In a blog post, F-Secure security researchers report that the number of machines infected by the Downadup worm has skyrocketed from roughly 2.4 million to over 8.9 million in the last four days alone.

Downadup is a malicious worm that “uses computer or network resources to make complete copies of itself,” according to F-Secure. And it may also include code or other malware that damages both a computer and network. The worm also goes by the names “Kido” and “Conflicker.” Details on how it operates and how to remove it are here.

Once executed, Downadup disables a number of system services, including Windows Automatic Update, Windows Security Center, Windows Defender, and Windows Error Reporting. The worm then connects to a malicious server, where it downloads additional malware to install on the infected computer. Computerworld provides a more detailed report on Downadup’s potential dangers.

Since Downadup uses random extension names to avoid detection, Windows users should make sure their security software is set to scan all files, rather than checking on specific extensions, F-Secure recommends.

The alarmingly high number of Downadup infections led Microsoft last Tuesday to enable its anti-malware utility, Microsoft Software Removal Tool (MSRT), to detect the worm. So it’s important that Windows users, if they haven’t already, download the latest Microsoft security patch that went out earlier this week.

What is Swine Influenza?

Swine Influenza (swine flu) is a respiratory disease of pigs caused by type A influenza virus that regularly causes outbreaks of influenza in pigs. Swine flu viruses cause high levels of illness and low death rates in pigs. Swine influenza viruses may circulate among swine throughout the year, but most outbreaks occur during the late fall and winter months similar to outbreaks in humans. The classical swine flu virus (an influenza type A H1N1 virus) was first isolated from a pig in 1930.

How many swine flu viruses are there?

Like all influenza viruses, swine flu viruses change constantly. Pigs can be infected by avian influenza and human influenza viruses as well as swine influenza viruses. When influenza viruses from different species infect pigs, the viruses can reassort (i.e. swap genes) and new viruses that are a mix of swine, human and/or avian influenza viruses can emerge. Over the years, different variations of swine flu viruses have emerged. At this time, there are four main influenza type A virus subtypes that have been isolated in pigs: H1N1, H1N2, H3N2, and H3N1. However, most of the recently isolated influenza viruses from pigs have been H1N1 viruses.
Swine Flu in Humans

Can humans catch swine flu?

Swine flu viruses do not normally infect humans. However, sporadic human infections with swine flu have occurred. Most commonly, these cases occur in persons with direct exposure to pigs (e.g. children near pigs at a fair or workers in the swine industry). In addition, there have been documented cases of one person spreading swine flu to others. For example, an outbreak of apparent swine flu infection in pigs in Wisconsin in 1988 resulted in multiple human infections, and, although no community outbreak resulted, there was antibody evidence of virus transmission from the patient to health care workers who had close contact with the patient.
How common is swine flu infection in humans?

In the past, CDC received reports of approximately one human swine influenza virus infection every one to two years in the U.S., but from December 2005 through February 2009, 12 cases of human infection with swine influenza have been reported.

What are the symptoms of swine flu in humans?

The symptoms of swine flu in people are expected to be similar to the symptoms of regular human seasonal influenza and include fever, lethargy, lack of appetite and coughing. Some people with swine flu also have reported runny nose, sore throat, nausea, vomiting and diarrhea.

Can people catch swine flu from eating pork?

No. Swine influenza viruses are not transmitted by food. You can not get swine influenza from eating pork or pork products. Eating properly handled and cooked pork and pork products is safe. Cooking pork to an internal temperature of 160°F kills the swine flu virus as it does other bacteria and viruses.

How does swine flu spread?

Influenza viruses can be directly transmitted from pigs to people and from people to pigs. Human infection with flu viruses from pigs are most likely to occur when people are in close proximity to infected pigs, such as in pig barns and livestock exhibits housing pigs at fairs. Human-to-human transmission of swine flu can also occur. This is thought to occur in the same way as seasonal flu occurs in people, which is mainly person-to-person transmission through coughing or sneezing of people infected with the influenza virus. People may become infected by touching something with flu viruses on it and then touching their mouth or nose.

What do we know about human-to-human spread of swine flu?

In September 1988, a previously healthy 32-year-old pregnant woman was hospitalized for pneumonia and died 8 days later. A swine H1N1 flu virus was detected. Four days before getting sick, the patient visited a county fair swine exhibition where there was widespread influenza-like illness among the swine.

In follow-up studies, 76% of swine exhibitors tested had antibody evidence of swine flu infection but no serious illnesses were detected among this group. Additional studies suggest that one to three health care personnel who had contact with the patient developed mild influenza-like illnesses with antibody evidence of swine flu infection.
How can human infections with swine influenza be diagnosed?

To diagnose swine influenza A infection, a respiratory specimen would generally need to be collected within the first 4 to 5 days of illness (when an infected person is most likely to be shedding virus). However, some persons, especially children, may shed virus for 10 days or longer. Identification as a swine flu influenza A virus requires sending the specimen to CDC for laboratory testing.

What medications are available to treat swine flu infections in humans?

There are four different antiviral drugs that are licensed for use in the US for the treatment of influenza: amantadine, rimantadine, oseltamivir and zanamivir. While most swine influenza viruses have been susceptible to all four drugs, the most recent swine influenza viruses isolated from humans are resistant to amantadine and rimantadine. At this time, CDC recommends the use of oseltamivir or zanamivir for the treatment and/or prevention of infection with swine influenza viruses.

What other examples of swine flu outbreaks are there?

Probably the most well known is an outbreak of swine flu among soldiers in Fort Dix, New Jersey in 1976. The virus caused disease with x-ray evidence of pneumonia in at least 4 soldiers and 1 death; all of these patients had previously been healthy. The virus was transmitted to close contacts in a basic training environment, with limited transmission outside the basic training group. The virus is thought to have circulated for a month and disappeared. The source of the virus, the exact time of its introduction into Fort Dix, and factors limiting its spread and duration are unknown. The Fort Dix outbreak may have been caused by introduction of an animal virus into a stressed human population in close contact in crowded facilities during the winter. The swine influenza A virus collected from a Fort Dix soldier was named A/New Jersey/76 (Hsw1N1).
Is the H1N1 swine flu virus the same as human H1N1 viruses?

No. The H1N1 swine flu viruses are antigenically very different from human H1N1 viruses and, therefore, vaccines for human seasonal flu would not provide protection from H1N1 swine flu viruses. Swine Flu in Pigs

How does swine flu spread among pigs?

Swine flu viruses are thought to be spread mostly through close contact among pigs and possibly from contaminated objects moving between infected and uninfected pigs. Herds with continuous swine flu infections and herds that are vaccinated against swine flu may have sporadic disease, or may show only mild or no symptoms of infection.

What are signs of swine flu in pigs?

Signs of swine flu in pigs can include sudden onset of fever, depression, coughing (barking), discharge from the nose or eyes, sneezing, breathing difficulties, eye redness or inflammation, and going off feed.

How common is swine flu among pigs?

H1N1 and H3N2 swine flu viruses are endemic among pig populations in the United States and something that the industry deals with routinely. Outbreaks among pigs normally occur in colder weather months (late fall and winter) and sometimes with the introduction of new pigs into susceptible herds. Studies have shown that the swine flu H1N1 is common throughout pig populations worldwide, with 25 percent of animals showing antibody evidence of infection. In the U.S. studies have shown that 30 percent of the pig population has antibody evidence of having had H1N1 infection. More specifically, 51 percent of pigs in the north-central U.S. have been shown to have antibody evidence of infection with swine H1N1. Human infections with swine flu H1N1 viruses are rare. There is currently no way to differentiate antibody produced in response to flu vaccination in pigs from antibody made in response to pig infections with swine H1N1 influenza.

While H1N1 swine viruses have been known to circulate among pig populations since at least 1930, H3N2 influenza viruses did not begin circulating among US pigs until 1998. The H3N2 viruses initially were introduced into the pig population from humans. The current swine flu H3N2 viruses are closely related to human H3N2 viruses.

Is there a vaccine for swine flu?

Vaccines are available to be given to pigs to prevent swine influenza. There is no vaccine to protect humans from swine flu. The seasonal influenza vaccine will likely help provide partial protection against swine H3N2, but not swine H1N1 viruses.

Symantec reports today that it has found a new variant of the virulent worm that will identify antivirus software or security analysis tools running on the infected PC, and attempt to shut down those programs. This is a strong signal that the worm’s mysterious creators haven’t abandoned their creation in the face of worldwide attention, as some in the industry have theorized, but may still have plans to make a buck off their work.

To protect against the Conficker worm, first make sure you’ve installed the patch that closes a targeted hole in the Microsoft Server Service. Next, protect any network shares and administrator accounts with a strong password, as Conficker will try to guess easy ones.

Finally, you can block the worm’s third infection, which hijacks thumb drives and other removeable media, by disabling Autorun on Windows. PC World has a download available that can automate that step for Windows XP users, and Microsoft has posted manual instructions.

Many types of malicious software like Conficker have to connect to a command center to receive orders, which in the case of Conficker might be to download additional software like a keylogger or data-stealing Trojan. Without those orders, the malware just sits there.

Conficker uses an algorithm to create a list of 250 domain names each day that it will check for commands, according to David Ulevitch, CEO of OpenDNS. So its creators can register any of those 250 domains for any given day and be able to issue orders to the millions of worms.

Antivirus companies like F-Secure and Kaspersky have cracked that algorithm and can predict which domains Conficker will attempt to contact on any given day, and F-Secure has previously offered that predictive list to network administrators who could use it to block computers in their network from connecting to any of those domains.

Come Monday, OpenDNS will use a similar approach to block any computer or network that uses the company for its domain name system (DNS) service, which translates the human-friendly names like ajaymatharu.com into the IP addresses used by machines, from getting a DNS record for a Conficker domain. Using a list from Kaspersky, OpenDNS will refrain from sending a requested domain-name-to-IP-address translation for any such domain, effectively neutering the worm by blocking it from reaching a command center.

Those who have signed up for a free OpenDNS account will receive a warning e-mail that a computer within their home or business network is likely infected with Conficker if OpenDNS blocks a connection attempt, says Ulevitch. But you can also use the service without signing up for an account, which will still block the connection attempt without sending a warning e-mail. Account holders will also be able to check the service dashboard for a warning.

This is a good, layered defefnse approach that can be of particular use for small businesses or home networks who aren’t able to use blocklists themselves. If you’re at all concerned that you might have computers in your home or business network infected with Conficker, it’s quick and easy to begin using OpenDNS. The company says it plans to expand the approach in the future.

The “iServices.a” Trojan hitchhikes on iWork ’09′s installer. The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer’s request of an administrator password.

Once the Mac is infected, the Trojan phones home to let daddy know it arrived safely and is awaiting further instructions. Since then, the same bit of viral nastiness — dubbed OSX.Trojan.iServices.B — has begun showing up in pirated copies of Adobe Photoshop CS4, according to Macworld.

Glass-half-full types can view this as further proof of the Mac’s success; it’s now installed in sufficient numbers to be worth the attention of botnet herders. Also: That room full of manure is sure to have a pony inside.

According to Panda Security, almost 6% of the Windows systems scanned with its antivirus technology were found to be infected with “Downadup,” a worm that began aggressive attacks just over a week ago. Panda was one of the first security firms to ring the alarm over Downadup, when it raised its security threat level Jan. 12 as reports of attacks mounted.

Using data from antivirus scans performed by its consumer-grade security software, and by a free online scanning tool it makes available on its Web site, Panda found 111,379 PCs infected with the worm out of a pool of 2 million machines.

Downadup, also called “Conficker,” has infected an estimated 6% of PCs worldwide . The worm spreads by exploiting a four-month-old vulnerability in Windows, by brute-force password attacks and by hitchhiking on USB devices like flash drives.

And effective. Most researchers, including those at Symantec, have said the worm is the most invasive seen in the last six years.

The faster hackers can come up with an exploit and put it on the street, the better luck they usually have, for fewer users patch their machines in the first days or weeks after a vulnerability is fixed.

Although some researchers now say that Downadup seems to have peaked — F-Secure Corp. Friday noted that its “growth…has been curbed” — researchers remained worried about the next step in the attack.

Most malware infects PCs so that hackers can then use the collected machines, dubbed a “botnet,” to send spam, attack Web sites or compromise more computers. To do that, the original attack code directs the now-controlled PC, a “bot” in security parlance, to download additional software.

But Downadup has yet to trigger such second-stage downloads.

Early Friday, the Finnish firm revised its estimate of the number of computers that had fallen victim to the worm, and explained how it came to the figure. “The number of Downadup infections [is] skyrocketing,” Toni Koivunen, an F-Secure researcher, said in an entry to the company’s Security Lab blog . “From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That’s just amazing.”

Downadup — which also goes by the name “Conficker” — exploits a bug in the Windows Server service used by Windows 2000 , XP, Vista , Server 2003 and Server 2008. Although Microsoft fixed the flaw with one of its rare “out of cycle” updates in late October, about a third of all PCs have not yet been patched, according to Qualys Inc., another security company. Those PCs are the ones being hijacked by the worm.

Once it’s gotten onto a PC, Downadup generates a list of possible domains, selects one, then uses that URL to reach a malicious server from which it downloads additional malware to install on the hijacked computer. F-Secure, however, has registered some of those domains, and has been able to monitor traffic through those URLs.

By examining logs of connection attempts to the domains, F-Secure discovered several hundred thousand different IP addresses — over 350,000 as of today — as well as a counter embedded in each that spells out the number of additional PCs that the infected machine has compromised.

You can find a solution to this Virus here

While spamming via e-mail services remains prevalent, spammers see social networks as the new horizon. Spammers have managed to set up phony social networking accounts, by breaking the protections set in place by a safeguard known as CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), the letters you normally have to type in when you register for a website that says “Are you a human?”

Luckily, if you’re wading in the social networking pool, you can revisit some core security principles in order to protect yourself from spammers and other characters on Facebook who can ruin your computer or identity.

- Re-do Your Password: It’s Probably Not Strong Enough

Some cyber criminals have become remarkably good at obtaining social networking passwords through phishing schemes. Sergeant cites the case of a spammer in Canada who lured Facebook users into offering up their personal information to sign up for products offered by a fake company selling “male enhancement drugs.”

In a lawsuit, which Facebook won for an amount just shy of $900 million, the social network alleged that the spammer sent out four million spam messages from accounts in which he had obtained the passwords.

- Watch Those Third-Party Applications

Facebook has built an ecosystem of third party applications, from games to widgets. But some apps have been shown to be completely fraudulent. Applications have been created to install malware on your computer and access your personal information (a right that third-party apps typically reserve to do on Facebook).

While Facebook does a good job of policing the site and dealing with app problems once they learn of them, the ecosystem is so big that it’s hard to stop poor players, Sergeant says. So users must be educated and cautious about installing apps. In general, watch for apps that bait you with learning a piece of information by clicking on a button (since this generally will initiate an install).

These apps tend to pander to basic human curiosities. A common example: “Jane has written some personal information about you! Click here to find how what she said!”

Remember that when you click to install an app like that, it not only puts your computer and network at risk, but also potentially sends the same invite out to everyone on your friend list.

- User-Generated Spam

Social networks like Facebook rely on users to enrich the experience by posting content such as pictures and video (as well as links) and then sharing the content with their contacts. Spam-based social networkers will go to other people’s comment threads, for instance, and chime in with links that, if clicked on, will install malware.

For example, if you post a news story, a spammer might comment, “I blogged about this and check out this link.” This can be trickier to decipher than a spam-based e-mail, since the participant looks fairly genuine about participating in the discussion on the surface. In fact, the comment might be left with your friends name on it if his or her account was hijacked.

“It enables spammers to post blog comments on the pages of other contacts and allows them to send messages from the phished accounts to other contacts,” the report says.

In other words, if it doesn’t sound like your friend who left the comment, it very well might not have been. Check with that person directly before you click on the link (especially if you don’t recognize the URL as a household name).

As social networking tools change the way we communicate, spammers have begun turning their attention to services such as Facebook and MySpace, tricking users into installing viruses, launching fraudulent websites and deploying malware throughout their computers and networks, accoring to a a new report by MessageLabs.

While spamming via e-mail services remains prevalent, “spammers see social networks as the new horizon,” says Matt Sergeant, senior anti-spam technologist at MessageLabs. Spammers have managed to set up phony social networking accounts, according to MessageLabs, by breaking the protections set in place by a safeguard known as CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), the letters you normally have to type in when you register for a website that says “Are you a human?”

Luckily, if you’re wading in the social networking pool, you can revisit some core security principles in order to protect yourself from spammers and other characters on Facebook who can ruin your computer or identity, Sergeant says.
1. Re-do Your Password: It’s Probably Not Strong Enough

Some cyber criminals have become remarkably good at obtaining social networking passwords through phishing schemes. Sergeant cites the case of a spammer in Canada who lured Facebook users into offering up their personal information to sign up for products offered by a fake company selling “male enhancement drugs.”

In a lawsuit, which Facebook won for an amount just shy of $900 million, the social network alleged that the spammer sent out four million spam messages from accounts in which he had obtained the passwords.

Sergeant says not only should users be wary of phishing schemes, but also of the fact that research indicates spammers are able to guess passwords. He suggests beefing up your password with unpredictable letters, phrases and numbers. At CIO, we recommend checking out this helpful password how-to from our sister site, csoonline.com.
2. Watch Those Third-Party Applications

Facebook has built an ecosystem of third party applications, from games to widgets. But some apps have been shown to be completely fraudulent. Applications have been created to install malware on your computer and access your personal information (a right that third-party apps typically reserve to do on Facebook).

While Facebook does a good job of policing the site and dealing with app problems once they learn of them, the ecosystem is so big that it’s hard to stop poor players, Sergeant says. So users must be educated and cautious about installing apps. In general, Sergeant says, watch for apps that bait you with learning a piece of information by clicking on a button (since this generally will initiate an install).

These apps tend to pander to basic human curiosities. A common example: “Jane has written some personal information about you! Click here to find how what she said!”

Remember that when you click to install an app like that, it not only puts your computer and network at risk, but also potentially sends the same invite out to everyone on your friend list.
3. User-Generated Spam

Social networks like Facebook rely on users to enrich the experience by posting content such as pictures and video (as well as links) and then sharing the content with their contacts. Spam-based social networkers will go to other people’s comment threads, for instance, and chime in with links that, if clicked on, will install malware.

For example, if you post a news story, a spammer might comment, “I blogged about this and check out this link.” This can be trickier to decipher than a spam-based e-mail, since the participant looks fairly genuine about participating in the discussion on the surface. In fact, the comment might be left with your friends name on it if his or her account was hijacked.

“It enables spammers to post blog comments on the pages of other contacts and allows them to send messages from the phished accounts to other contacts,” the report says.

In other words, if it doesn’t sound like your friend who left the comment, it very well might not have been. Check with that person directly before you click on the link (especially if you don’t recognize the URL as a household name).

If you’ve received a message like that through Facebook or MySpace, you may have been exposed to the “Koobface” virus. “Koobface” comes through an e-mail sent by one of your social networking site friends inviting you to scope out a video.

Once the URL is clicked, “Koobface” prompts you to update your Flash player before the video can be displayed. Therein lies the virus, cloaked in a “flash_player.exe” file. According to the Kaspersky Lab, an antivirus organization working closely with Facebook, “the worms transform victim machines into zombie computers to form botnets.”

The McAfee Security Blog explains that when “Koobface” infects your computer, it prompts a downloaded service named Security Accounts Manager (SamSs) to load on start-up. SamSs then proxies all HTTP traffic, stealing results from popular search engines and hijacking them to lesser-known search sites.

A clear eye for fraud will help you avoid this mess. You can usually spot phony e-mails by their titles. Kaspersky found the following: Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments. My own “Koobface” attack came in an e-mail entitled, lool, yoour blushingg afce is so funny! Checkk out. Obviously, Paris Hilton never threw dwarves, and in all likelihood, my 26-year-old friend knows how to spell more than two words. These are clear indicators you’re being attacked.

Facebook has posted instructions about how to remove the “Koobface” virus: give your computer an antivirus scrub-down and change your Facebook password.

This attack on the world’s most popular social networking site and its 120 million users comes just weeks after Facebook won an $873 million lawsuit against several people accused of hacking user accounts and spreading spam.