Streetlights didn't stop working, satellites never fell from orbit, and the internet didn't spontaneously combust. So what exactly did the Conficker.c worm manage to accomplish? Up till now, the answer is 'not much,' but Trend Micro warns the worm has started making its move.
It's been just over a week since Conficker.c was supposed to turn machines against man in an epic battle not even Will Smith (the actor, not the Editor-in-Chief) would be able to defeat, and while we can probably put such related fears to rest, Trend Micro security researchers say machines already infected with the worm have begun receiving a new payload through P2P. The payload is being detected as WORM_DOWNAD.E.
"Basically the component it's downloading via peer-to-peer is just a dropper -- so it drops yet another component, which we are in the process of finalizing analysis on now," Trend Micro researcher Paul Ferguson said in a conversation with eWEEK. "It looks like it has some rootkit capabilities, but beyond that right now I can't go into any additional detail, I don't have complete information in front of me."
Conficker.c received much media attention prior to April 1st, when the worm was expected to wreak all kinds of havoc. But April Fool's Day has come and gone without much movement from the worm, which either means the threat was grossly overblown, or its writers are waiting for the dust to settle.
No rest for the weary, especially Windows users. Following the Conficker.c scare that, up to this point, hasn't lived up to the hype, a Microsoft Security Advisory (969136) warns of a newly discovered vulnerability in PowerPoint.
"Microsoft is investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if user opens a specially crafted PowerPoint file," said the advisory. "At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability."
Microsoft said the vulnerability is caused when PowerPoint accesses an invalid object in memory when parsing a specially crafted PowerPoint file. The security hole makes it possible for attackers to gain the same user rights as the local user.
No fix is currently in place, however Microsoft indicated it may release a patch before the next monthly security update. In the meantime, PowerPoint users are advised not to open or save Office files from un-trusted sources (thanks for that gem, MS!).
The Conficker worm has been generating the big security headlines, but what The New York Times calls a "vast electronic spying operation" reveals an ongoing, very sophisticated cyberespionage campaign that may well represent an even more important threat than Conficker - especially to the Dalai Lama's Tibetan freedom movement.
Researchers at the University of Toronto Munk Center's Citizen Lab summarize GhostNet thus:
Documented evidence of a cyber espionage network— GhostNet—infecting at least 1,295 computers in 103 countries, of which close to 30% can be considered as high-value diplomatic, political, economic, and military targets.
Documented evidence of GhostNet penetration of computer systems containing sensitive and secret information at the private offces of the Dalai Lama and other Tibetan targets.
Documentation and reverse engineering of the modus operandi of the GhostNet system—including vectors, targeting, delivery mechanisms, data retrieval and control systems—reveals a covert, diffcult-to-detect and elaborate cyber-espionage system capable of taking full control of affected systems.
To find out more about how GhostNet works, join us after the jump.
April Fools' Day might be all fun and games for some, but if you manage to fall prey to the Conficker worm, it's no laughing matter. As reported earlier this month by our very own Mark Soper, the third version of Conficker (Conficker.c) is set to wreak havoc tomorrow, April 1st. Here's what you need to know.
What is Conficker?
Conficker is one of the nastiest computer worms in recent history to go on the warpath against Windows-based PCs. First surfacing in October, 2008, Conficker targets Windows 2000, XP, Vista, Server 2003, Server 2008, Server 2008 R2 Beta, and even Windows 7. To date, Conficker has infected over 9 million PCs, shut down French and British military assests, and prompted a $250,000 reward from Microsoft for information leading to the arrest and conviction of the worm's creators.
What Does it Do?
The first two versions of Conficker -- variants A and B -- exploit a vulnerability in the Server Service on Windows-based PCs to take advantage of an already-infected source computer. Once infected, the worm goes to work exploiting the network hole, cracking administrator passwords, prevents access to security websites and services for automatic updates, disables backup services, erases recently saved documents, and among other things, also leaves you vulnerable to other infected machines.
What Happens Tomorrow?
One of the scariest things about Conficker, including Conficker.c, is that its full potential isn't known. Come tomorrow, those infected might be prompted to buy fake sofware products, or it could start monitoring your keystrokes to lift sensitive information like banking passwords. Files could end up deleted, or it might transform your computer into a zombie PC while staying under the radar. Whatever it ends up doing, it won't be good, and you need to take proper precautions right now.
Join us after the jump to find out how to avoid infection, or what you can do if it's already too late. **Now with April 1st Update!**
According to Google, if you’ve got valuable documents out on their Google Docs suite of applications, you shouldn’t worry your pretty little head off. According to them, the alleged issues are smoke and mirrors.
In an official blog post by Jonathan Rochelle, Google Docs’ Product Manager, he explains, “At Google, we treat the privacy and integrity of our users' data with the highest priority. We quickly investigated, and we believe that these concerns do not pose a significant security risk to our users. If you want the details, read on...”
The blog post continues to meticulously break down and debunk the issues that the analyst, Ade Barkah, had brought to their attention.
Though, Google did admit that earlier this month a glitch in Docs caused some user documents to be exposed to those without proper permissions. The problem occurred amongst users that had previously shared documents, but reportedly affected less than 0.05 percent of the documents.
Microsoft's latest browser, Internet Explorer 8, has gotten mixed reviews from MaximumPC.com readers (see comments here and here), but one question that's hard for any individual user to answer about any browser is "how secure is it?"
To find out, Microsoft asked NSS Labs to pit IE8 RC1 against its predecessor, IE7, as well as the following third-party browsers: Firefox 3.0.7, Safari 3.2, Chrome 1.0.154, and Opera 9.64. The objective: find out which browser did the best job at handling so-called social-engineering malware sites - the ones that try to con you into downloading malware disguised as something else ("Adobe Flash update," anyone?).
ComputerWorldreports that IE8 did the best job of fending off attacks from 492 malware-distributing websites, blocking 69% of attacks (details here [PDF link]). If you're not using IE8, join us after the jump to learn how your favorite browser fared.
It was a year ago that security researcher Charlie Miller walked away with $10,000 for hacking into a MacBook Air with Safari in just two minutes during the annual Pwn2Own competition, and earlier this month Miller predicted Safari would be the first to fall at this year's event. Miller made good on that promise this week by using a prepared exploit to gain full control of the device in about 10 seconds.
"It's not easy, but this worked with one click [from the Safari browser]", Miller said.
Miller had discovered the exploit last year, which allows a remote attacker to take over a machine if a user clicks on a malicious URL. Details of the exploit, which Miller isn't allowed to divulge, will be shared with Apple from contest sponsor TippingPoint so that Apple can develop a patch.
On the same day, a 25-year-old computer science student at the University of Oldenburg in Germany demonstrated exploits in IE8, Safari, and Firefox, earning him a cool $15,000 ($5,000 per exploit), along with getting to keep the Sony Vaio P series notebook he used (Miller pocketed $5,000 and a MacBook Air).
While three major browsers succumbed to hacking attempts on day one, no mobile exploits have yet been successful. Mobile exploits carry the biggest reward for contest participants, with TippingPoint offering $10,000 for each successful exploit in the major smartphones.
Just when you might have thought it was safe to start using USB flash drives at work again, the third, and by all accounts, most fiendish version of the Conficker worm that's infected millions of PCs already is set to attack on April 1st, Ars Technicareports. Conficker.C's designed to hide itself even more thoroughly than its older siblings, using tricks such as:
Inserting itself into as many as five Windows-related folders such as System, Movie Maker, Internet Explorer, and others (under a random name, of course)
Creating access control entries and locking the file(s)
Registers dummy services using a "one (name) from column A, one from column B, and two from column C" method
To find out what happens when Conficker.C strikes, join us after the jump.
The beauty of a Live CD is that it gives you a chance to access your computer or a batch of alternate applications without actually having to load up your operating system. You only need to pop the CD into your optical drive and boot it up from your BIOS -- this self-contained environment runs independent of anything that's located on your drive partitions, even though you can still perform a variety of tasks that manipulate the data on your drives.
For example, you can test our new Linux distributions using a Live CD, saving you the time and hassle of blanking an entire partition just to see if it's the right distribution for you. You can also manipulate the partitions of your drives using a Live CD, expanding and creating volumes to create alternate locations for new operating systems, files, or whatever it is you'd use a separate volume for. Live CDs are great for troubleshooting your system (or saving your data) when your primary operating system won't boot, and they can also be used to break through Windows installations that you've lost the password for.
All that functionality... and you don't even have to install a single program on your machine! Click the link to check out some of the best Live CDs that you should have sitting on your desk.
If you haven’t done so already, make sure your Adobe reader has checked for, and downloaded the latest updates. Adobe has finally released a patch for the zero day scripting vulnerability in its PDF software. The patch for version 9 hit the net a bit earlier than expected, but not a moment too soon to combat this now critically exploited weakness which has been in the wild now since December 2008. The patches for Version 7 & 8 are still planned for March 18th and users of this version would be advised to either upgrade to 9.1 or consider Foxit Reader.
The news was posted by Adobe blogger David Lenoe. "Today, we posted the Adobe Reader 9.1 and Acrobat 9.1 update, which resolves the recent JBIG2 security issue (CVE-2009-0658), including the 'no-click' variant of the vulnerability." "We encourage all Adobe Reader users to download and install the free Adobe Reader 9.1."
For those that haven’t been following the details of the exploit, the vulnerability is a result of an array indexing error in the processing of JBIG2 streams. Hackers have found a way to corrupt arbitrary memory using the PDF format and take control of compromised systems. The lesson learned here if we didn’t know it already, don’t take candy, or PDF’s from strangers.