Another iPhone worm has been spotted in the wild.
Unlike the previous exploitation, which merely changed a jailbroken iPhone's wallpaper to a picture of Rick Astley of "Rickrolling" fame, this new threat allows hackers to steal sensitive information.
According to security firm Sophos, which wrote about the exploitation after a Dutch ISP spotted it late last week, the worm attacks jailbroken iPhone and iPod Touch devices only.
The worm "uses command-and-control, like a traditional PC botnet," Sophos wrote in a blog post on Saturday to warn users about the exploit. "It configures two startup scripts, one to execute the worm on boot-up, and the other to create a connection to a Lithuanian server to upload stolen data and cede control to the bot master."
Jailbreaking, which has been around for about two years, is a hack that enables iPhone and iPod Touch users to download applications unavailable through Apple's App Store.
Sophos wrote that the worm attacks users on several ISPs, including UPC in the Netherlands, Optus in Australia, and T-Mobile in several countries worldwide. Worse, the worm spreads faster on a Wi-Fi connection than a 3G connection. Users with affected devices might notice extremely short battery life while on Wi-Fi. According to Sophos, that's mainly due to the worm engaging in "so much network activity."
When a device is infected, it's assigned a unique number so that the attackers can easily pinpoint a single device. It also looks for authentication systems that use SMS, better known as mTANs. mTANs are frequently used by banks that send an SMS message with a password to mobile phones, allowing people to log in to their online accounts, Sophos wrote.
In essence, this threat is serious.
Sophos recommends that people with infected iPhones and iPod Touch devices restore them back to Apple's most recent firmware update. For now, there is no other way to fix the problem.
Don Reisinger is a technology columnist who has written about everything from HDTVs to computers to Flowbee Haircut Systems. Don is a member of the CNET Blog Network, and posts at The Digital Home. He is not an employee of CNET. Disclosure.
Connected's pipe-arranging puzzles are like potato chips: Bet you can't play just one.
A few weeks ago, I received e-mails from two developers within the space of about two hours. Each was pitching a new, "totally unique" puzzle game, and would I like to review them?
Now, I'm a sucker for puzzlers, especially on the iPhone, but the App Store is already teeming with them--each one claiming to be "original," "addictive," "brain-teasing," and so on. How truly unique could either of these newcomers be?
The first one, Connected, instantly reminded me of countless lay-the-pipe-before-the-water-escapes games--until I started playing it.
Connected does involve pipes, but here you're not fighting the clock (or the water). Instead, you merely have to figure out the proper arrangement of preselected pieces, which can be moved but not rotated.
It's a bit like Traffic Jam, but damn if it doesn't manage to be original, challenging, and insidiously addictive. With each level I somehow managed to complete, I told myself, "Just one more."
Add to it an elegant, simple interface and you've got 99 cents extremely well-spent.
The other game, Wriggle, also costs 99 cents--but there's a try-before-you-buy free version as well.
Great for kids but fun for anybody, Wriggle puts a great twist on block-sliding puzzles.
At first glance, Wriggle looks like a kids game--but don't let that fool you. While kids will undoubtedly enjoy the colorful, smiley-faced worms, there's plenty of challenge here for all ages.
Your goal is to help the blue worm escape the maze in as few moves as possible. This is done by dragging the heads and/or tails of the various worms that stand in his way.
Again, you can see elements of Traffic Jam, but that game doesn't go around corners. Wriggle does, and, like Connected, it comes across as a wholly unique kind of puzzle.
Wriggle also offers a bit more replay value, with four difficulty levels and the option of replaying any puzzle to see if you can win in fewer moves. You can even tweet your progress, if you're into that kind of thing.
Initially, I judged both games by their covers (make that screenshots), and that was a mistake. Connected and Wriggle are perfectly priced and perfectly entertaining. I highly recommend both.
Seen any unique puzzle games lately? Are there any you just can't put down? Share your puzzle faves in the comments. In the meantime, check out these five perfect puzzle games for the iPhone.
PCs do the darnedest things. When a program crashes, your system slows down, or a file or program refuses to open, it's probably due to a problem with an application or device. But not always. Computer viruses and worms will cause your PC to exhibit many of the same symptoms as a failed or failing component or program.
Here are some of the primary indicators that your system is infected:
• Your system slows to a crawl for no apparent reason.
• The machine crashes, with or without an automatic restart.
• Error messages pop up repeatedly.
• Programs or files open slowly or not at all (especially security apps).
• You can't access drives or other storage media.
• Certain Web sites won't open in your browser, especially those of security software vendors.
• You can't download updates for your antivirus software.
• You can't print.
• A program disappears from your system.
• Strange icons are added to your desktop, or programs appear that you never installed.
• The unused space on your hard drive disappears (which could mean a worm is making copies of itself).
• People in your contacts list receive e-mail from your account, often with a virus attached.
• There's a big jump in the amount of traffic on your network, especially outbound.
How to disinfect a PC
Whenever your system starts acting funky, the simplest remedy is to use Windows' System Restore feature to turn back the clock to a time when the machine worked. (Note that many viruses and worms can outsmart System Restore, so this is far from a cure-all.)
Microsoft's Help and Support site offers step-by-step instructions for using System Restore in XP (which also describes how to undo a restoration). Vista users will find information on System Restore and other system-recovery options for that operating system on the company's Windows Help and How-to site.
Even if System Restore appears to fix your PC, update your antivirus software's definitions and do a full system scan with the program. If you don't use AV software, download and install a copy. You'll find a list of free and low-cost antivirus programs on this Download.com page. Two freebies that get rave reviews from most users are Avira AntiVir Personal and Avast Home Edition.
Another option for virus and worm removal is Microsoft's own Malicious Software Removal Tool, which can disinfect a PC but doesn't prevent infections. Note that if your system is set to receive automatic Windows updates, it probably already has the tool installed. You can read more about MSRT on the Microsoft Help and Support site.
Of course, if the virus or worm has blocked your PC's access to the Internet or is preventing your security software from running, you'll have to use another system to download and install an up-to-date antivirus program on a flash drive, optical disc, or other external storage device. Then plug or insert that device in the infected machine and run the AV program from there. One option is the free ClamWin Portable, though many other free AV programs can be installed and run off external media.
Where did the virus/worm come from?
When you're in the midst of a PC disinfection, the source of the virus may not be your first concern. But once your system is working again, you want to avoid whatever action caused the problem.
In the past, most viruses and worms traveled via e-mail and latched themselves onto your hard drive when you clicked to open an attachment, or sometimes when you merely viewed a message. Now infections are more likely to occur after you browse to an infected Web site or download and open a file.
The recent Conficker worm takes advantage of Windows' Autorun feature that allows programs to open simply by plugging in the USB flash drive, CD, or DVD on which it's stored, sometimes even if you thought you had disabled Autorun and AutoPlay on the machine. Microsoft released a patch that closed this hole late last year, though you still must disable these features manually. You'll find instructions for doing so on this site.
Your best virus/worm-prevention strategy is to keep Windows and your antivirus/antispyware/firewall software up-to-date, don't open e-mail attachments you weren't expecting (even if they appear to be from someone you know), and avoid file-sharing and other dicey Web sites. This is no guarantee of keeping your PC virus-free, but it will keep the odds in your favor.
Rid your computer of Conficker
Report: Conficker worm bites University of Utah
More than 700 computers at the University of Utah, including those at its three hospitals, have been infected with the worm.(Posted in Security by Natalie Weinstein)
April 12, 2009 7:04 AM PDT
Conficker also installs fake antivirus software
In addition to dropping a mystery payload on infected machines, the Conficker worm installs software that tries to dupe people into paying nearly $50 for fake antivirus software.(Posted in Security by Elinor Mills)
April 10, 2009 4:00 PM PDT
Researchers say Conficker is all about the money
Conficker's ties to a large spamming and password-stealing botnet give credence to the speculation that money, and possibly malicious Eastern European hackers, are behind the latest Internet worm infection.(Posted in Security by Elinor Mills)
April 9, 2009 11:43 AM PDT
Conficker wakes up, updates via P2P, drops payload
Conficker is updating itself on infected computers via peer-to-peer technology and is programmed to stop running on May 3, Trend Micro researchers say.• Podcast: Conficker using P2P to spread payload
(Posted in Security by Elinor Mills)
April 8, 2009 3:27 PM PDT
Eye chart can help diagnose Conficker
April Fools' Day passed with much angst over and little action from the Conficker worm, but that doesn't mean it's not a threat. Quickly determine if you're infected with this "eye chart."(Posted in The Download Blog by Seth Rosenblatt)
April 3, 2009 5:36 PM PDT
All quiet on the Conficker front. Now what?
Just because Conficker was quiet doesn't mean it won't act in the future, turning unsuspecting PCs into spam-sending drones or stealthily stealing passwords from people, experts say.(Posted in Security by Elinor Mills)
April 1, 2009 8:05 AM PDT
Countdown to Conficker--a bust so far
Researchers say the worm is awake on computers in Asia where it's already April 1, but so far it hasn't taken much action. We'll keep you updated here.(Posted in Security by Elinor Mills)
April 1, 2009 6:35 AM PDT
Podcast: Worm 'phoning home' but getting no answer
Security watchers at McAfee say that Conficker is trying to communicate with master computers but isn't getting through.(Posted in Larry Magid at Large by Larry Magid)
April 1, 2009 5:21 AM PDT
Conficker flaw reveals which computers are infected
Researchers find flaw in Conficker that lets them detect which computers have the legitimate Microsoft patch and which were "patched" by the worm itself.• Conficker demonstrates complexity of IT security
(Posted in Security by Elinor Mills)
March 30, 2009 1:54 p.m. PDT
Podcast: Conficker worm dissected
David Perry, education director of Internet security company Trend Micro, discusses the implications of the worm.(Posted in Larry Magid at Large by Larry Magid)
March 30, 2009 11:04 p.m. PDT
Conficker worm might originate in China
A Vietnamese security firm concludes that the Conficker worm has the same root as the Nimda, which the firm believes originated in China.• Malware probes find a China angle
(Posted in Security by Dong Ngo)
March 29, 2009 7:30 p.m. PDT
'60 Minutes': What's next for the Conficker worm?
A report on the CBS News television news program examines one of the Internet's most dangerous computer worms.(Posted in Security by CBS Interactive staff)
March 29, 2009 7:00 p.m. PDT
FAQ: Conficker time bomb ticks, but don't expect boom
Worm's latest variant is set to start hitting random domains on April 1. But security experts say the damage might not be as serious as the hype suggests.• U.K. parliament computers get Confickered
(Posted in Security by Elinor Mills)
March 25, 2009 5:10 p.m. PDT
... Read more
Researchers have discovered another feature of the Conficker worm that provides an additional clue about the intent of the creators--the worm installs malware that masquerades as antivirus software, Trend Micro said on Friday.
The worm, which has infected millions of Windows-based computers on the Internet, is downloading a program called Spyware Protect 2009 and displaying warning messages saying that the computer is infected and offering to clean it up for $49.95, according to the Trend Micro blog.
If you see this pop-up message, chances are your computer is infected with Conficker. The latest feature of the widespread worm is that it installs fake antivirus software on infected machines.
(Credit: Trend Micro)The infection alerts repeatedly appear and experts are worried that people may be clicking on them and paying for the software just to be rid of the annoying messages, thereby handing thieves their credit card information.
The fake antivirus program also attempts to install a Trojan downloader that is programmed to download new versions of Spyware Protect 2009, according to Kasperky Lab's blog. However, the domain the Trojan downloader was being accessed from has been shut down, the blog said.
The fake antivirus feature further bolsters the speculation that the motivation behind the worm is to make money and not a desire to disrupt computer or network operations.
Researchers were still analyzing new component code of the worm that began being spread via peer-to-peer and being downloaded off domains that host the Waledec worm on Wednesday but were finding the task difficult because the instructions are encrypted.
The worm spreads via a hole in Windows that Microsoft patched in October, as well as through removable storage devices and network shares with weak passwords. The worm disables security software and blocks access to security Web sites.
Despite all the news the worm has made, many computers still remain unpatched, Sophos said. Of the number of people who have used Sophos' free endpoint assessment test to check the security risk of a network since the beginning of the year, 11 percent did not have the Microsoft patch installed, according to Graham Cluley's blog at Sophos.
For the month of March, 10 percent of all of the people who used the Sophos assessment tool were missing the patch, he said. The company did not divulge exactly how many people had used the tool and Cluley said the statistics cannot be extrapolated to represent the number of unpatched systems on the Internet.
In an indication of infection rates, IBM's Internet Security Systems group released statistics that show that the number of unique IPs infected with Conficker.C is increasing slightly.
Based on infections seen through monitoring devices in its IBM ISS' Managed Security Services, the number has grown from just over 64,000 on April 2 to more than 71,000 on April 8, according to the unit's Frequency X blog.
"We've seen around 11 percent more unique IPs in the past few days in comparison to a week ago," the blog said, also adding that the number doesn't necessarily indicate the scope of worldwide Conficker infection.
Nearly 60 percent of the infections monitored by IBM ISS are in Asia, followed by 18 percent each in Europe and South America, and 4 percent in North America, the statistics show. By country, China leads with 16.6 percent, followed by Brazil at 10.8 percent, Russia at 10.2 percent and Korea at 4.6 percent, according to ISS.
To check if your computer is infected you can use this Conficker Eye Chart or this site at the University of Bonn. There is also a Conficker removal guide on CNET's Download.com site.
Let's assume you're on the receiving end of the worst April Fool's Day joke of 2009: your computer's been infected with the Conficker virus. It's a frustrating but not insurmountable problem. This guide will walk you through how to cleanse your computer and inoculate against other Conficker variants.
First off, make sure that you are actually infected. There aren't many warning signs, but a few will stand out if you know what to look for. One fast way to check is to try to visit any major security software publisher's Web site. If you've cleared your browser cache beforehand, and you can load the sites of Symantec, Eset, Avira, or AVG, you're clean because Conficker blocks access to them.
Another good litmus test is to check on the status and functionality of Windows services such as Automatic Updates, the Background Intelligent Transfer Service, Windows Defender, and Error Reporting Services. If any of those have been disabled without your consent, or if your account lockout policies have changed without approval, you might be infected. Other warning signs include unusually high traffic on your local area network, and domain controllers responding slowly to client requests.
If you're running an up-to-date virus scanner, it's unlikely you'll get infected unless you've configured your computer to not receive automatic Windows updates. Checking your list of installed updates for security update MS08-067 (KB 958644) is not recommended because the worm, alternatively known as Kido, Downup, or Downadup, fakes the patch job.
... Read moreA worm that spreads via removable devices, network shares, and weak administrator passwords--in addition to exploiting a critical Windows vulnerability--is spreading so fast it is becoming an epidemic, a security researcher said on Thursday.
The worm, known as Kido, Conficker, or Downadup, initially exploited MS08-067, a vulnerability considered critical for Windows 2000, XP, and Server 2003. It was patched in October.
Newer variants have been configured to give the worm the ability to infect via other means to get onto the network, said Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab.
"The Kido authors are trying to get into these networks by infected removable devices and by using other Trojans to install Kido on a computer, which will then try to infect other machines on the local network," he said in an e-mail statement. The worm "is currently causing an epidemic."
An estimated 3.5 million computers are believed to be infected with the worm, ZDNet reports.
Like my colleague, CNET News' Caroline McCarthy, I've noticed a worrisome uptick in the amount of spam splatting against my Facebook Wall. It also nestles into my in-box in the form of a courtesy e-mail message prompting me to read my Wall.
While Facebook seems to have internal methods to resolve the malicious spam that has hijacked my friends' accounts, the only other recourse they offer is to update your antivirus software against an attack. That's too late. You want to block it before it ever drops its malware payload, and that means installing software that's designed to sniff your links.
If you see this on your Facebook Wall, delete it or report it; just don't click it.
(Credit: CNET Networks)I'll admit to being tricked the first time I read a Facebook Wall spam message, and clicked the link. My surfing path was immediately blocked by Firefox 3 and McAfee Site Advisor (for Firefox and Internet Explorer). While we don't recommend chasing down viruses to test the efficacy of your antivirus or privacy software, it was heartening to see the security features on these apps work as advertised. Grisoft's LinkScanner Lite and LinkScanner Pro are also very good at alerting you to perilous Web pages, though Firefox users should know it is not yet compatible with Firefox 3.
If an IM link from a friend pops up on your screen, do you click it right away? Most people, like Eivind, do. Most don't end up with a PC-killing worm.
Malicious IM links are a growing threat to users, and Eivind got dished an unpleasant preview of the trend we have to look forward to. Can she warn her friends of the deception before they're compromised too?
Watch the story unfold in this week's tale of Trojan trouble, "Malware's IM hideaway." You can also access the Spyware Horror Story archives for more stories and tips for staying safe online.
(Credit:
CNET Networks)
Elise's malware situation is frightening, but it's not as scary as her father, whose closet quest for pornography and reckless viewing methods pile more and more adware onto Elise's personal PC. She confronts him when a PC repair tech reveals the truth of the infection. Things get ugly. Threats fly.
16-year-old Elise is left with a challenge: How do you confront someone whose user behavior is dangerous to your computer and family privacy--and whose real-life behavior is dangerous to you? This week's Spyware Horror Story, Vicious voyeur, may hold some clues.
Visit our Spyware Horror Story archives to get more tips, commiserate, or to satisfy the occasional sardonic impulse.
