Conficker worm explained: What is a botnet?
Conficker worm may be aimed at creating a botnet – a network of compromised computers controlled by criminals The motive behind the Conficker worm may not be known, but it may be aimed at creating one of the largest existing examples of a so-called "botnet" – a huge network of compromised computers that can be controlled remotely to act together simultaneously. Criminals use botnets to conduct illicit activity – such as sending spam emails or bringing down computer networks – while being able to hide their identities. Many of the largest botnets are still operational – among them Kraken, a network of compromised machines consisting of around half a million computers worldwide. One of the most active botnets, known as Srizbi, consists of around 450,000 computers that have been compromised by a program of the same name. The network received a blow last year when the servers that hosted it were taken down – but Srizbi is still able to send up to 60bn spam messages every day. Last year investigators shut down a botnet known as Mega-D, which was largely run out of America. According to estimates by the US Federal Trade Commission, at its height Mega-D was responsible for sending as much as 35% of the world's spam email – largely to advertise fake herbal pills. One of the most famous networks, Storm, has been in existence for at least two years and is used to conduct a variety of criminal activities. Experts dispute the size of Storm's network – with estimates varying from around 150,000 computers into the millions – but despite the fact that it is one of the most well-known examples of a botnet, its creators have never been found. Data and computer security Internet Computing guardian.co.uk © Guardian News & Media Limited 2009 | Use of this content is subject to our Terms & Conditions | More Feeds
More here:
Conficker worm explained: What is a botnet?
NAQ: How do I protect myself against the Conficker worm?
Millions of computers have fallen foul of the Conficker worm, but it's easy to stay clean if you know how Tomorrow is the day that Conficker - one of the most widespread computer worms in recent years - gears up towards its next stage. Athough it's estimated that vast numbers of Windows PCs have been infected , nobody is quite sure what to expect, even the experts . Although there is no need to be alarmed, you might be wondering how to check whether you're infected. In January, we gave some advice in the Ask Jack column on how to screen for and eliminate Conficker , but given that it has mutated again (the newest variant was only discovered earlier this month) it's worth revisiting the method for protecting yourself. First, check whether you are infected. Only Windows PC users should be concerned (people who use Macs or other operating systems are not vulnerable). The easiest way is to conduct a quick check is to try and visit pages from anti-virus companies Symantec and McAfee . If you can't get there, the chances are you've been infected: Conficker blocks access to some to keep you in the dark. Although anyone who downloaded Microsoft Security Update MS08-067 should be safe, it's worth checking anyway - Conficker can also spread by guessing your passwords or hiding on like USB sticks and iPods. If you are concerned that you've caught a case of Conficker, then you'll need to get hold of a removal tool to clean your machine.
Excerpt from:
NAQ: How do I protect myself against the Conficker worm?
NAQ: How do I protect myself against the Conficker worm?
Millions of computers have fallen foul of the Conficker worm, but it's easy to stay clean if you know how Tomorrow is the day that Conficker - one of the most widespread computer worms in recent years - gears up towards its next stage. Athough it's estimated that vast numbers of Windows PCs have been infected , nobody is quite sure what to expect, even the experts
Original post:
NAQ: How do I protect myself against the Conficker worm?
Conficker virus could be deadly threat – or April Fool’s joke
Virus that has infected 10m computers leaves experts baffled It could be the biggest April Fool's joke ever played on the internet, or it could be one of the worst days ever for computers connected to the network. Security experts can't work out whether the Conficker virus – which has infected more than 10m Windows PCs worldwide – will wreak havoc on Wednesday , or just let the day pass quietly. Experts have worked out that from midnight on 1 April, the Conficker program will start scanning thousands of websites for a new set of instructions telling it what to do next. The infected machines thus comprise one of the biggest "botnets" – a network of "robot" computers – in internet history. And if they were all given a target, such as simultaneously sending search queries to Google or trying to connect to a gambling site, they could knock it offline through the sheer volume of connections – a "denial of service". Victims usually discover that they have been locked out of their computers or have very slow-running internet connections. Botnets have been used in the past to generate millions of pieces of spam email and to blackmail gambling sites that need to stay online during sports events with the threat that they will be deluged by a "denial of service" attacks. Careful study of infected machines has revealed that from midnight on Wednesday they will seek new instructions from a randomly generated list of thousands of websites that changes every day. Just one needs to be under the virus writers' control to turn Conficker into a newly configured botnet – making the task of catching the exact site a search for a needle in a computing haystack. Experts admit that they have little idea of where Conficker might be headed next
Continued here:
Conficker virus could be deadly threat – or April Fool's joke
Council house swap scheme continued for three years despite warnings
Whitehall monitoring unit told ministers twice within a year of its launch that project to help tenants move was unacceptable Whitehall mandarins funded a failing multimillion-pound computer scheme for three years despite official warnings that the scheme was "unacceptable", documents released to the Guardian reveal. The homes and employment mobility service, designed to help thousands of council house tenants swap their homes with other tenants around the country, was backed by John Prescott when he was deputy prime minister. The scheme was to be linked to an internet jobs bank so that the tenants could see what jobs in other areas were available. But officials in a Treasury unit warned soon after it started that it was in danger of failing. The unit, the Office of Government Commerce, is responsible for scrutinising the progress of government computer projects to ensure that they are being run properly. The unit grades projects with a traffic light system, with good projects given green lights, and bad ones red warnings. The new documents reveal that Prescott's department, the Office of the Deputy Prime Minister, was sent a "double red" warning over the housing scheme in 2003. Projects in acute jeopardy are given two red warnings and told to take immediate action to save the project. Spending watchdogs branded two reds as "unacceptable". Peter Gershon, then chief executive of the Office of Government Commerce, wrote: "I am writing to draw your attention to the homes and employment mobility service which has now had two consecutive red [warnings]." He told Mavis McDonald, then permanent secretary in Prescott's department, that there was "an opportunity to satisfy herself that the project is taking all appropriate actions while there is still time to avoid failure and improve the likelihood of a successful outcome". Three months later, McDonald replied: "I have been fully briefed on the issues around [the project] and like most projects it is not without its risks." It had "problems", she added. She said the delayed project was being reviewed by her department's "centre of excellence". A year later, her department gave a seven-year, £11m contract to a firm, Scout Solutions Projects, to run the scheme. The project continued to falter and in 2006, Yvette Cooper, then housing minister, announced it was being axed. She blamed faulty software. According to the Department of Communities and Local Government the computer system was delivered a year late and "independent final testing ... discovered an unacceptable level of faults." Sir George Young, a former Conservative housing minister, criticised the "mismanagement", adding: "Tens of thousands of tenants were left in the lurch." The Department for Communities and Local Government rejected allegations that £11m had been misspent, saying that the contractor received £1m before the scheme was halted. Three other departments have been ordered to disclose that they had received "double red" warnings – the Driver and Vehicle Licensing Agency, the Inland Revenue and the Highways Agency. They said problems in their computer projects had been rectified so they were now working well.
More here:
Council house swap scheme continued for three years despite warnings
Council house swap scheme continued for three years despite warnings
Whitehall monitoring unit told ministers twice within a year of its launch that project to help tenants move was unacceptable Whitehall mandarins funded a failing multimillion-pound computer scheme for three years despite official warnings that the scheme was "unacceptable", documents released to the Guardian reveal. The homes and employment mobility service, designed to help thousands of council house tenants swap their homes with other tenants around the country, was backed by John Prescott when he was deputy prime minister. The scheme was to be linked to an internet jobs bank so that the tenants could see what jobs in other areas were available. But officials in a Treasury unit warned soon after it started that it was in danger of failing. The unit, the Office of Government Commerce, is responsible for scrutinising the progress of government computer projects to ensure that they are being run properly. The unit grades projects with a traffic light system, with good projects given green lights, and bad ones red warnings. The new documents reveal that Prescott's department, the Office of the Deputy Prime Minister, was sent a "double red" warning over the housing scheme in 2003. Projects in acute jeopardy are given two red warnings and told to take immediate action to save the project. Spending watchdogs branded two reds as "unacceptable". Peter Gershon, then chief executive of the Office of Government Commerce, wrote: "I am writing to draw your attention to the homes and employment mobility service which has now had two consecutive red [warnings]." He told Mavis McDonald, then permanent secretary in Prescott's department, that there was "an opportunity to satisfy herself that the project is taking all appropriate actions while there is still time to avoid failure and improve the likelihood of a successful outcome". Three months later, McDonald replied: "I have been fully briefed on the issues around [the project] and like most projects it is not without its risks." It had "problems", she added
Here is the original:
Council house swap scheme continued for three years despite warnings
NAQ: Is China stepping towards cyberwar
A cyberattack on Tibetan separatists has led to fingers being pointed at the Chinese government - but finding out who's responsible for such strikes is notoriously tricky You may have already seen the news that more than a thousand computers have been compromised, in what appears to be a well-directed attack against Tibetan exiles. We've covered it extensively , and it's got plenty of headlines. While the basic details are clear - and well illuminated by reports from researchers in Toronto, Illinois and Cambridge - plenty of questions remain unanswered. The most important revolve around the origins of the strike: where did it come from, and is the Chinese military actively sponsoring these hackers to steal about other nations and administrations? All this talk of silicon warfare is more than a little reminiscent of the Cold War - tales of hi-tech espionage, secrets being stolen, and brinkmanship by the spokesman of various national factions
Read the original here:
NAQ: Is China stepping towards cyberwar
China accused over global computer spy ring
• Dalai Lama and foreign ministries bugged • Cambridge researchers point finger at Beijing An enormous electronic espionage programme run from servers in China has been used to spy on computers in more than 100 countries, according to two reports published at the weekend. The reports, published by the universities of Cambridge and Toronto, detail a "murky realm" where cyber spooks infiltrate email, take over humble desktop computers and use them to spy on organisations, individuals and governments. The reports name the system GhostNet, and claim that it has been used to attack governments in south and south-east Asia as well as the offices of the Dalai Lama. In two years, the reports suggest, the operation infiltrated 1,295 computers in 103 countries. While one of the reports remains mute on the identity of the perpetrators, the other has no such qualms, warning that the Chinese government ran a series of cyber attacks on Tibetan exile groups. The Chinese foreign ministry could not be reached for comment. "What Chinese spooks did in 2008, Russian crooks will do in 2010 and even low-budget criminals from less developed countries will follow in due course," conclude the Cambridge authors of The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement. But the authors of Tracking GhostNet argue that things may not be as they seem in the world of electronic espionage. "We're a bit more careful about it, knowing the nuance of what happens in the subterranean realms," said Ronald Deibert from the University of Toronto. "This could well be the CIA or the Russians. It's a murky realm that we're lifting the lid on." The attacks were simple and direct. Infected emails bearing attachments or links to websites were sent to organisations including the private office of the Dalai Lama. Once opened, the virus allowed hackers to operate the host computer, including moving files and sending and receiving data. Their potential control was such that they could turn on an infected computer's camera and microphone, creating a surveillance bug
See original here:
China accused over global computer spy ring
Massive Chinese computer espionage network uncovered
A mystery electronic spy network apparently based in China has infiltrated hundreds of computers around the world and stolen files and documents, Canadian researchers have revealed. The network, dubbed GhostNet, appears to target embassies, media groups, NGOs, international organisations, government foreign ministries and the offices of the Dalai Lama, leader of the Tibetan exile movement. The researchers, based at Toronto University's Munk Centre for International Studies, said their discovery had profound implications. "This report serves as a wake-up call... these are major disruptive capabilities that the professional information security community, as well as policymakers, need to come to terms with rapidly," said researchers Ron Deibert and Rafal Rohozinski. After 10 months of study, the researchers concluded that GhostNet had invaded 1,295 computers in 103 countries, but it appeared to be most focused on countries in south Asia and south-east Asia, as well as the Dalai Lama's offices in India, Brussels, London and New York. The network continues to infiltrate dozens of new computers each week. Such a pattern, and the fact that the network seemed to be controlled from computers inside China, could suggest that GhostNet was set up or linked to Chinese government espionage agencies. However, the researchers were clear that they had not been able to identify who was behind the network, and said it could be run by private citizens in China or a different country altogether. A Chinese government spokesmen has denied any official involvement. GhostNet can invade a computer over the internet and penetrate and steal secret files. It can also turn on the cameras and microphones of an infected computer, effectively creating a bug that can monitor what is going inside the room where the computer is. Anyone could be watched and listened to. The researchers said they had been tipped off to the network after having been asked by officials with the Dalai Lama to examine their computers. The officials had been worried that their computers were being infected and monitored by outsiders.
Original post:
Massive Chinese computer espionage network uncovered
House of Commons network hit by Conficker computer worm
Parliamentary computers have been infected by the Conficker worm, like an estimated 10m PCs worldwide - and experts fear next week will see problems worsen The House of Commons internal computer network has been infected by the "Conficker" worm that has also infected millions of Windows PCs around the world, and has had to ban its users from attaching outside storage - such as USB "memory sticks" - in case it gets reinfected. The revelation is an embarrassment for the organisation running the network, which contains nearly 1,000 computers, because Microsoft issued a fix for the weakness that leaves PCs vulnerable in October - meaning that they have been lax in applying necessary security fixes. MessageLabs, owned by Symantec, is understood to be responsible for the antivirus and antispam filtering of communications with the network. A memo sent out in the House of Commons network on Tuesday night warned that "the Parliamentary network has been affected by a virus known as conficker. This virus affects users by slowing down the Network and by locking out some accounts." It instructs users to leave computers turned on - so that they can have the malware removed - and that unauthorised computers be removed from the network. Memory sticks, which can be used to transfer the worm accidentally between computer networks, have also been banned while the system is cleansed. None of MessageLabs, the Parliamentary Information Communications and Technology helpdesk or a spokeswoman nominated by PICT had responded to requests for comment when this story was filed.
Go here to read the rest:
House of Commons network hit by Conficker computer worm