Have you changed your Facebook password lately? Perhaps you should do it again. Cybercriminals have taught an old worm some new tricks, pointed it towards the world's largest social network, and slapped it on the backside. It didn't take long for this particular variant of Ramnit to rummage through Facebook and steal over 45,000 usernames and passwords around the globe.

The now infamous Conficker worm created quite the scare for security researchers, and in some ways, it still does. In a new report (PDF), the Conficker Working Group -- a coalition of cybersecurity experts and industry heavyweights including Microsoft, ICANN, domain registry operators, AV vendors, and academic researchers -- reveals what they've learned from the worm, as well as some of the frustrations.

In short, the group has been successful in blocking the worm's author(s) from being able to use the worm for whatever dastardly deeds it might have been created for, but they've failed to kill Conficker entirely.

"The Conficker Working Group sees its biggest success as preventing the author of Conficker from gaining control of the botnet," CGW notes. "Nearly every person interviewed for this report said this aspect of the effort has been successful. The blocking of domains continues and the Working Group has indicated they will maintain their effort."

At the same time, CGW "sees its biggest failure as the inability to remediate infected computers and eliminate the threat of the botnet. While remediation efforts did take place, millions of the A/B variations of Conficker remain on infected computers."

Shockingly, the self-replicating worm remains on more than five million computers and "is among the largest botnet in the past five years," the report said. And while the author hasn't been caught, the group believes the person responsible lived in Eastern Europe.

We know you would never click on suspicious links in your email or download unexpected files willy-nilly, but we're willing to bet you know someone that would. Now would be a good time to remind them not to do that sort of thing. According to McAfee, there's a new worm slithering through cyberspace that likes to chew on your AV software. Like most malware, this one requires a little help from the end user.

The worm is spread by email with a link to a seemingly innocent PDF file or raunchy WMV download, though users who click will get much more than they bargained for.

"When a user chooses to manually follow the hyperlink, they will be prompted to download or execute the virus," McAfee warns. "When run, the virus installs itself to the Windows directory as CSRSS.EXE (not to be confused with the valid CSRSS.EXE file within the Windows System directory). Once infected the worm attempts to send the aforementioned message to email address book recipients."

McAfee says it can also be spread through accessible remote machines, mapped drives, and removable media through Autorun replication. Once infected, the virus attempts to cripple and delete security services, including popular AV software like AntiVir, Avast, AVG, McAfee, Panda, and a whole bunch of others.

Security firm Symantec this week issued a warning about the existence of a new Yahoo Messenger worm making the rounds. According to Symantec, the worm has been spreading by sending messages to victims from contacts in their list. The compromised IM contains a link claiming to be a photo, but really points to a malicious executable on the Web.

Clicking the link itself won't harm your PC. Instead, the worm relies on old fashioned tech newbness in hopes that the potential victim won't pay attention to the file they're downloading, which is a dirty executable and not a JPEG, PNG, or any other image file.

If executed, the worm copies itself to %WinDir%\infocard.exe and then adds an exception for itself to the Windows Firewall List. It also stops the Windows Updates service and sets a registry value so that it runs on bootup. If you suspect your or someone else's PC has been compromised, the registry value you're looking to eradicate is:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Firewall Administrating" = "%WinDir%\infocard.exe"

Anyone run into this?