[As ever, this is on the BBC News website for your delectation and delight]
The Conficker worm will be active again on April 1st, according to an analysis of its most recent variant, Conficker.C, by the net security firm CA.
This malicious piece of software, also known as Downup, Downadup and Kido, spreads among computers running most variants of the Windows operating system and turns them into nodes on a multi-million member ‘botnet’ of zombie computers that can be controlled remotely by the worm’s as yet unidentified authors.
Since it first appeared last October it has apparently infected over fifteen million computers around the internet, though even that number is no more than an educated guess because the worm works very hard to disguise its presence on a PC.
Conficker spreads through a security vulnerability in the Windows Server Service that allows a carefully written program to persuade the attacked computer to run malicious code instead of the Microsoft-written software.
Continue reading “Worming our way out of trouble”
Here’s what I tagged on del.icio.us between July 9th and July 10th:
Here’s what I tagged on del.icio.us between July 5th and July 7th:
[As ever, this is also on the BBC website, edited to take out the Yeats…]
Sometime in October a malicious program exploited a security flaw in the WordPress software I use to host my weblog and injected some extra commands into one of the widgets I use to add features to the site.
They opened up a connection between the blog and a site that tried to download a malicious piece of software to any site visitor unfortunate enough to be using Microsoft’s Internet Explorer.
Anyone who visited my site would have been prompted to install a clearly unwanted piece of software, although as far as I know nobody was affected. However I can’t be sure and hope that I didn’t unwittingly cause damage to anyone else’s computer.
Continue reading “Tread softly, because you tread on our websites”
It seems that sometime last week my blog was hacked and a discreet little <iframe> linking to a malware hosting site was added to the 30boxes widget you can see on the right. It wasn’t 30boxes fault – the widget code hadn’t changed, so I assume that something managed to inject the relevant line of code into my database by exploiting a flaw in WordPress.
I’ve just upgraded to WordPress 2.3 and have checked what I can, but am still investigating as I’d like to know what the hole was so I can be sure it is patched. And I apologise to anyone who got a nasty alert message when they visited when using IE.
Special thanks go to John Warlow, who was trying to figure out how to fix the RSS feed coming from the del.icio.us entries (something that bugs me too!) and took the time to email me about the site’s attempt to download VBS.Phelp onto his PC. And no thanks to Google/Stopbadware who flagged the site as infected but didn’t bother to tell me they had done so, or offer any indication as to what the problem actually might have been.