were concerned, they said, and were evaluating what, if anything, to do: Microsoft, which also ships an anti-spyware program, recently renamed "Windows Defender," hasn't yet decided whether it will also flag the Sony DRM software as malicious code, the spokesperson said....

More than one-half million networks infected by Sony including U.S. military and various countries. Dan Kaminsky, http://www.doxpara.com/ ,is the expert who broke this and did the work. His U.S. and Europe infection maps are shown below and are frightening. Dan did a hell of a good job. Search Google News for "sony numbers trouble" for more in an excellent article today that is very worth reading.

New worm targets Linux systems By Joris Evers Staff Writer, CNET News.com Published: November 7, 2005, 5:12 PM PST A new worm that propagates by exploiting security vulnerabilities in Web server software is attacking Linux systems, warned antivirus companies on Monday. The worm spreads by exploiting Web servers that host susceptible scripts at specific locations, according to antivirus software maker McAfee, which has named the worm "Lupper." Lupper blindly attacks Web servers, installing and executing a copy of the worm when a vulnerable server is found, McAfee said in its description of the worm. A backdoor is installed on infected...