writes “A microscopic worm used in experiments on the space station not only seems to enjoy living in a microgravity environment, it also appears to get a lifespan boost. This intriguing discovery was made by University of Nottingham scientists who have flown experiments carrying thousands of tiny Caenorhabditis elegans (C. elegans) to low-Earth orbit over the years. It turns out that this little worm has genes that resemble human genes and of particular interest are the ones that govern muscle aging. Seven C. elegans genes usually associated with muscle aging were suppressed when the worms were exposed to a microgravity environment. Also, it appears spaceflight suppresses the accumulation of toxic proteins that normally gets stored inside aging muscle. Could this have implications for understanding how human physiology adapts to space?”
Source: Space Worms Live Long and Prosper
Categories: slashdot caenorhabditis elegans, environment, human genes, low earth orbit, microgravity, microscopic worm, muscle, Nottingham, space, toxic proteins, worm
Trailrunner7 writes, quoting Threat Post: “Security researchers have come across a worm that is meant specifically to steal blueprints, design documents and other files created with the AutoCAD software. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates and is sending tens of thousands of stolen documents to email addresses in China. However, experts say that the worm’s infection rates are dropping at this point and it doesn’t seem to be part of a targeted attack campaign. … Discovered that not only was the worm highly customized and well-constructed, it seemed to be targeting mostly machines in Peru for some reason. … They found is that ACAD/Medre.A was written in AutoLISP, a specialized version of the LISP scripting language that’s used in AutoCAD.”
Source: AutoCAD Worm Medre.A Stealing Designs, Blueprints
Categories: slashdot ACAD, AutoCAD, autocad software, blueprints, China, design documents, Medre, Peru, scripting language, security researchers, Trailrunner, worm
Trailrunner7 writes “Researchers digging through the code of the recently discovered Flame worm say they have come across a wealth of evidence that suggests Flame and the now-famous Stuxnet worm share a common origin. Researchers from Kaspersky Lab say that a critical module that the Flame worm used to spread is identical to a module used by Stuxnet.a, an early variant of the Stuxnet worm that began circulating in 2009, more than a year before a later variant of the worm was discovered by antivirus researchers at the Belarussian firm VirusBlokAda. The claims are the most direct, to date, that link the Flame malware, which attacked Iranian oil facilities, with Stuxnet, which is believed to have targeted Iran’s uranium-enrichment facility at Natanz. If true, they suggest a widespread and multi-year campaign of offensive cyber attacks against multiple targets within that country.”
Source: Researchers Say Flame and Stuxnet Share Common Authors
Categories: slashdot antivirus researchers, country source, enrichment facility, flame, Iran, module, Natanz, Stuxnet, uranium enrichment, variant, worm
alphadogg writes “The cyber-criminal gang that operated the recently disabled Kelihos botnet has already begun building a new botnet with the help of a Facebook worm, according to security researchers from Seculert. Security experts from Kaspersky Lab, CrowdStrike, Dell SecureWorks and the Honeynet Project, announced that they took control of the 110,000 PC-strong Kelihos botnet on Wednesday using a method called sinkholing. That worm has compromised over 70,000 Facebook accounts so far and is currently distributing a new version of the Kelihos Trojan.”
Source: Researchers Say Kelihos Gang Is Building New Botnet
Categories: slashdot botnet, criminal gang, Dell SecureWorks, Facebook, gang, honeynet project, PC-strong Kelihos, secureworks, security, trojan source, worm
An anonymous reader writes “Bitdefender reports that there exist viruses which, when they encounter other viruses, will merge and combine effects so that they create a new virus. ‘A virus infects executable files; and a worm is an executable file. If the virus reaches a PC already compromised by a worm, the virus will infect the exe files on that PC — including the worm. When the worm spreads, it will carry the virus with it. Although this happens unintentionally, the combined features from both pieces of malware will inflict a lot more damage than the creators of either piece of malware intended. While most file infectors have inbuilt spreading mechanisms, just like Trojans and worms (spreading routines for RDP, USB, P2P, chat applications, or social networks), some cannot replicate or spread between computers. And it seems a great idea to “outsource” the transportation mechanism to a different piece of malware (i.e. by piggybacking a worm).’”
Source: When Viruses Infect Worms
Categories: slashdot anonymous reader, exe files, executable files, infect, malware, new virus, p, piece, social networks, USB, virus, worm
Yesterday we reported that the squiggly little beast Ramnit stole 45,000 logins and passwords, but Facebook has confirmed that those came from mostly “invalid” accounts.
“Invalid can mean one of several things,” a Facebook spokesperson tells us. “This includes an e-mail address not associated with a Facebook account, invalid password, or the password was old/expired.”
The world’s largest social network was pretty lucky that Ramnit didn’t hit up active accounts in Brazil, where the user base grew by nearly 300% or in Japan, which experienced 254% growth over the past year.
Microsoft first discovered the Ramnit worm nearly two years ago in April 2010. If accidentally downloaded, it infects Windows executable files, Microsoft Office files and HTML files. It can also spread to removable drives, stealing FTP credentials and browser cookies. In August 2011, Ramnit transformed and began attacking financial websites. By January 2012, it started jacking social network accounts. Users who used the same password across multiple accounts were at the highest risk.
Users who accidentally downloaded the malware invited Ramnit onto their computer. Seculert found that a total of 800,000 machines were invaded by the worm between September-December 2011.
In November 2011, ZDNet reported on a similar worm, which enticed users into clicking on a photo of two blonde ladies. If clicked, the malware would burrow into the user’s computer and attempt to steal banking information.
Source: Facebook Ramnit Worm Virus Mostly Attacked Inactive Accounts in France & England
Categories: readwriteweb Brazil, e mail address, Facebook, invalid accounts, Japan, little beast, microsoft office files, network, Password, Ramnit, worm, worm virus
A rampant worm by the name of Ramnit has stolen login and password information for 45,000 Facebook users, mostly in the UK and France. Prowling the 800-million-strong social network, the worm steals user names, passwords and browser cookies. It also acts as a backdoor, meaning a hacker can attack any computer that has already been infected. According to the Microsoft Malware Protection Center, Ramnit infects Windows executables, Microsoft Office and HTML files. The Ramnit worm initially transformed into financial malware in August 2011, according to reports from Trusteer.
“What was once malware designed to steal data from financial institutions has evolved into a social network threat,” says John Weinschenk, CEO at Cybersecurity company Cenzic. “Bank account numbers and Facebook log-in credentials seem very different, but to hackers, they are equally as lucrative.”
The current composite Ramnit worm is like a Mogwai that has been hit with water, eaten food after midnight, stepped out into the sun and transformed it into a hyper-evil gremlin.
Once Ramnit joined forces with the leaked ZeuS source-code in May, the Seculert blog says it became a “Hybrid creature.” That is, it took on ZeuS’ financial-data investigative nature and gained access to financial institutions. As a result, it compromised online banking sessions and also attacked a few corporate networks. The Ramnit worm burrows through Facebook, spreading malware to the walls of thousands of innocent Facebook users.
“To combat these types of threats, consumers need to be vigilant about changing passwords often,” says Weinschenk. “Avoid clicking on unknown links, and alert their friends to a potential malicious link they might have posted.”
Facebook spam attacks like this are nothing new. A recent attack that was caused by a browser vulnerability filled users’ walls with photos of the Biebs in compromising sexual situations. Not long after, football-loving spammers nailed the Facebook community forum.
Users should keep an eye on their Facebook profiles as social network worms continue spreading.
Facebook says it blocks 200 million malicious actions per day, which include messages that send users to malware. Even still, Facebook spam is growing faster than its user base.
Source: Hackers Steal 45,000 Facebook Passwords & Logins
Categories: readwriteweb bank account numbers, Facebook, food after midnight, France, John Weinschenk, malware, microsoft malware, network, Ramnit, UK, weinschenk, worm
November 13th, 2011 11:12
writes “Wrapped in the code the Duqu worm uses to infect computers is the message: ‘Copyright (c) 2003 Showtime Inc. All rights reserved. DexterRegularDexter.’ An analysis of the worm has also revealed that Duqu, which is similar to Stuxnet and may even have been written by the same developers, may be four years old and that it generally tries to steal information on Wednesdays”
Source: Inside the Duqu Worm’s Source Code
Trailrunner7 writes “There is a new worm circulating right now that is compromising servers running older versions of the JBoss Application Server and then adding them to a botnet. The worm also attempts to install a remote access tool in order to give the attacker control over the newly infected server. The worm has been circulating for a couple of days at least, and it’s not clear right now how many servers have been compromised or what the origins of it are. It apparently exploits an old vulnerability in the JBoss Application Server, which was patched in April 2010, in order to compromise new machines. Once that’s accomplished, the worm begins a post-infection routine that includes a number of different steps.”
Source: New JBOSS Worm Infecting Unpatched Servers
Trailrunner7 writes “A new worm called Morto has begun making the rounds on the Internet, infecting machines via Remote Desktop Protocol. The worm is generating a large amount of outbound RDP traffic on networks that have infected machines, and Morto is capable of compromising both servers and workstations running Windows. Users who have seen Morto infections are reporting in Windows help forums that the worm is infecting machines that are completely patched and are running clean installations of Windows Server 2003.”
Source: New Worm Morto Using RDP To Infect Windows PCs