General discussion

NEWS - April 19, 2010

China reports millions of Conficker worm infections

China last year had one in four of the world's infected IPs for one Conficker variant, a security report shows

China last year hosted more than one in four of the world's computers infected with a major variant of the Conficker worm, according to an official report, highlighting the wide reach of malware inside the country.

China had about 7 million Internet Protocol (IP) addresses infected with Conficker B at the end of last year, according to a recent annual security report posted on the Web site of China's National Computer Network Emergency Response Technical Team (CNCERT). The number of infections varied during the second half of the year, which the report covered, but was higher than 5 million during all but one week.

The huge figures gave China up to 28 percent of the world's Conficker B infections depending on the week, the report shows.

Continued here:
Discussion is locked
Reply to: NEWS - April 19, 2010
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - April 19, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
MSDN, TechNet get Office 2010 this week

''Enterprises must wait until April 27 for final bits, consumers until June''

Subscribers to Microsoft's developer and IT professional services are first in line to get Office 2010, which will be released to MSDN and TechNet on Thursday, the company has confirmed.

MSDN (Microsoft Developer Network) and TechNet subscribers can download the production versions of Office 2010 starting April 22, five days before volume license customers with Software Assurance will be able to obtain the new application suite.

Last Friday, Microsoft announced that Office 2010 had reached the RTM, or release to manufacturing, milestone, meaning that it had declared the code completed and was set to ship it to computer makers and media duplicators.

Office 2010 will hit U.S. retail in June; Microsoft has not yet set an on-sale date during the month. Users can now place pre-order three editions -- Home and Student 2010, Home and Business 2010, and Professional 2010 -- at the company's online store, as well at some third-party outlets, including

People who have installed the Office 2010 beta -- Microsoft said more than 7.5 million copies have been downloaded since last November -- can continue to use it until October 31, 2010, when the preview expires and stops working.

Continued here:

- Collapse -
Google: botnet takedowns fail to stem spam tide

'If one goes offline, spammers buy, rent, or deploy another'

Spam levels have remained resolutely stable despite recent botnet takedowns, according to a survey from Google's email filtering business.

Google Postini reports no lasting effect from the recent takedown of spam-spewing botnet, such as Mariposa and Mega-D. The command-and-control servers associated with the Mega-D botnet were isolated towards the end of 2009, effectively decapitating one of the top-10 junk mail sources.

Early this year, government agencies and security firms teamed up to take-down several other botnet targets - including Waledac, Mariposa, and Zeus - using similar tactics. The operations are these botnets were either curtailed (Mariposa) or severely hampered in the process (Zeus).

These combined efforts have failed to make much difference in the volumes of spam circulating online. Spam and virus levels did dip down 12 per cent from a Q409 high but held "relatively steady" throughout the first quarter of 2010, Google Postini reports.

Continued here:

- Collapse -
Nine-year-old steals password to school system

"Boy changes school's online education system"

A few weeks ago, officials at Fairfax County Public Schools thought they had a hacker on their hands.

Someone was changing teacher passwords on the Falls Church, Virginia, school district's Blackboard system, which is used to give teachers, students and parents a way to communicate and stay on top of homework assignments and class announcements over the Web.

Local police were called; they investigated and traced the incident to the home of a 9-year-old student at the school. Although police initially thought that the Blackboard system had been hacked, it turned out that a Fairfax student - who has not been identified - had simply taken a teacher's password from a desk and used it to change enrollment lists and other teachers' passwords.

"This was a case where an individual ... got hold of a teacher's password, and the passwords had administrative rights," said Paul Regnier, a school board spokesman.

The student was able to enroll teachers in classes, and when he did so he could modify their passwords on the Blackboard system, but there wasn't much more he could do, Blackboard representatives said. The intruder couldn't, for example, change grades or access other machines on the school's system.

Continued here:

- Collapse -
Fraud Fighter ?Bobbear? to Hang Up His Cape

The owner and curator of, a site that specializes in exposing Internet scams and phantom online companies, announced Saturday that he will be shuttering the site at the end of April.

Bobbear and its companion site, are creations of Bob Harrison, a 66-year-old U.K. resident who for the last four years has tirelessly chronicled and exposed a myriad of fraud and scam Web sites. The sites, which are well-indexed by Google and other search engines and receive about 2,000 hits per day, often are among the first results returned in a search for the names of fly-by-night corporations advertised in spam and aimed at swindling the unsuspecting or duping the unwitting.

Indeed, has been extremely valuable resource to, which has used it to track the constant stream of new fraudulent corporations used to recruit so-called money mules, people lured into helping organized criminals launder money stolen through online banking theft.

In an interview with krebsonsecurity, Harrison said he?s been considering this move for some time now, and finally decided to quit the site for health and quality-of-life reasons.

Continued here:

Also : Veteran UK fraud fighter 'BobBear' retires

- Collapse -
Feds drop bid for warrantless access to Yahoo! mail

"Probable cause showdown averted"

The federal government has dropped its controversial bid to read messages in a Yahoo! email account without getting a search warrant.

In a two-page document filed Friday, federal prosecutors in Colorado said the documents "would not be helpful to the government's investigation," the specifics of which have never been disclosed. The withdrawal puts to rest the legal fight over whether the US Constitution requires prosecutors to seek a search warrant before accessing email stored by service providers.

"While this is a great victory for that Yahoo! subscriber, it's disappointing to those of us who wanted a clear ruling on the legality and constitutionality of the government's overreaching demand," wrote Kevin Bankston, an attorney with the Electronic Frontier Foundation, part of a coalition of groups that opposed the government's action. "Such demands are apparently a routine law enforcement technique."

The retreat precludes the possibility of a court precedent requiring a search warrant, he added.

Continued here:

Prior Post : Yahoo, Feds Battle Over E-Mail Privacy

- Collapse -
Fring cops to unchangeable passwords

"Security isn't a Fring thing"

Do you use Fring? Do you change your passwords regularly? If you answered yes to both then you're lying, as Fring has admitted that changing the password isn't an option.

Fring is an identity-aggregator which combines instant messaging and VoIP applications, routing connections through its servers to provide an integrated interface. That means Fring has to keep copies of all your messaging passwords, and makes the inability to change the master password even more worrying.

The tip comes from a Reg reader who contacted Fring to ask how to go about changing his password, and was told that it was impossible. He was advised that it could only be done by him asking Fring to delete the account and then create a new one, as passwords are immutable. Like us, he was flabbergasted. The company has now confirmed to us that passwords can't ever be changed.

"Your reader is correct, you cannot change your password on fring, once registered. The way around it is to ask us to delete your account and have you re-create it with a new one," Fring told us.

Continued here:

- Collapse -
Trojan as Fake Google Chrome Extension

From BitDefender's Malware City Blog:

As more and more people are using Google Chrome and its functionalities to browse the net and to organize information, cybercriminals have set their minds on exploiting this environment to spread malware and steal users? information.

The story is simple: Google Chrome users receive an unsolicited e-mail which announces that a new extension of their favorite browser has been developed to facilitate their access to documents from e-mails. [...]

An apparently unsuspicious link is provided, and the recipients are advised to follow it in order to download the new extension. Once they click the link, they are redirected to a look-alike of the Google Chrome Extensions page, which, instead of the promised extension, provides them with a fake application that infects their systems with malware.

Although the sham application has the same description as that of an original Google Chrome Extension, the first sign the more inquisitive users will get about it not being what they were looking for should be the fact that instead of the expected ?.crx? extension, it features a flamboyant ?.exe? tail. [...]

Continued here:

- Collapse -
Symantec readies new Norton antimalware software..
Symantec readies new Norton antimalware software, offers free PC cleaners

"Reputation-based security scans extended to Chrome, Opera, Safari browsers"

Symantec Monday unveiled the Norton 2011 editions of its antimalware software to wipe out infections on Windows-based machines.

Symantec's Norton 2011 AntiVirus and Norton Internet Security products, expected to ship in September, are available in beta form for free download to Windows-based machines. Both products have new protections, including reputation-based security scans for all Web browsers, instant-messaging clients, e-mail and file managers to warn and defend against malicious code, according to Norton's director of product management, Dan Nadir.

"Last year we had reputation-based security for downloads from Internet Explorer and Firefox, and now we're incorporating all the browsers, including Chrome, Opera, Safari," and others, Nadir says. Reputation-based scanning involves a real-time evaluation based on Symantec's knowledge base to determine the risk and danger posed by downloaded data, with the idea of flagging dangers.

Continued here:
- Collapse -
Volcanos, Ashes and Malware

From the PandaLabs Blog:

When the volcano Eyjafjallaj

- Collapse -
New Mac backdoor Trojan horse discovered

From Graham Cluley's Blog:

Pinhead or HellRTS? What's in a name?

Mac malware is making the headlines again - this time in the form of a remote access trojan which has been given the name OSX/HellRTS.D by French security firm Intego.

The folks at Intego blogged about the new Mac threat they discovered, which when run on a Mac OS X computer can allow remote hackers to gain access.

Users of Sophos Anti-Virus for Mac are protected, as we detect the malware as OSX/Pinhead-B, but presently it looks like this is not considered a serious threat and we have received no reports of infections from customers.

It does, however, appear to have been distributed disguised as iPhoto, the photo application which ships on modern Mac computers. This is clearly an attempt to fool victims via a social engineering trick into installing the malicious code on their computers.

Continued here:

- Collapse -
Network Solutions sites hacked again

A week after Web hosting company Network Solutions dealt with a large-scale infection of WordPress-driven blogs, the company acknowledged that other sites it hosts have been compromised.

"We have received reports that Network Solutions customers are seeing malicious code added to their websites and we are really sorry for this experience," said company spokesman Shashi Bellamkonda in a Sunday blog post. "At this time, since anything we say in public may help the perpetrators, we are unable to provide details."

On Monday, another Network Solutions spokesperson declined to get more specific or answer questions, including what moves the company was making and how many sites had been affected. "At this time, we believe this is affecting a subset of our hosting customers," said Susan Wade, the director of Network Solutions' corporate communications. "For now, it's difficult to make a conclusive statement or provide more details publicly."

Continued here:

- Collapse -
Scareware Links Redirecting to

From the F-Secure Weblog:

Many Rogue SEO attack sites will only work if the referrer is from a Google query.

If the URL is visited from other source, the potential victim, will be directed away from the scareware. So where is it that the bad guys are currently forwarding non-Google visitors?

This video demonstrates with a recent Google trend: [...]

Continued here:

CNET Forums

Forum Info