iPhone fans may remember some of Apple’s doom-and-gloom warnings about using jailbroken iPhones in order to install unapproved applications or use the devices on operators who were not Apple-approved iPhone partners. Something about security? Maybe personal details and data being at risk? Well, now it’s happened: the first worm for the iPhone has apparently emerged in Australia, and it does something potentially much more damaging than stealing banking information, nabbing your passwords, sniffing your email, or sending annying messages to your friends a hundred times a second. It sets your wallpaper to an image of 80s pop music star turned Internet meme Rick Astley.
Tag Archive: worm
Conficker Starts Waking Up
April 1 may have come and gone without hordes of Conficker-infected zombie computers rising up from the Internet to take over the world, but that doesn’t mean the worm has gone away.
On April 7, Conficker’s authors began seeding a new version of the worm, and—as with previous versions—the update packs in new features designed to get around security patches and techniques employed to stop the worm. The new variant on Conficker, loosely dubbed Conficker.E, is apparently spreading via peer-to-peer networks (according to Trend Micro) and—very curiously—comes with an expiration date: May 3, 2009. That’s right: the latest version of the Conficker worm comes with its own shut-off date, and no one is sure why.
Microsoft Offers $250,000 Worm Bounty
Microsoft has partnered with a broad range of computer several security and Internet governance organizations to offer a $250,000 bounty for information that leads to the arrest and conviction of the creator(s) of the Conficker/Downadup worm. The reward is available to residents of any country—at least so far as countries laws permit; Microsoft’s partners in the effort include ICANN, DNS developers, and leading computer security firms. Microsoft is categorizing the Conficker worm as a criminal attack, and sees the $250,000 bounty as a way to put more pressure on online fraudsters and cybercriminals.
Kido Worm A Dud?
With some nine million computers infected, the Kido worm (or Conflicker, or Downadup) has hit hard. However, although it’s spread widely, so far it hasn’t actually done anything.
According to AP, that’s led some researchers to think it might be a dud. F-Secure thinks it might simply offer alerts to fake infections then try to sell users antivirus software. However, F-Secure’s chief research officer, Nikko Hypponen warned:
"The gang behind this worm haven’t used it yet. But they could do anything they like with any of these machines at any time."
Windows Worm Hits Millions
The Conficker worm, also known as Downadup, or Kido, was discovered back in October. Microsoft released a patch for it, but it’s still gone on to infect millions computers, possibly as many as eight or nine million, the BBC reports. It spreads via low security networks, PCs that haven’t been updated, and even memory sticks.
Microsoft says the worm searches for a Windows executable file called "services.exe" and then becomes part of that code. From there, the worm copies itself into the Windows system folder, becoming a random dll file with a 5-8 character name. After that it modifies the Registry to run the infected dll file as a service.
Storm Worm Returns – With Love
The people behind the resurgence of the Storm worm are hoping you can feel the lurve. Yes, after some time away, the Storm worm, which first surfaced in January 2007, is back, according to security group the Sans Institute.
They say researcher DavidF has detected spam containing links to the Storm worm site. The mail entices people by the header “Crazy in love with you” and contains the message “Who is loving you? Do you want to know? Just click here and choose either ‘open’ or ‘run’.” The site wants users to click on “loveyou.exe,” which installs the Storm worm.
Trojan/Worm Hybrids On The Rise
It becomes less and less safe to dip a toe in the waters. Panda Security has said that hackers are now using a new generation of worm/Trojan hybrids thatare designed not only to spread from one computer to another like a worm, but also steal data like a Trojan. Luis Carrons, technical director of PandaLabs, told Vnunet, "The wormboom is caused by an increase in their capabilities. Until recently, most worms were solely designed to spread from one computer to another. Over the past few months, however, there has been anincrease in the number of worm strains capable of stealing data, making it increasingly difficult to classify malware specimens into one category or another." The company says worms wereresponsible for 17.6% of all malware infections last month, marking a rise from 15% in January. The Trojan infection rate remained steady at 23.7%. PandaLabs said that Downloader.MDW, aTrojan built to put other malware strains on the infected computer, was the most active malware, followed by Bagle.RC and the Lineage.GXD worm.
Worm Wriggles Into Skype for Windows
VoIP operator Skype is warning its Windows-based users of a new worm which spreads by sending links to users via the Skype application’s integrated chat feature. Users receive a message which appears to be from someone on their contact list, asking them to click a link. The messages are "cleverly written" to appear like typical chat messages, and appear to contain a link to a JPEG image. The link actually points to an executable file; if Windows-based users click the link (and give permission to save or run a .scr file) the user’s computer will be infected with the w32/Ramex.A worm. The worm uses Skype’s public API to access the user’s computer.
Storm Worm Threat Grows Rapidly
The Storm Worm bot appears to be threatening to become a major problem. It’s grown larger than anything similar in the last two years, and has built of botnet of around two millioncomputers. According to computer security company Secureworks, the last two months has seen a massive jump in the number of zombie computers on thebotnet. During the first five months of this year, they tracked 2,815 bots that launched attacks of the Storm Worm. In the last two months that figure has skyrocketed to 1.7 million. “It’s been building with exponential growth," said Joe Stewart, senior researcher for SecureWorks. “It’s one of the largest botnets I’ve ever heard of.” Another company,Postini, tracked a staggering 46.2 million malicious messages, over 99% of them from Storm Worm. First discovered on January 17 of this year, it infectedthousands of computers in the U.S. and Europe two days later, using an e-mail message that said “230 dead as storms batter Europe.” There were six waves of the initial attack, so that byJanuary 22 the Storm Worm accounted for 8% of all infections globally. The worm arrives as an e-mail attachment. When opened, it installs the wincom32 service, and injects a payload, passingon packets to destinations encoded within the malware itself. The infected machine becomes part of a botnet. However, it’s not controled centrally – the Storm Worm botnet is more like apeer-to-peer network with no central hub, making it harder to take down. The bots are set up to launch denial of service attacks, which scares researchers, since that many computers turned ona single organization could be catastrophic.
Worm Targets Skype VoIP Application
Remember back in the good old days when viruses floated around on floppy discs? Or, more recently, when your biggest threat of having a worm take over your computer was using Microsoft’s Internet Explorer or Outlook email program, knowing that even if you dutifully downloaded the latest updates, you could never quite be sure you were safe? Well, malware writers have been expanding their horizons, and any software application with a large user base is sure to be a target. Case and point, VoIP application Skype and its more than 170 million users.
