[IS&T Security-FYI] SFYI Newsletter, March 27, 2009

Fri Mar 27 15:00:47 EDT 2009

In this issue:

1. Beware the "April 1" Conficker Worm
2. Twitter Cross-Site Scripting Flaw
3. What is a Botnet?

-------------------------------------------------
1. Beware the "April 1" Conficker Worm
-------------------------------------------------

The media has been spotlighting a big new threat by the Conficker worm  
which has been around since November of last year. The first strain  
was quickly followed up by a second more aggressive strain in December  
and a third has been sighted this week, called Conficker C, which is  
supposed to be set to wreak havoc on April 1, impacting millions of  
computers.

According to McAfee, the makers of the VirusScan software that is  
distributed and supported by MIT's IS&T department, this frenzy around  
the worm is not based on any supporting facts. However, no one can be  
sure what will happen on April Fool's Day.

What is sure, says the McAfee blog, is that "almost all the security  
vendors have thoroughly analyzed Conficker–also known as Downadup and  
Kido worm–and have good generic detection and cleaning in place." The  
detection rate of virus protection software will be 90% or above, so  
keep your anti-virus software running and updated! The blog also  
offers information on the cleaning tool "Stinger" and a link to  
mitigation steps for IT staff.

The McAfee Avert Labs Blog:
<http://www.avertlabs.com/research/blog/>

The story in the news:
<http://tech.yahoo.com/blogs/null/128643/beware-conficker-worm-come-april-1/ 
 >
<http://www.pcmag.com/article2/0,2817,2343910,00.asp>

--------------------------------------------
2. Twitter Cross-Site Scripting Flaw
--------------------------------------------

A cross-site scripting vulnerability in Twitter could be exploited to  
spread malware virally through the microblogging service.  While as  
yet only proof-of-concept code has been released, the flaw could be  
exploited to hijack Twitter accounts or compromise users' computers.  
Twitter has been notified about the flaw.

Read the full story here:
<http://www.h-online.com/security/Twitter-XSS-vulnerability--/news/112905 
 >

--------------------------
3. What is a Botnet?
--------------------------

You've likely seen this term before and figured you knew what it  
meant: some kind of network of robot machines, and you would be  
correct. But how did these happen and what do they do?

Criminals install hidden software on your computer in several ways.  
First, they scan the Internet to find computers that are unprotected,  
and then install software through those "open doors." Spammers may  
send you an email with attachments, links or images. Once you click on  
or open them, they will install hidden software. Sometimes just  
visiting a web site or downloading files may cause a "drive-by  
download," which installs malicious software that could turn your  
computer into a "bot".

Now your computer is part of a "zombie army" of tens to hundreds of  
thousands of computers sending emails by the millions. Computer  
security experts estimate that most spam is sent by computers that are  
controlled remotely by their criminal masters, and that millions of  
these computers are part of botnets. The consequences to you, the  
computer owner, can be more than just annoying. Your Internet Service  
Provider (ISP) may shut down your account if your computer is detected  
sending out spam.

To learn how to tell if your computer is part of a botnet, what you  
can do to prevent botnetting, or what actions you can take after  
botnetting has occurred, see this Hermes knowledge base article:
<http://kb.mit.edu/confluence/x/aipB>

[Source: SANS Ouch Newsletter]

=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090327/d7a91292/attachment.htm