Conficker, also known as Downup, Downandup, Conflicker, and Kido, is a computer worm that surfaced November 21st, 2008 with Conficker.A
It targets the Microsoft Windows operating system. The worm exploits a known vulnerability (MS08-067) in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, and Windows 7 Beta.

When executed on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting.

It receives further instructions by connecting to a server or peer and receiving a binary update. The instructions it receives may include to propagate, gather personal information and to download and install additional malware onto the victim's computer. The worm also attaches itself to certain Windows processes such as svchost.exe, explorer.exe and services.exe.

I don't know of ANY 1USA customer getting infected. 
Advice and removal instructions for people who use AOL, MSN, Verizon, Comcast and other ISP services are here.

The PBS.org website says it has fixed a security problem that allowed
attackers to compromise the website for the Curious George television
show and possibly serve malware to site visitors.  The site popped up a
phony authentication page; when the login failed, an error page
containing malicious JavaScript was served.  The attack targeted
vulnerabilities in Adobe Acrobat Reader, Apple QuickTime and others.

To protect your computer from threats like this, use SafeSpace.

Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a vulnerable system.

For more information, refer to:
http://secunia.com/advisories/36671/

 --

Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/36677/

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA35948] Adobe Flash Player Multiple Vulnerabilities
2.  [SA35853] Sun Java JDK / JRE Multiple Vulnerabilities
3.  [SA24314] Internet Explorer Charset Inheritance Cross-Site
              Scripting Vulnerability
4.  [SA35949] Adobe Reader/Acrobat SWF Content Arbitrary Code Execution
5.  [SA36159] Sun Java JDK / JRE Multiple Vulnerabilities
6.  [SA36001] Mozilla Firefox Multiple Vulnerabilities
7.  [SA28713] Facebook Photo Uploader ActiveX Control Property Handling
              Buffer Overflow
8.  [SA36229] Microsoft Remote Desktop Connection Two Vulnerabilities
9.  [SA24900] Akamai Download Manager ActiveX Control Buffer Overflow
              Vulnerabilities
10. [SA36187] Microsoft Windows Various Components ATL Vulnerabilities

========================================================================
4) This Week in Numbers

During the past week 73 Secunia Advisories have been released. All
Secunia customers have received immediate notification on the alerts
that affect their business.

This weeks Secunia Advisories had the following spread across platforms
and criticality ratings:

Platforms:
  Windows             :     11 Secunia Advisories
  Unix/Linux          :     39 Secunia Advisories
  Other               :      2 Secunia Advisories
  Cross platform      :     21 Secunia Advisories

Criticality Ratings:
  Extremely Critical  :      0 Secunia Advisories
  Highly Critical     :     20 Secunia Advisories
  Moderately Critical :     22 Secunia Advisories
  Less Critical       :     24 Secunia Advisories
  Not Critical        :      7 Secunia Advisories

========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Subscribe:
http://secunia.com/advisories/weekly_summary/

Contact details:
Web : http://secunia.com/
E-mail : support@secunia.com

After a blackhat SEO attack, cybercriminals are again using the terrifying catastrophe of Air France Flight 447 or about China-made C919 Jumbo Jets competing with Airbus and Boeing for malicious intent. This time, spam messages are sent with an attached PowerPoint presentation, which is specially crafted to exploit a vulnerability in Microsoft Powerpoint.

Story Details at TrendMicro.Com

Keep up on the latest hoaxes that are really dangerous - because they carry along file attachments that try to hack into your computer.

List of current Hoaxes is on TrendMicro.Com

Rogue security programs are on the rise and you really need to be cautious about whose software scans your computer.
There is rogue software out there that lures users everyday.  People who say "I don't know anything about computers" are usually the ones who are most likely to fall prey.

Unbeknownst to them, the "supposed" solution is actually malware itself -- offering little or no real protection, and is often designed to steal personal information.

"PersonalAntivirus" - "Windows Antivirus 2009" and similar names is a rogue anti-spyware application that claims to scan for and remove spyware from users' computers.  It may be downloaded or installed through exploits or under dubious circumstances without user consent. It hijacks the user's desktop and typically displays exaggerated or false claims of spyware found to frighten the user into paying for the program. If a window pops up saying you have a virus or software and it is not your own anti-malware  -- do not run it!!!

1. Trojan-Spy.Win32.Zbot.gen - Trojan

2. Trojan-Downloader.Zlob.Media-Codec - Trojan Downloader

3. Exploit.PDF-JS.Gen (v) - Exploit

4. Trojan.1 - Trojan

5. Trojan.DNSChanger.Gen - Trojan

6. Favorit Network - Adware (General)

7. PersonalAntivirus - Rogue Security Program

8. INF.Autorun (v) - Trojan

9. Trojan.StartPage.HMH - Trojan

10. Virtumonde - Adware (General)

Stay on top of all the real-time threats at Malware Research Labs:

A vulnerability in Winamp has been discovered, which can be exploited by malicious people to potentially compromise a user's system.
For more information, refer to:
http://secunia.com/advisories/35126/

To check your computer for vulnerabilities install the Personal Security Inspector at http://psi.secunia.com - it's free.
Remember to go into the Advanced screen and turn off the Monitoring service when you're done, otherwise it will monitor changes on the computer and will bog down the computer.

1USA.Com
"Our ISP service is better than yours."

added April 27, 2009 at 03:04 pm | updated April 28, 2009 at 04:42 pm
US-CERT is aware of public reports of email scams circulating related to the Swine Flu. The attacks arrive via an unsolicited email message typically containing a subject line related to the Swine Flu. These email messages may contain a link or an attachment. If users click on this link or open the attachment, they may be directed to a phishing website or exposed to malicious code.

US-CERT encourages users to take the following measures to protect themselves:
 

• Do not follow unsolicited web links or attachments in email messages.
• Maintain up-to-date antivirus software.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

UPDATE: Due to these potential phishing attacks and email scams, US-CERT encourages users to visit the Center for Disease Control (CDC) website for trusted information regarding the Swine Flu.

(April 22 & 23, 2009)
The US House Committee on Oversight and Government Reform has sent letters to Attorney General Eric Holder and Federal Trade Commission (FTC) chairman Jon Leibowitz asking what the Justice Department and the FTC have done to prevent illegal use of peer-to-peer (P2P) filesharing
applications.  Specifically, the committee is concerned about the applications being used to steal financial account information, health data and other sensitive information.  Security experts would like to see the committee focus on encouraging agencies to prevent workers from downloading P2P applications.  In a separate story, the same House committee is seeking a cyber security briefing following allegations that cyber intruders stole information about the Joint Strike Fighter.
http://www.washingtonpost.com/wp-dyn/content/article/2009/04/21/AR2009042103508_pf.html
http://www.nextgov.com/nextgov/ng_20090423_8694.php
http://fcw.com/Articles/2009/04/22/Web-cyber-security-briefing.aspx

[Editor's Note: While technical means for controlling P2P use exist, they're certainly not foolproof. From my perspective, nothing works better than making the installation of an unapproved application a fireable offense AND monitoring your networks and following through
on the threat.]

Please take the time to update as soon as possible.
http://www.adobe.com/go/getflash

And you thought that the people with brains work for the government...
http://www.pcworld.com/printable/article/id,157895/printable.html

First, I noticed that Adobe's brand of .PDF viewer software chews up 64 MB of space... and FoxIT's brand of .PDF viewer uses less than 3 MB...
so I asked myself "Why does Adobe's software need so much - just to see .PDF files?"

Well, here is a new hack on the street this week attacking the Adobe viewer's ability to run JavaScript (programming language) inside a .PDF file.

To turn OFF the ability to run Javascript when viewing .PDF files, open Adobe, then goto Edit > Preferences > JavaScript ... then uncheck the box that says "Enable Acrobat JavaScript".

Otherwise, if you'd rather switch to the leaner & faster (and Free) FoxIT brand of .PDF viewer software, the link is here.
(Choose the free version on the left.  I've been using it forever...)

Read the full story about the security issue here.

Details and how to remove the Conflicker worm.  Story at NetworkWorld.Com

NOTE THAT 1USA CUSTOMERS ARE PROTECTED FROM RECEIVING THESE VIRUS IN THEIR EMAIL IN-BOX.
CONTACT 1USA.COM TO GET YOUR OWN @1USA.COM EMAIL ADDRESS.

Three worms, Iksmas.A, Autorun.ARK and IRCBot.CIG

Iksmas.A  is a malicious code that spreads via email. In the message,
which was initially sent a few days before Barack Obama took office as
president of the United States, it claims that Obama had decided to
decline to become president. The email includes a link pointing to a
spoof Web page with the headline of the corresponding story. Users that
try to read the story will be asked to download a plug-in in order to
view it. If they accept, they will really be allowing the worm to enter
their computers. You can see an image of the Web page here:
http://www.flickr.com/photos/panda_security/3209435502/

Once the computer is infected, Iksmas.A looks for email addresses on the
system and uploads a file with the stolen information to a certain
address. It then sends copies of itself to these addresses, thereby
continuing the cycle.

Autorun.ARK is a downloader worm designed to download two backdoor
Trojans -detected as Bck/YahooMess.B and Bck/Poison.F. It also creates a
Windows Registry entry to ensure it is run on every system startup.

IRCBot.CIG is a worm that uses the MS08-067 vulnerability in Microsoft
Windows Server service in order to spread. Once it has infected a
computer, it gathers information about the system and sends it to its
creator via a Web page.

By modifying the Windows Registry it disables the task manager, firewall
notifications and the Windows antivirus. It also makes a modification so
that whenever the user tries to open Explorer, malware is run.

Interestingly, this worm exploits the same vulnerability as Conficker,
which continues to spread and has now affected 6% of computers scanned
by Panda Security worldwide
(http://www.pandasecurity.com/spain/homeusers/media/press-releases/viewn
ews?noticia=9524)

You can find more information about the dangerous Conficker worm and how
to remove it here:
http://www.pandasecurity.com/spain/homeusers/security-info/about-malware
/encyclopedia/overview.aspx?idvirus=204292

"Cases such as Conficker demonstrate how important it is to keep
computers up-to-date in order to prevent infections", explains Luis
Corrons, Technical Director of PandaLabs. "There is no point in a user
scanning a system with an antivirus and removing the malware if the
computer is not kept up-to-date, as the infection will simply return on
visiting certain Web pages".

For more information about these and other malware threats, go to:
http://www.pandasecurity.com/homeusers/security-info/latest-threats/?sit
epanda=particulares
 

Some people have not installed WindowsUpdates yet from October 2008
Remember that inserting a floppy drive, USB memory stick etc into a computer in an office could potentially infect the whole office network if there is a hidden virus on the removable media.

Full story:  http://www.eweek.com/index2.php?option=content&do_pdf=1&id=51251

It's OK to be inquisitive - if you stay on the main websites.  Even visiting 'unknown' websites can infect your computer.
Full story:  http://www.eweek.com/index2.php?option=content&do_pdf=1&id=51272

Conficker, also known as Downup, Downandup, Conflicker, and Kido, is a computer worm that surfaced November 21st, 2008 with Conficker.A
It targets the Microsoft Windows operating system. The worm exploits a known vulnerability (MS08-067) in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, and Windows 7 Beta.

When executed on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting.

It receives further instructions by connecting to a server or peer and receiving a binary update. The instructions it receives may include to propagate, gather personal information and to download and install additional malware onto the victim's computer. The worm also attaches itself to certain Windows processes such as svchost.exe, explorer.exe and services.exe.

I don't know of ANY 1USA customer getting infected. 
Advice and removal instructions for people who use AOL, MSN, Verizon, Comcast and other ISP services are here.

The PBS.org website says it has fixed a security problem that allowed
attackers to compromise the website for the Curious George television
show and possibly serve malware to site visitors.  The site popped up a
phony authentication page; when the login failed, an error page
containing malicious JavaScript was served.  The attack targeted
vulnerabilities in Adobe Acrobat Reader, Apple QuickTime and others.

To protect your computer from threats like this, use SafeSpace.

Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a vulnerable system.

For more information, refer to:
http://secunia.com/advisories/36671/

 --

Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/36677/

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA35948] Adobe Flash Player Multiple Vulnerabilities
2.  [SA35853] Sun Java JDK / JRE Multiple Vulnerabilities
3.  [SA24314] Internet Explorer Charset Inheritance Cross-Site
              Scripting Vulnerability
4.  [SA35949] Adobe Reader/Acrobat SWF Content Arbitrary Code Execution
5.  [SA36159] Sun Java JDK / JRE Multiple Vulnerabilities
6.  [SA36001] Mozilla Firefox Multiple Vulnerabilities
7.  [SA28713] Facebook Photo Uploader ActiveX Control Property Handling
              Buffer Overflow
8.  [SA36229] Microsoft Remote Desktop Connection Two Vulnerabilities
9.  [SA24900] Akamai Download Manager ActiveX Control Buffer Overflow
              Vulnerabilities
10. [SA36187] Microsoft Windows Various Components ATL Vulnerabilities

========================================================================
4) This Week in Numbers

During the past week 73 Secunia Advisories have been released. All
Secunia customers have received immediate notification on the alerts
that affect their business.

This weeks Secunia Advisories had the following spread across platforms
and criticality ratings:

Platforms:
  Windows             :     11 Secunia Advisories
  Unix/Linux          :     39 Secunia Advisories
  Other               :      2 Secunia Advisories
  Cross platform      :     21 Secunia Advisories

Criticality Ratings:
  Extremely Critical  :      0 Secunia Advisories
  Highly Critical     :     20 Secunia Advisories
  Moderately Critical :     22 Secunia Advisories
  Less Critical       :     24 Secunia Advisories
  Not Critical        :      7 Secunia Advisories

========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Subscribe:
http://secunia.com/advisories/weekly_summary/

Contact details:
Web : http://secunia.com/
E-mail : support@secunia.com

After a blackhat SEO attack, cybercriminals are again using the terrifying catastrophe of Air France Flight 447 or about China-made C919 Jumbo Jets competing with Airbus and Boeing for malicious intent. This time, spam messages are sent with an attached PowerPoint presentation, which is specially crafted to exploit a vulnerability in Microsoft Powerpoint.

Story Details at TrendMicro.Com

Keep up on the latest hoaxes that are really dangerous - because they carry along file attachments that try to hack into your computer.

List of current Hoaxes is on TrendMicro.Com

Rogue security programs are on the rise and you really need to be cautious about whose software scans your computer.
There is rogue software out there that lures users everyday.  People who say "I don't know anything about computers" are usually the ones who are most likely to fall prey.

Unbeknownst to them, the "supposed" solution is actually malware itself -- offering little or no real protection, and is often designed to steal personal information.

"PersonalAntivirus" - "Windows Antivirus 2009" and similar names is a rogue anti-spyware application that claims to scan for and remove spyware from users' computers.  It may be downloaded or installed through exploits or under dubious circumstances without user consent. It hijacks the user's desktop and typically displays exaggerated or false claims of spyware found to frighten the user into paying for the program. If a window pops up saying you have a virus or software and it is not your own anti-malware  -- do not run it!!!

1. Trojan-Spy.Win32.Zbot.gen - Trojan

2. Trojan-Downloader.Zlob.Media-Codec - Trojan Downloader

3. Exploit.PDF-JS.Gen (v) - Exploit

4. Trojan.1 - Trojan

5. Trojan.DNSChanger.Gen - Trojan

6. Favorit Network - Adware (General)

7. PersonalAntivirus - Rogue Security Program

8. INF.Autorun (v) - Trojan

9. Trojan.StartPage.HMH - Trojan

10. Virtumonde - Adware (General)

Stay on top of all the real-time threats at Malware Research Labs:

A vulnerability in Winamp has been discovered, which can be exploited by malicious people to potentially compromise a user's system.
For more information, refer to:
http://secunia.com/advisories/35126/

To check your computer for vulnerabilities install the Personal Security Inspector at http://psi.secunia.com - it's free.
Remember to go into the Advanced screen and turn off the Monitoring service when you're done, otherwise it will monitor changes on the computer and will bog down the computer.

1USA.Com
"Our ISP service is better than yours."

added April 27, 2009 at 03:04 pm | updated April 28, 2009 at 04:42 pm
US-CERT is aware of public reports of email scams circulating related to the Swine Flu. The attacks arrive via an unsolicited email message typically containing a subject line related to the Swine Flu. These email messages may contain a link or an attachment. If users click on this link or open the attachment, they may be directed to a phishing website or exposed to malicious code.

US-CERT encourages users to take the following measures to protect themselves:
 

• Do not follow unsolicited web links or attachments in email messages.
• Maintain up-to-date antivirus software.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

UPDATE: Due to these potential phishing attacks and email scams, US-CERT encourages users to visit the Center for Disease Control (CDC) website for trusted information regarding the Swine Flu.

(April 22 & 23, 2009)
The US House Committee on Oversight and Government Reform has sent letters to Attorney General Eric Holder and Federal Trade Commission (FTC) chairman Jon Leibowitz asking what the Justice Department and the FTC have done to prevent illegal use of peer-to-peer (P2P) filesharing
applications.  Specifically, the committee is concerned about the applications being used to steal financial account information, health data and other sensitive information.  Security experts would like to see the committee focus on encouraging agencies to prevent workers from downloading P2P applications.  In a separate story, the same House committee is seeking a cyber security briefing following allegations that cyber intruders stole information about the Joint Strike Fighter.
http://www.washingtonpost.com/wp-dyn/content/article/2009/04/21/AR2009042103508_pf.html
http://www.nextgov.com/nextgov/ng_20090423_8694.php
http://fcw.com/Articles/2009/04/22/Web-cyber-security-briefing.aspx

[Editor's Note: While technical means for controlling P2P use exist, they're certainly not foolproof. From my perspective, nothing works better than making the installation of an unapproved application a fireable offense AND monitoring your networks and following through
on the threat.]

Please take the time to update as soon as possible.
http://www.adobe.com/go/getflash

And you thought that the people with brains work for the government...
http://www.pcworld.com/printable/article/id,157895/printable.html

First, I noticed that Adobe's brand of .PDF viewer software chews up 64 MB of space... and FoxIT's brand of .PDF viewer uses less than 3 MB...
so I asked myself "Why does Adobe's software need so much - just to see .PDF files?"

Well, here is a new hack on the street this week attacking the Adobe viewer's ability to run JavaScript (programming language) inside a .PDF file.

To turn OFF the ability to run Javascript when viewing .PDF files, open Adobe, then goto Edit > Preferences > JavaScript ... then uncheck the box that says "Enable Acrobat JavaScript".

Otherwise, if you'd rather switch to the leaner & faster (and Free) FoxIT brand of .PDF viewer software, the link is here.
(Choose the free version on the left.  I've been using it forever...)

Read the full story about the security issue here.

Details and how to remove the Conflicker worm.  Story at NetworkWorld.Com

NOTE THAT 1USA CUSTOMERS ARE PROTECTED FROM RECEIVING THESE VIRUS IN THEIR EMAIL IN-BOX.
CONTACT 1USA.COM TO GET YOUR OWN @1USA.COM EMAIL ADDRESS.

Three worms, Iksmas.A, Autorun.ARK and IRCBot.CIG

Iksmas.A  is a malicious code that spreads via email. In the message,
which was initially sent a few days before Barack Obama took office as
president of the United States, it claims that Obama had decided to
decline to become president. The email includes a link pointing to a
spoof Web page with the headline of the corresponding story. Users that
try to read the story will be asked to download a plug-in in order to
view it. If they accept, they will really be allowing the worm to enter
their computers. You can see an image of the Web page here:
http://www.flickr.com/photos/panda_security/3209435502/

Once the computer is infected, Iksmas.A looks for email addresses on the
system and uploads a file with the stolen information to a certain
address. It then sends copies of itself to these addresses, thereby
continuing the cycle.

Autorun.ARK is a downloader worm designed to download two backdoor
Trojans -detected as Bck/YahooMess.B and Bck/Poison.F. It also creates a
Windows Registry entry to ensure it is run on every system startup.

IRCBot.CIG is a worm that uses the MS08-067 vulnerability in Microsoft
Windows Server service in order to spread. Once it has infected a
computer, it gathers information about the system and sends it to its
creator via a Web page.

By modifying the Windows Registry it disables the task manager, firewall
notifications and the Windows antivirus. It also makes a modification so
that whenever the user tries to open Explorer, malware is run.

Interestingly, this worm exploits the same vulnerability as Conficker,
which continues to spread and has now affected 6% of computers scanned
by Panda Security worldwide
(http://www.pandasecurity.com/spain/homeusers/media/press-releases/viewn
ews?noticia=9524)

You can find more information about the dangerous Conficker worm and how
to remove it here:
http://www.pandasecurity.com/spain/homeusers/security-info/about-malware
/encyclopedia/overview.aspx?idvirus=204292

"Cases such as Conficker demonstrate how important it is to keep
computers up-to-date in order to prevent infections", explains Luis
Corrons, Technical Director of PandaLabs. "There is no point in a user
scanning a system with an antivirus and removing the malware if the
computer is not kept up-to-date, as the infection will simply return on
visiting certain Web pages".

For more information about these and other malware threats, go to:
http://www.pandasecurity.com/homeusers/security-info/latest-threats/?sit
epanda=particulares
 

Some people have not installed WindowsUpdates yet from October 2008
Remember that inserting a floppy drive, USB memory stick etc into a computer in an office could potentially infect the whole office network if there is a hidden virus on the removable media.

Full story:  http://www.eweek.com/index2.php?option=content&do_pdf=1&id=51251

It's OK to be inquisitive - if you stay on the main websites.  Even visiting 'unknown' websites can infect your computer.
Full story:  http://www.eweek.com/index2.php?option=content&do_pdf=1&id=51272