About that heat map...
What about the countries with EXACTLY 340751 infected computers?
Media coverage of the Conficker superworm has died down over recent weeks but variants of the worm are still infecting 50,000 new PCs a day. The US, Brazil and India are the main cultivation grounds for the worm, according to reports from the Symantec threat intelligence team. Symantec has knocked up a colour-coded map …
Hi ! I'm a security software company and I want you to buy my overpriced bloated software suite instead of excellent free alternatives (AVG, Avast, PC Tools AV, Avira etc.)
People would want to buy my software if they only new how many evil threats are out there !
So.... I'll publish "independent research" to scare everyone into buying my crap !
I don't care Norton I really don't last virus I had was Blaster, and that was M$ fault, Avast has been fine for me and a large dose of common sense.
You almost scared me there, I thought some normal machines were at risk...
On the same note, there is a very simple solution: transfer ownership of every infected machine in the world to the state of Arkansas for destruction (shipping at the original owner's cost of course).
Also apparently the worm made a brief appearance in hospitals and even government-affiliated networks in the UK, quite possibly making it the world biggest vital infrastructure cracking of all time, so all owners of infected machines around the world should face extradition and trial in the UK.
Nice to see that New Zealand doesn't warrant appearing on Symantec's "heat map"...must be completely unaffected by Conflicker (yeah right).
After all, they wouldn't be aware of New Zealand would they? It is only the country where Ghost was created and developed until Norton/Symantec liked the idea so much that they bought the company (then turned it into a pile of poo).
Its not hard to patch your systems, hell, they come pre-programmed to update every-day straight out of the box. Its not hard to protect machines, although most bot net infections come from people downloading and installing Hacked / pre-modded copies of Windows which either already contain the bot or they have nearly all security removed (to bypass activation, add junk to the core system code, etc.)
Microsoft isn't at fault here, the security center in XP will keep bothering users until they properly protect their machines, and UAC in Vista was designed to prevent this (albeit not very friendly, but sudo isn't very friendly either...)
If Microsoft were to remove all the exploitable code, developer would whine to no end about having to re-write code for the new OS, and end-users would complain that their old software doesn't work anymore.
If Microsoft were to include or even recommend anti-virus, then the EC would bring another lawsuit about 'Microsoft abusing their Monopoly to push software'.
So really it is up to the End-users / IT organizations to make sure that there is proper security in place and to patch systems regularly, and to remember that all systems, regardless of OS, should have anti-malware applications.
David, that is soo true. I get sick of all the media hype and companies trying to make a name for themselves (make sure to check out my blog below.) haha, yes that was a joke at the end.
Anyways, i have to admit, i am really impressed with this virus. it is mutating and learning. I really wish i could meet the guys that designed it and have lunch (i will even pay!). It is just a thing of beauty. I know there are tons of bad things you could do with it, but we are putting all of that aside for the sake of conversation. Besides, I bet half of the growth that comes from this is companies not doing auto updates, letting it spread like fire through out.
The Running Tally
im using a pirated copy of winxp with service pack 2. i have been using this exact same copy for seven (7) years now, and the only times i have ever been infected by anything was due to my own stupidity...
"ooooo she has nude screensavers? lets see this!!"
common sense and safer internet surfing habits go a very long way towards keeping a computer compromise-free.
use a java / flash / adblocker of some kind, and avoid russian porn and warez sites like they were SARS carriers. dont just open any old email attachment, and dont just plug in any old USB storage device unless you absolutely trust the owner of said device. dont share any files at all unless you know the person you are sharing with personally, or if said file is something you know for a fact cant be a carrier of malware. dont use IE and in most cases Firefox, as activeX is a vector for problems.
im starting to rant, so im gonna go now.
That people should start protecting themselves and others by affirmative action. The thing is if human beings worked this way there would be no need to worry about STD's, AIDS or any other nasties that abound because we'd all understand the need for protection.
The fact of the matter is most people are completely ignorant of the dangers out there. It's all very well you lot pontificating about using common sense and adblocker etc etc but 90% (OK I'm guessing) of ordinary folk haven't got a fucking clue what you're talking about. Yes, you as someone 'informed' about the perils of unfettered internet access know what to do, but Doris of Neasden who wants her groceries delivered at 4.45 before the kids get home from school, has fuck all idea of what you're on about. And why should she? She's been told that the interweb is fantastic and and and you can do all kinds of things and and and it's brilliant and that..
sorry - I need to have a little lie down now.
Don't want to sound too negative - but:
"Conficker (aka Downadup) infects a Windows system by either exploiting systems unprotected against the MS08-067 vulnerability patched by Microsoft back in April"
"Thursday, October 23, 2008 10:33 AM by MSRCTEAM
The MS08 sort of gives it away - which April were you working from??
On13th May, the local media in one of the Greater Manchester boroughs, reported that the pc machines in a NHS trust hospital, namely Tameside General Hospital were infected with the Conficker virus.
One would think that large responsible organisations and Government depts, would have system features and scanners in place to prevent such an attack taking place, especially when the awareness factor of the Conficker virus has been known since last year.
Perhaps there is something clearly wrong with the way that particular hospital is managed?
The reported article about the conficker infection:
...beginning to seriously doubt these figures?
"...but variants of the worm are still infecting 50,000 new PCs a day."
"The worm infected millions of systems in the run-up to 1 April..."
Show your working, or lose marks!
Botnets are becomming mainstream news, and as we all know, figures get fudged. Lies, damn lies, and statistics.
Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances.
The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.
This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come.
Microsoft is extending the Defender brand with a version aimed at families and individuals.
"Defender" has been the company's name of choice for its anti-malware platform for years. Microsoft Defender for individuals, available for Microsoft 365 Personal and Family subscribers, is a cross-platform application, encompassing macOS, iOS, and Android devices and extending "the protection already built into Windows Security beyond your PC."
The system comprises a dashboard showing the status of linked devices as well as alerts and suggestions.
In brief Google on Friday pledged to update its location history system so that visits to medical clinics and similarly sensitive places are automatically deleted.
In this post-Roe era of America, there is concern that cops and other law enforcement will demand the web giant hand over information about its users if they are suspected of breaking the law by seeking an abortion.
Google keeps a log of its users whereabouts, via its Location History functionality, and provides some controls to delete all or part of those records, or switch it off. Now, seemingly in response to the above concerns and a certain US Supreme Court decision, we're told Google's going to auto-delete some entries.
Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.
The API capabilities – aptly named "Advanced API Security" – are built on top of Apigee, the API management platform that the web giant bought for $625 million six years ago.
As API data makes up an increasing amount of internet traffic – Cloudflare says more than 50 percent of all of the traffic it processes is API based, and it's growing twice as fast as traditional web traffic – API security becomes more important to enterprises. Malicious actors can use API calls to bypass network security measures and connect directly to backend systems or launch DDoS attacks.
Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers.
Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries.
The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.
In particular, I hear the term “zero trust” increasingly being applied to APIs, which led to the idea for this post. At the same time, I’ve also noticed what might be called a zero trust backlash, as it becomes apparent that you can’t wave a zero trust wand and instantly solve all your security concerns.
Zero trust has been on my radar for almost a decade, as it was part of the environment that enabled network virtualization to take off. We’ve told that story briefly in our SDN book – the rise of microsegmentation as a widespread use-case was arguably the critical step that took network virtualization from a niche technology to the mainstream.
The latest version of OpenSSL v3, a widely used open-source library for secure networking using the Transport Layer Security (TLS) protocol, contains a memory corruption vulnerability that imperils x64 systems with Intel's Advanced Vector Extensions 512 (AVX512).
OpenSSL 3.0.4 was released on June 21 to address a command-injection vulnerability (CVE-2022-2068) that was not fully addressed with a previous patch (CVE-2022-1292).
But this release itself needs further fixing. OpenSSL 3.0.4 "is susceptible to remote memory corruption which can be triggered trivially by an attacker," according to security researcher Guido Vranken. We're imagining two devices establishing a secure connection between themselves using OpenSSL and this flaw being exploited to run arbitrary malicious code on one of them.
If claims hold true, AMD has been targeted by the extortion group RansomHouse, which says it is sitting on a trove of data stolen from the processor designer following an alleged security breach earlier this year.
RansomHouse says it obtained the files from an intrusion into AMD's network on January 5, 2022, and that this isn't material from a previous leak of its intellectual property.
This relatively new crew also says it doesn't breach the security of systems itself, nor develop or use ransomware. Instead, it acts as a "mediator" between attackers and victims to ensure payment is made for purloined data.
1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.
Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.
"We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.
Feature US and European cops, prosecutors, and NGOs recently convened a two-day workshop in the Hague to discuss how to respond to the growing scourge of ransomware.
"Only by working together with key law enforcement and prosecutorial partners in the EU can we effectively combat the threat that ransomware poses to our society," said US assistant attorney general Kenneth Polite, Jr, in a canned statement.
Earlier this month, at the annual RSA Conference, this same topic was on cybersecurity professionals' minds – and lips.
Biting the hand that feeds IT © 1998–2022