McAfee’s latest security threat report (covering January to March, 2009), reveals that since January, over 12 million new IP addresses have been hi-jacked by cybercriminals, a 50% increase since 2008.

IP addresses are hijacked and their computers used as zombies within worldwide botnets. A zombie will then be used to send out spam email, infecting other machines which will in turn send out even more email, and so the process goes on, creating billions of spam emails which clog up the system.

The U.S. is home to the greatest percentage of botnet infected computers, accounting for nearly 20% of all zombie machines.

Cybercriminals are rushing to create new botnets after the shakedown of a major spam hosting ISP, McColo Corp, in November 2008 which cut spam levels by some 60%.

And the cybercriminals are quickly recovering the ground that they had lost, with spam volumes now about 70% of what they were before McColo was stopped.

Jeff Green, senior vice president of McAfee Avert Labs, said: “The massive expansion of these botnets provides cybercriminals with the infrastructure they need to flood the web with malware. Essentially, this is cybercrime enablement.”

The report came up with a number of other findings, including that the Koobface virus has made a resurgence. More than 800 new variants of the virus have been discovered in March 2009 alone.

Also, malware writers are increasingly using servers which host legitimate content to launch malicious and illegal content.

URL redirects are being used more often by cybercriminals and the use of web 2.0 sites are being used to hide their location.

Ironically, given the recent media fuss about Conficker, the report concludes that this worm, and all its variants, only accounted for some 10% of detections reported during the first quarter. But whether this means it was over-hyped, or hasn’t yet had the affect feared, remains to be seen.

Guest Article by Neil Camp

Conficker is coming alive.

The virus that threatened to cause chaos on April Fool’s Day and was eventually labelled by some as a prank, is having the last laugh as it becomes activated across a number of personal computers.

Conficker, also spelt Conflicker, and also known as Downadup, or Kido, is a particularly insidious form of worm which sits covertly on a computer and turns them into a zombie, part of a botnet. The zombie sits and awaits instructions, mostly opening the way for a piece of malware with a specific task. This might be a virus called Waledac, which sends out millions of spam emails from the computer’s mail box.

Accompanying the spam emails are false anti-spyware programmes which eventually renders the receiving computer open to attack. The receiving computer is then recruited into the botnet, in turn sending out more spam email. The receiving computer is also sitting there with its defences down, awaiting the virus to send back personal and financial details of its user back to the originator of the worm.

Computer security experts are worried because the worm appears very sophisticated and operates in a stealth mode, sitting on machines until activated. It’s feared that the Conficker has infiltrated thousands of computers, awaiting instructions. Experts also fear that there is a twist that no-one is aware of yet, as the Conficker has yet to show its true colours.

The Conficker and its botnets are thought to be controlled by cyber crime syndicates based in China, Eastern Europe, Latin America and Southeast Asia.

The worm is designed to exploit operating system weaknesses, with Windows being particularly vulnerable. It can by-pass many corporate firewalls as people swap files from one infected computer to a clean one, using a USB memory stick.

Computer users worldwide are being warned to be on their guard against the Conficker.

Guest Article by Neil Camp

The Conficker worm (or is it Conflicker, no-one seems quite sure), did not wreak the havoc expected of it on the first day of April and many are now saying that the whole thing was an elaborate hoax, or, at the very least, a media scare story.

But, for others, the panic was justified. The Conficker worm does exist and has already affected many millions of computers. And if anything, at least the scare provoked many people into getting protection for their computers.

And for those that think it was all over played, then lets just remind ourselves what the Conficker is capable of. It’s a very invidious piece of malware which can effectively sit on your computer and when activated, will allow another pieces of software to be loaded which will then take control of your computer. It starts by deactivating your security programme and prevents it from getting crucial updates.

It will then install programmes which do a number of nefarious things. It might track your bank balance, or once you pay online for something, it might send off your credit card details to a person who will then start using it themselves. And once on your computer, it will await instructions from its creator, who will update it via thousands of random web addresses. And for a lot of people, they won’t even realise that they have a problem, as the worm will sit there, biding its time before it can inflict maximum damage.

Let’s not kid ourselves, the Conficker is a true technological parasite.

Yet incredibly, recent reports show that in the U.S. for example, nearly 20% of business computers remain unprotected against viruses.

Microsoft have quickly offered updates and patches to help close the hole that the Conficker was exploiting, but what worries many is that the worm loves networked computers and once in, can quickly work its way to thousands of machines which are linked together. The major concern is that the Conficker could be sitting in the networks of many large corporations, waiting for a key moment to strike. Imagine if a major utility was seriously struck by such a worm, the results could be catastrophic.

So, lets not be complacent. The Conficker is not a media creation. The Conficker is a clever, parasitic worm which is out to rob you. So, if you panicked after all the media stories, then good, because if you ignore it, you might see the results as someone clears out your bank account, or enjoys a spending free on your credit card.

Always run a reputable anti-virus programme. Never surf, email, or network without protection. It’s that simple.

But don’t let the scare-mongers fool you into buying free, or cheap anti-virus programme from a company you do not know. This, for many industry experts, was the true intention behind the Conficker scare stories. Get people worried, then offer them bogus anti-virus software which does the same as the Conficker. Don’t be fooled by that one. Use companies you know and pay a decent whack for your security.

Don’t let the Conficker make a fool out of you.

Guest Article by Neil Camp

Cyber criminals are currently exploiting people’s fears about being infected by viruses.

And the media’s frenzied reporting about Conficker hasn’t helped either, with people panicking about being hit by the April Fool’s Day bug.

Microsoft have warned that the hackers latest ruse is to hide their malicious malware in bogus computer software programmes and then get people to download them. So whilst they think they are fully protected, the fake anti-virus is happily loading malware into their computer.

In the latest security intelligence report prepared by Microsoft, the General Manager of their Trustworthy Computing Group, George Stathakopoulos, said: “Rogue security software is the number one threat worldwide…If you think about the Conficker case, how many people went looking for a security solution and downloaded rogue malware? That means when users downloaded the software they probably gave away credit card numbers and got infected. That’s a double hit.”

This kind of scam security software is known as “scareware”. Worried users download a version, it spots a virus (which actually isn’t there), asks for a fee to clean the non-existent virus, collects the money and then pretends to guard the computer against future attacks, whilst in reality its collecting all the computer user’s personal information.

Microsoft reckon that nearly six million computers have been infected with these type of viruses and that there has been a near 70% rise in their use over a six month period.

And Microsoft believes there will be a massive rise in the use of scareware over the next few months, especially given the media’s coverage of the Conficker virus which makes computer user’s unsure of their levels of protection and open to bogus offers.

Microsoft has a $250,000 reward out there for information about who is behind the Conficker virus.

Guest Article by Neil Camp

Don’t like being made a fool of, so now I’m in a panic about my computer being infected with the latest wretched computer virus, the Conflicker.

It’s meant to hit on April Fool’s day and it is a particularly nasty little *****! The Conficker – odd name that, maybe some geek’s sense of humour – is anything but fun. It penetrates your computer, shuts down your security software and prevents updates reaching you. It then sits there, waiting for orders from the mother ship, and once activated, will allow its creator to download onto your computer a piece of malware that will happily syphon off your personal details, bank details and anything else it feels like using. In other words, it’s a right little so and so.

So, I’m sitting here in a panic, with anti-virus software running in the background like a demon, wondering how I can beat back the Barbarians from my gates.

Right, calm down, have just read that all is not lost. First, they point out that although around 12 million computers are infected, this particular Conficker variant is really an update, and is looking for previous versions already sitting on computers. So, if you’re currently clean, then you should be okay. If not, then oh dear, but I’m just going to run a quick test myself.

Okay, deep breath, I have to first check that I’m connected to the internet. Right, yes, I can get the Google page, thank goodness for that, good old Google. Next, find the Microsoft site, or the site supplying my anti-virus software. Right, lets go to Microsoft, afterall, the Conficker is designed to penetrate Windows-based operating systems, so lets start at the top. Right, onto the Microsoft website and yes, if I can run the Windows Update successfully, I’m not infected with Conficker.

Yes, it works, thank the Gods; I’m clean.

For those that can’t successfully run the Windows Update, or indeed, can’t update their security programme from the company’s website, then you may have the Conficker burrowed somewhere deep inside your computer.

If so, you’ve got problems. Contact your anti-virus software company, maybe by email, and ask what to do. Look on the Microsoft site and follow their instructions. If that doesn’t work, you could back-up your data, reinstall Windows and then go straight onto the Windows site and download the latest security patches.

And finally, pray, that Conficker doesn’t come knocking again.

Guest Article by Neil Camp