Mutating viruses are nothing new, they are used to infect machines in a way that can’t be stopped by traditional anti-virus software. The problem comes in with a new report from Softwin, the Romania based anti-virus software company that makes BitDefender, that says they have found multiple instances of computers being infected by worms that have previously been infected by a virus. They consider it a new “Frankenstein piece of malware” that has the potential to cause a lot of damage.

For those who perhaps don’t know a lot of viruses and worms, a worm is usually an executable file while a virus infects executables. The inevitable problem arises when a virus infects the executable that a worm resides in.

Fortunately, the researchers at BitDefender have no evidence at this point that the new super virus is any worse than a traditional virus. The concern is that worms are better at moving through systems, so a virus attached to a worm will have an easier time moving through a system.

The research team found 40,000 instances of the mutated malware out of a sample of 10 million files. One example was a virus designed to create back doors for hackers infected a worm that steals passwords. Their combination resulted in a mutation that could steal passwords while simultaneously creating a backdoor for the hacker to access the stolen information.

PhysOrg brings up an interesting point in that a virus’ main goal is to cause destruction. So in theory, a virus should destroy whatever it infects including the worm. The researchers never addressed this, but there’s a possibility that the virus could destroy the worm before it does any damage.

The researchers say that the combination of the two malware types was unintentional. The issue raised now is that hackers know it’s possible to combine the two. If it does occur, it could “pose a very serious threat to computers and networks the world over.”

For more examples of how this new super virus can destroy your computer, check out an expert analysis here.

You don’t have to scrutinize Ms. Maribel’s information too hard to gather that there is something fishy about this account. I’d wager that those nearly 100 followers of hers are probably also bots and they probably non-Tweet about botty things. These things are everywhere on Twitter. In all seriousness, I don’t think I’ve been followed by a real person on Twitter in months. And although Facebook certainly has its share of phony accounts, Twitter seems to be the more polluted of the two.

HOWEVER. It turns out that these might not be meaningless bots after all thanks to a new operation from the United States Department of Homeland Security. According to a new report in The Daily Mail, the DHS uses fake Twitter and Facebook accounts to monitor and track people who happen to use “sensitive” words. What kind of sensitive words? Words that despite sounding villainous are actually fairly generic. “The DHS outlined plans to scans blogs, Twitter and Facebook for words such as ‘illegal immigrant’, ‘outbreak’, ‘drill’, ‘strain’, ‘virus’, ‘recovery’, ‘deaths’, ‘collapse’, ‘human to animal’ and ‘trojan’, according to an ‘impact asssessment’ document filed by the agency.” If the DHS catches someone using any of these words and suspects you might be up to no good, it could mean that ” spies from the government read your posts, investigate your account, and attempt to identify you from it, acccording to an online privacy group.” Spies! Human to animal virus death recovery! Okay, DHS, you guys are obviously new to The Internet because just about every one of those keywords of yours could also be easily used in the context of sex and if you were familiar at all with this thing called The Internet you’d realize that 98% of it is porn-related. (P.S. – in case you didn’t know, porn includes sex.)

Not a group to let this trespass of our blessed privacy, everyone on Twitter responded appropriately:

So as if the keyword surveillance probably wasn’t muddled with sexy search results already then the noble crusaders of Twitter have undoubtedly thrown a couple more monkey wrenches into the Big Brothery gears of the DHS. At least I hope it has because if not then the combination of my searches on Twitter for their keywords in addition to my use of all of the words in this article will probably be enough for the feds to punch my ticket to Gitmo later today.

Original Article: Early Saturday morning, four Twitter accounts were started and began spreading a worm being referred to as Mikeyy throughout the social network. Reports suggest that when users go to the profile page of a user who is infected, their "About me" section is altered to include a link to a malicious site, which I won’t name here.

Twitter was able to take care of the first round of attacks on Saturday morning, but more kept coming throughout the weekend. They have been dealing with them in real time since then, and they haven’t stopped.

"We are still reviewing all the details, cleaning up, and we remain on alert," says Twitter co-founder Biz Stone. "Every time we battle an attack, we evaluate our web coding practices to learn how we can do better to prevent them in the future. We will conduct a full review of the weekend activities. Everything from how it happened, how we reacted, and preventative measures will be covered."

Stone compares the worm to one that has plagued MySpace in the past. The Samy worm spread across that social network, and its creator was ultimately prosecuted by MySpace.

Right now, the latest update on Twitter’s Status blog from four hours prior to this writing says, "We are currently addressing a new manifestation of the worm attack." In another post, Twitter suggested that people use third party apps to communicate with the service for the time being.

Two hours ago, a tweet from Twitter’s Spam Watch account looked like this:

Heavy Twitter users are going to want to keep up with the latest updates. Places to keep track of this include, Twitter’s status blog, the spam watch account, and Twitter’s official blog. Twitter makes it very clear that no passwords, phone numbers, or other sensitive information have been compromised.

The worm comes as a potentially damaging blow as Twitter continues to snowball in popularity. It will be interesting to see if reports about Mikeyy impede the growth rate at all.

Conficker, also known as Downup, Downadup and Kido, is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system. The worm exploits a previously patched vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta. The worm has been unusually difficult for network operators and law enforcement to counter because of its combined use of advanced malware techniques.

CNET prvoides a round-up of Conficker coverage, saying that the virus is expected to hit the web on April 1st, but "experts disagree on how extensive the damage could be."

According to Nielsen, in the last week, buzz has grown so much that it recently eclipsed blogosphere March Madness talk:

Back in February, Microsoft offered a $250,000 reward for info leading to the arrest of the Conficker’s culprits. According to Nielsen, since then, "terms like ‘virus removal’ and ‘virus protection’ have spiked during the work week."

Is the whole thing an elaborate April Fool’s day joke? It doesn’t look that way. "It’s definitely serious," says Symantec’s Kevin Haley (via Boston Herald). A Google search for "conficker" brings back about 3,510,000 results.

One of the numerous little Internet-only memes concerns a humorous list called If I Became An Evil Overlord, which has been around in some form for several years. Among its many prudent and useful suggestions comes this gem:

One of my advisors will be an average five-year-old child. Any flaws in my plan that he is able to spot will be corrected before implementation.

Jon Penn is a little older than the minimum required age for assessing Evil Overlord plans, but he’s certainly got the right ideas when it comes to securing his school’s network. A piece at Network World discussed the lad and his efforts at ridding the network of spam and viruses.

We applaud one step in particular the young man implemented, after identifying all the garbage adrift on the Victory Baptist School’s machines in Sherwood, Arkansas. Penn persuaded the grown-ups to stop the influx of junk at the gateway, rather than trying to control it PC by PC.

We’ve been advocates of moving the spam and virus fight to the gateway, preferably beyond even the corporate gateway to the ISP realm, for some time. If a child can figure out this is the best solution, you might want to ask your IT folks why they are so much smarter than a 5th grader about this while you’re deleting hundreds of spam messages every day.

Those words were spoken by Tim Hancock, the organization’s campaigns director in the UK, during a conference.  “The ‘Chinese model’ – of an Internet that allows economic growth but not free speech or privacy – is growing in popularity, from a handful of countries five years ago to dozens of governments today who block sites and arrest bloggers,” he continued.

Ars Technica’s Nate Anderson, who recorded Hancock’s words, adds that Hancock linked Google, Yahoo, and Microsoft to the Chinese model.  Each company has been called out (repeatedly) for its actions in that country; ironically, all of them have still pretty much failed to make headway, despite their concessions to government censorship.

Then Anderson notes, “even Amnesty admits that not all censorship is bad, making the entire debate more murky.  For instance, European countries often censor ‘hate speech’ or anything that appears designed to incite racial hatred – something that Amnesty supports.”

So view this next display – a “Global Internet Filtering Map” – with that caveat in mind.  Canada, Australia, and even the good ol’ U.S. of A. appear to employ forms of social censorship, and that doesn’t necessarily mean much.  Yet the worst areas for censorship appear to be the Middle East and Asia, and that, according to Amnesty International, is indeed the case.

There’s probably not much we, as individuals, can do about this – dictators don’t follow the advice of free speech groups on Facebook.  At least, by becoming aware of this “virus,” we might be able to avoid infection ourselves.

What was unique about this virus was the sheer quantity of variants on the virus,” said Rebecca Steinberg Herson, senior director of marketing at Commtouch, Mountain View, CA. “Ten to 12 months ago you’d see a couple of variants on viruses. This one we saw 3,262 variants in 65 hours.”

The way the virus was delivered also complicated efforts to stop its spread. “This outbreak ushered out 2006 with a bang, while loudly forewarning the nature of viral outbreaks in 2007,” said Haggai Carmon, Commtouch Vice President of Products. “During 2006, a growing number of massive server-side polymorphic outbreaks swarmed the Internet and successfully maintained a sizable lead of several hours to weeks ahead of traditional signature-based solutions. Examples of these include Feebs, Stration/Warezov and of course the ‘Happy New Year!’ malware to name just a few. What makes them so unique,” Carmon continued, “is that they are released in a large number of distinct and short-lived variants, making it impossible to generate one signature or heuristic rule to effectively protect against them. In this way, malware writers maximize their chances of infecting the largest number of machines.”

The malware was sent from numerous sources and appears to be a New Year’s greeting. Subject lines of the messages include, “Happy New Year!” and “Happy 2007!”

“The e-mail took advantage of the New Year’s holiday,” Ms. Steinberg Herson said. “I guess the writers of the virus wanted to take advantage of the holiday mood where more people would open the unknown e-mail thinking that they were getting greetings from friends.”

Add to Del.icio.us | Digg | Reddit | Furl

Mike is a staff writer for WebProNews. Visit WebProNews for the latest ebusiness news.

“On Tuesday evening, three posts were made to the Google Video Blog-group that should not have been posted,” Google said in a statement. “Some of these posts may have contained a virus called W32/Kapser.A@mm – a mass mailing worm. If you think you have downloaded this virus from the group or an e-mail message, we recommend you run your antivirus program to remove it.”

Computerworld reports Google has confirmed that internal protocols are now in place, to prevent this from happening again. Let’s hope so.

Comments

Tag:

Add to Del.icio.us | Digg | Yahoo! My Web | Furl

Bookmark WebProNews:

Andy Beal is an internet marketing consultant and considered one of the world’s most respected and interactive search engine marketing experts. Andy has worked with many Fortune 1000 companies such as Motorola, CitiFinancial, Lowes, Alaska Air, DeWALT, NBC and Experian.

You can read his internet marketing blog at Marketing Pilgrim and reach him at andy.beal@gmail.com.

Sherrill Davison, a professor of avian medicine at the University of Pennsylvania, remarked on the technology. “Twenty years ago we had to drive around the countryside and find the chicken farm that reported a disease, but now everything is on a mapping system. Now, we can very quickly, within about an hour, know exactly how many farms are in an (affected) area,” she said.

This could help contain the virus, or at least give authorities a good idea of how it spreads. Davison has been using GIS technology since 1998 to monitor and control outbreaks of other avian diseases. Originally it was only utilized in Pennsylvania, but other states adopted the system. Google Earth is only a recently added component.

“We began using Google Earth to help us locate poultry farms more exactly. In the past we knew the chicken house was on a parcel of land but now we can zoom in and tell exactly where on the property it is . . . It is another tool to add into our rapid response program,” Davison said.

The H5N1 virus has caused over 120 human deaths thus far, and has been found in Asia, Europe, and Africa. As birds migrate from Asia to Alaska (and then southwards) this summer, the virus is expected to reach North America.

Google is trying to keep us all safe from the bird flu. Maybe the branching Internet search company should try its hand at healthcare.

Add to | DiggThis | Yahoo! My Web

Technorati:

Doug is a staff writer for WebProNews. Visit WebProNews for the latest eBusiness news.

The Linux stuff doesn’t get reported because Linux is too geeky, and the Mac threats have been generally absent because there haven’t been many.

Well, two Mac issues popped up last week and caused a bit of excitement. The second of the two was really bogus, and probably never would have had any legs at all if the other one hadn’t happened. From http://www.f-secure.com/weblog/:

Inqtana.A has not been met in the wild and it uses Bluetooth library that is locked into specific Bluetooth address and the library expires on 24. February 2006. So it is quite unlikely that Inqtana.A would be any kind of threat.

Yeah, that and the fact that it’s already patched.

The other thing (and it is just a “thing” – it’s really not a virus and it’s barely a trojan worm) was quite exciting to some:

Virus Attacks Mac OS X Users:

Some owners of Mac computers have held the belief that Mac OS X is incapable of harboring computer viruses, but this will leave them shell-shocked, as it shows the malware threat on Mac OS X is real, said Graham Cluley, senior technology consultant for Sophos, in a statement. Mac users shouldnt think its okay to lie back and not worry about viruses.

Ayup. Mac users should really worry about this one. It’s a picture. It doesn’t “attack”; somebody has to send it to you or you have to deliberately go download it. You have to uncompress it, and then click on it. Even then, if you aren’t running as an Admin user, it doesn’t get to do anything harmful. There’s a full writeup of it at New MacOS X trojan/virus alert, mostly a non-event.

It is true, however, that Mac (and Linux) folk tend toward being too lax about security. There are things you should be doing to protect yourself no matter what OS you are running. I’ll just run over some of them quickly here. There’s a good article at Mac Geekery – Basic Mac OS X Security but I am a bit more draconian:

Don’t carry a loaded gun around the house

What I mean here is don’t be root. On Mac OS X, the root account isn’t even enabled by default and ordinarily you’d want to leave it that way (use “dsenableroot” to enable or disenable it).

Don’t even run as an Administrator account except when you need to. That’s a lot easier to do on Mac than it is on Windows (and there is no such thing on Linux in general), and Fast User Switching makes it painless to login as an Administrator when you do need it. The point is to keep the firearms put away and locked up so they aren’t available for use.

If you have been using an Administrator account, don’t switch your account to a non-admin account as suggested at the Mac Geekery article. Just make a new account and start using that. Copy your files as you find you need them and you’ll also accomplish a nice house-cleaning.

Lock the doors

While you are logged in as an Administrator, visit the Security Pane in System Preferences and tell it to lock everything – check off “Require password to unlock each secure system preference”. That’s important and should be automatic. You might also consider disabling automatic login and requiring passwords to wake up from sleep, but those things are more for protecting against unauthorized use than virus and worm attacks.

While you are in there, check Sharing and make sure you aren’t running services you don’t need to run and that the firewall is enabled. You DO have a hardware firewall also, right?

“t00r” is not a password

Your passwords need to be really tough and you should not be using the same password all over the internet. Yeah, I know that means a lot of passwords, but it doesn’t have to be that hard. For example, for the dozens of sites that I need passwords for but that aren’t particularly critical if hacked (meaning that you could pretend to be me for a comment or whatever but can’t steal money), I use two basic passwords and add in part of the site name. For example, I might use “fru%78hfg” as one password. When I visit xyz.com, my password is “fru%xyz78hfg” but if I visit abcsoftware.com, it’s “fruabc%hfg”. The positioning of the “%” is determined by the alphabet position of the “a” in “abc”; under “m” means position before the %, “n” on up means insert three characters after the %. This gives me unique passwords for each site, but I know what they are.

No automatic passwords, thanks anyway

In Applications, Utilities is the “Keychain Access.app”. If you opened that up on my machine, you’ll find that it doesn’t know a single password. That’s partially a security measure, but it’s more of a convenience: I remember my own passwords because I want to be able to use them anywhere, anytime. I was working with someone the other day who wanted to check their Gmail and had to go back to their office to do it – they had no idea what their password might be! I know my passwwords and can access whatever I want from wherever I am.

Macs are basically secure, and Mac users don’t have the constant problems that plague Windows. But Macs are not immune to security threats, and you shouldn’t be lazy and complacent about protecting yourself.

*Originally published at APLawrence.com

A.P. Lawrence provides SCO Unix and Linux consulting services http://www.pcunix.com