“The e-mail claims that you have a new message in Microsoft Outlook, but you need to reconfigure your settings (by clicking on the helpful link) in order to read it. Of course, the e-mail is bogus and you’re actually in danger of handing over details of your email settings to internet hackers,” Graham Cluley, Sophos security expert, wrote in his blog.

“There has been a dramatic increase in virus activity during the past few weeks. One of the more recent e-mail campaigns claimed to be from Microsoft Outlook,” Fred Touchette, AppRiver senior security analyst, wrote in an e-mail to InternetNews.com.

The volume of spam used by the malware campaign is impressive. Touchette warned that AppRiver had blocked over one million spam messages from this campaign alone during the campaign’s first 12 hours. AppRiver has slightly more than 35,000 customers worldwide.

Source: InternetNews

Security experts say that the new Conficker variant, which has infected at least 12 million users around the globe since its creation in October, will contain a new update mechanism that will allow it to communicate with its command and control centers to upload new marching orders and launch attacks at will.

Part of the new update will include a refreshed ability to dodge scrutiny from the security community, which has thus far been able to intercept communication between the worm and its domains. After April 1, however, the new Conficker variant will contain code that will prevent the security community from blocking updates.

“The Internet as we know it will still exist,” said Paul Henry, security and forensic analyst for Lumension Security. “But what (the security community has) been doing will no longer work after April 1. There’s great concern in the security community because they’re no longer able to block the command and control communication of this botnet.”

Like other renowned worms, Conficker relies on numerous attack vectors to self-replicate and spread, using such techniques as brute force password guessing to propagate throughout a network.

The latest and most sophisticated variant — Version C — of the Conficker worm, was renowned for infecting copious networks via peer-to-peer networks and USB drives. It also added numerous defensive measures designed to evade detection and removal by disabling Windows Automatic Updates and Windows Security Center. In addition, version C had the ability to block access to several security vendors’ Web sites while rendering numerous antivirus products useless.

Source: CRN.com

Also, while infected PCs could be used for a variety of criminal purposes — from relaying spam to hosting scam Web sites — there are signs that this whole mess may be an attempt to further spread so-called “scareware,” which uses fake security alerts to frighten consumers into purchasing bogus computer security software.

The worm, called “Downadup” and “Conficker” by different anti-virus companies, attacks a security hole in a networking component found in most Windows systems. According to estimates from Finnish anti-virus maker F-Secure Corp., the worm has infected between 2.4 million and 8.9 million computers during the last four days alone.

If accurate, those are fairly staggering numbers for a worm that first surfaced in late November. Microsoft issued an emergency patch to fix the flaw back in October, but many systems likely remain dangerously exposed.

Source: Washington Post

Code-named “Morro,” this streamlined solution will be available in the second half of 2009 and will provide comprehensive protection from malware including viruses, spyware, rootkits and trojans. This new solution, to be offered at no charge to consumers, will be architected for a smaller footprint that will use fewer computing resources, making it ideal for low-bandwidth scenarios or less powerful PCs. As part of Microsoft’s move to focus on this simplified offering, the company also announced today that it will discontinue retail sales of its Windows Live OneCare subscription service effective June 30, 2009.

“Customers around the world have told us that they need comprehensive, ongoing protection from new and existing threats, and we take that concern seriously,” said Amy Barzdukas, senior director of product management for the Online Services and Windows Division at Microsoft. “This new, no-cost offering will give us the ability to protect an even greater number of consumers, especially in markets where the growth of new PC purchases is outpaced only by the growth of malware.”

Source: Microsoft Press Pass

In hopes of getting more consumers protected, this week, Microsoft announced that it will offer a new security solution to consumers at no cost beginning in the second half of calendar year 2009. This new offering will focus on getting the majority of consumers the essential protection they need by providing comprehensive, real-time anti-malware protection, covering such threats as viruses, spyware, rootkits, trojans, and other emerging threats, in a single, focused solution.

In order for us to focus on delivering this new security solution to millions of customers around the world, we have decided to phase out Windows Live OneCare and will discontinue retail sales of Windows Live OneCare subscription service beginning June 30, 2009.

A free solution is in the making and will feature all kinds of protection for free for consumers possibly replacing the need for an expensive piece of anti-virus protection software. Microsoft will support it’s current clientbase as long as their subscription is valid. All retail stops in the summer of 2009. For more faq and information on this topic, see the source.

Source: windowsonecare.spaces.live.com

Online space news site SpaceRef.com uncovered the news on Monday, reporting the virus was the W32.Gammima.AG worm, which has been designed to steal login and password information from online gamers and send the information to a remote location.

The infected computer was not used for mission critical purposes, with NASA stating the laptops were used to store nutritional experiment data and for astronauts to compose e-mails.

It’s not common for the computers and laptops aboard the ISS to get infected, but it has happened before in the past, though NASA did not mention when or how often similar occurrences may have happened.

The ISS has at least 30 PCs and a handful of laptops for use by astronauts to use in their experiments.

News source: Dailytech

Security researchers have developed a new type of malicious rootkit software that hides itself in an obscure part of a computer’s microprocessor, hidden from current antivirus products.

Called an SSM (System Management Mode) rootkit, the software runs in a protected part of a computer’s memory that can be locked and rendered invisible to the operating system but which can give attackers a picture of what’s happening in a computer’s memory.

The SMM rootkit comes with keylogging and communications software and could be used to steal sensitive information from a victim’s computer. It was built by Shawn Embleton and Sherri Sparks, who run an Oviedo, Florida, security company called Clear Hat Consulting.
The proof-of-concept software will be demonstrated publicly for the first time at the Black Hat security conference in Las Vegas this August.

The rootkits used by cyber crooks today are sneaky programs designed to cover up their tracks while they run in order to avoid detection. Rootkits hit the mainstream in late 2005 when Sony BMG Music used rootkit techniques to hide its copy protection software. The music company was ultimately forced to recall millions of CDs amid the ensuing scandal.

In recent years, however, researchers have been looking at ways to run rootkits outside of the operating system, where they are much harder to detect. For example, two years ago researcher Joanna Rutkowska introduced a rootkit called Blue Pill, which used AMD’s chip-level virtualization technology to hide itself. She said the technology could eventually be used to create “100 percent undetectable malware.”

Source: InfoWorld

According to an analyst form Computer Associates, the trojan, called Mocmex, is able to block more than 100 types of security and anti-virus software from killing it, and bypasses the Windows firewall to download files from remote locations, spreading them randomly over your hard drive and any portable storage device you plug into your PC — like, for example, a digital photo frame.

The trojan is apparently set to only steal gaming passwords at present, but CA says it’s capable of stealing nearly any information on your machine, and thinks it might be a test for a much worse virus yet to come. Infected frames have come from Sam’s Club, Target and Costco, in addition to Best Buy, so we’d say to avoid picking one up until this mess gets sorted out — or, you know, forever.

Read the full story at engadget

The 10.4″ Digital Picture frame model NS-DPF10A has been discontinued and recalled as a result of a large number of units being contaminated with a virus.

A customer in Best Buy’s product review section posted what his anti-virus software found in the frame’s memory. These four malicious files were included with an autorun file to execute them:

• RavMon.exe: Trojan.Agent-1914 FOUND
• copy.exe: Trojan.Small-4214 FOUND
• host.exe: Trojan.Dropper-829 FOUND
• tel.xls.exe: Worm.Runouce.b FOUND

Best Buy has said that since these viruses are not new, any computer connected to the frame with up-to-date antivirus software will automatically remove the malware. Only Windows systems are at risk for infection from this product. Furthermore, cameras, USB flash drives, and memory cards reportedly can not be infected by the virus either.

Insignia customer care is currently offering customers one-on-one support to make sure that they can “access the solution that best meets their needs.” Support can be reached at 1-877-467-4289.

News source: BetaNews

A new Trojan program is targeting unwitting users’ bank data by intercepting account information before it is encrypted and sending it to an attacker’s central database.

The Trojan, dubbed Trojan.Silentbanker by security software company Symantec, can intercept online banking transactions that normally are well guarded by two-factor authentication procedures.

During a banking transaction, Silentbanker will change the user’s bank account details over to the attacker’s account, all the while mimicking what the user would expect to see from a typical banking transaction. Because users have no idea their account data has been changed, they then unknowingly send money to the attacker’s account after entering their second authentication password.

Full story at ComputerWorld.