New PC worm infecting millions

The New York Times called it the newest "digital plague." "Known as Conficker or Downadup, it is spread by a recently discovered Microsoft Windows vulnerability, by guessing network passwords and by hand-carried consumer gadgets like USB keys," according to the Times, adding that experts are calling it the worst worm since the Slammer of 2003. Microsoft says there's no single solution to the problem, but it did issue a patch last October. Security experts told the Times that the worm's success was "due in part to lax security practices by both companies and individuals, who frequently do not immediately install updates." Washington Post computer security writer Brian Krebs has details on the worm's origins.

New Facebook worm

Tell Facebook users at your house to be very alert when social-network friends seem to say they've just got to check out this or that video. That scenario happens all the time - which is why it's used by social-engineering hackers to infect social networkers' computers. Where the new worm comes in is an extra step for which users need to be on the alert. The way it works is, they get a link supposedly to a video, CNET reports. That takes them to a Google page where they read that, in order to view the video, they need to click to download some code or an app. Clicking on that link installs Trojan software. The link on that page, however, isn't really a Google link. CNET explains why and how Google pages are being used. Though the problem will probably be fixed by both Google and Facebook shortly, this is a good illustration of why social networkers should never blindly click around - especially when there's a cool video in the offing.

Heads up: New worms in MySpace, Facebook

Any social networkers at your house should be aware of the "Koobface" worms, which can turn household computers into remotely controlled "zombies." Computer security firm Kaspersky Lab reports that the worms work this way: A MySpace or Facebook user gets a message or comment from a friend whose computer has already been infected. The messages contain text such as "Paris Hilton Tosses Dwarf On The Street"; "Examiners Caught Downloading Grades From The Internet"; "Hello"; "You must see it!!! LOL. My friend catched you on hidden cam"; and "Is it really celebrity? Funny Moments and many others." Inside the messages or comments is a link YouTube (with a ".pl" extension), supposedly to a video clip. "If the user tries to watch it, a message appears saying the user needs the latest version of Flash Player in order to watch the clip. However, instead of the latest version of Flash Player, a file called codesetup.exe is downloaded to the victim’s machine; this file is also a network worm" that probably not only sends the same message to everyone on your child's friends list but is capable of turning that computer into a "bot" that becomes part of a "botnet" that malicious hackers use to commit crimes such as denial-of-service attacks.