Although we’ve not seen too many actual attacks from this, it’s been widely reported in the media, perhaps as it’s quite a novelty these days to see a worm spreading in this way.

It spreads itself as an executable in email, but disguises itself as a PDF file, when executed it attempts to download some other malicious files on the victim machine, and drops some files in an attempt to let the worm spread via autorun.

K7 Total Security detects this worm as  ”Emailworm (0019e4ae1)” (yeah, it’s that uninteresting!)

Full information is here:

http://viruslab.k7computing.com/index.php?option=com_k7virus&view=showvirus&Itemid=1&id=818

If you’re interested in more, Dan Goodin has written a short piece about the worm on The Register http://www.theregister.co.uk/2010/09/10/email_worm_spreading/

Andrew Lee
CTO K7 Computing

The term ‘drive-by download’ has a number of definitions but is, in principle, the process where malicious software is downloaded to your PC without your consent or knowledge. This is most commonly due to visiting an infected website, opening a seemingly legitimate email attachment or installing an unknown browser Plugin.

Regardless of how you come across a drive-by download, they almost exclusively work by exploiting a vulnerability in your browser. For that reason, it is essential to ensure that you regularly update your browser as well as your antivirus software. Other browsers, such as Google Chrome or Mozilla Firefox, sell themselves on the claim that they are less susceptible to such attacks than Microsoft’s Internet Explorer.

But this form of attack has come a long way since the days of the pop-up ad explaining how to claim your free laptop or inviting you to play a duck shooting game and it is something of a fallacy that the only sites where malware resides are suspicious looking URL’s from notorious virus hot spots -far from it. In recent years, malware distributors are increasingly looking to exploit weaknesses in web and ad servers in many of the world’s respected websites. In September 2009, ads on the New York Times website were infected with malicious software whilst the website of the Daily Mail has also been the target of a similar attack.

The advice to computer users is simply to make sure that your antivirus software is installed and up to date and that they also install the latest security updates and bulletins for your browser software. Also consider using a firewall, a system that prevents unauthorised traffic from entering and leaving your PC, which can be found in most antivirus software packages.

Chinese government officials have issued the warning over the Worm_Piloyd.B worm after the virus was discovered circulating on Chinese networks.

The Tianjin-based National Computer Virus Emergency Response Centre reported that the virus infects .exe, .html and .asp files and is programmed to block users from restoring any files that are infected.

The virus also forces an infected system to download other viruses from websites and it is claimed that the worm will also be used to make an infected PC part of a wider botnet.

The warning is unusual in that it has not been issued by antivirus experts in the US or Europe but instead, from a officials in a country which has become renowned for being a breeding ground for malicious software. Research released in 2008 claimed that 44.8% of all malware-infected websites were being hosted in China.

The problem, many believe, is exasperated by the Chinese government’s secretive policy on computer usage, with strict state controls on computer usage and internet access. For example, a compulsory government firewall software program must be installed on all PCs being used in the country.

Earlier this year, a report by the US-China Economic and Security Review Commission suggested that Chinese government agencies were attempting to monitor American computer systems.

Computer users are urged to ensure that their antivirus software is kept up-to-date to minimise the risk of being affected by the worm.

The virus, believed to have originated from an employee’s USB memory stick, brought computer and telephone systems to a stand-still back in May, costing the council around £500,000 in lost revenue, an investigation has found.

But as was the case when the Conficker virus affected Manchester City Council back in June this year, it was misbehaving motorists who benefitted most of all from the virus outbreak, with computers unable to process any payments or penalty charges. As a result, a total of 1,838 parking tickets had to be cancelled, costing an estimated £90,000 in lost revenue to the authority.

Other losses included the writing-off of library fines and fees, totalling £25,000 in lost revenue whilst £14,000 was spent in clearing a backlog of housing benefit claims. Council property rent also went uncollected during that time whilst IT security consultants also formed part of the total estimated cost.

It is claimed that the virus attempted to disable antivirus software and access to support sites, which automatically attempting to connect with other targeted websites.

A council spokesman is reported as saying: “Like many other organisations, Ealing Council’s computer and telephone network was attacked by a sophisticated virus.

“The council acted immediately to protect all data and ensure that essential frontline services could continue to operate.

“Costs to the council included urgent work to recover computer systems and prevent the virus from spreading.”

According to data acquired under the Freedom of Information Act, which allows the public to request access to information deemed to be in the public interest, by More4 News, more than 8,000 viruses got through NHS security systems last year, with 12 incidents affecting clinical departments and impacting on patient care.

Problems included appointments being cancelled without warning, with patients having to be turned from one hospital in Scotland for clinical appointments.

The Royal London and London Chest Hospital were also hit, with patient administration services badly affected.

A number of NHS trusts conceded that their networks were attacked because antivirus software was turned off or not properly implemented.

Hospitals in the Grampian, Isle of Wight, Basingstoke & North Hampshire, Newcastle, Poole, Bradford Teaching Hospitals and Leeds Teaching Hospitals trusts were also badly affected.

In Sheffield, a total of 800 PCs were infected after just one computer in an operating theatre had its antivirus software switched off.

The statistics include the number of cases where health systems were hit by the Conficker virus, a worm which hit a number of government, medical and military systems around the world.

The NHS defended its IT policies, claiming: “Electronic patient records systems are protected by the highest levels of access controls and other security measures. These levels of security are far higher than any which can be imposed on access to paper records or the majority of local NHS IT solutions.”

An investigation by leading news agency Associated Press (AP) tested devices freely available from major electrical stores in the US, including Apple iPods, TomTom satellite navigation systems and a digital photo frame which were found to contain some form of malware, such as spyware and keylogging software.

The revelation will surprise many consumers, with computers previously being warned over online threats rather than those that could be hidden deep within the directory files on everyday devices from some of the biggest names in the technology sector, putting their computers and personal details at risk.

The report did however concede that the presence of malware on the devices, which are commonly connected into user’s PC to allow data transfer, is not likely to be intentional or representative of a malicious attack.

Instead, the report suggested that lax IT and security standards in manufacturing plants in China and other parts of the Far East are part of the problem. For example, one likely source of the malware could be a product tester who may have inserted an infected disk or music player into a PC.

However, due to the nature of mass manufacturing, it is extremely difficult to assess the scale of the problem.

“It’s like the old cockroach thing – you flip the lights on in the kitchen and they run away,” said Marcus Sachs, a former White House cybersecurity official who now runs the security research group SANS Internet Storm Centre. “You think you’ve got just one cockroach? There’s probably thousands more of those little boogers that you can’t see.”

This is not the first time that large technology companies have been found to be shipping products containing what could be described as forms of malicious software. In 2005 Sony BMG was found to have installed a rootkit onto music CD’s as a copy protection measure – an action that is outlawed in many countries.

The report advised consumers to use up-to-date antivirus software to scan the contents of any new device that they may plug in to their system before accessing any files.

Research by price comparison site moneysupermarket.com revealed that 24% of British PC users have been the victim of a computer security breach despite 95% of those surveyed claiming to have antivirus software already installed on their PC.

Of those who have suffered an attack, 39% described the assault as causing a “major disruption” to their system whilst a further 10% described their attack as “deadly”, rendering their computer unusable.

One in twenty claimed that personal information had been stolen as a result of a malicious attack.

The type of content being viewed by users also appeared to have an effect, with almost one in 10 of those surveyed believing that the attack occurred after accessing an “adult” website.

A fifth of people believed that their virus attack came from general surfing and one in eight from opening unknown files or attachments.

Young males were the most likely group to be victim to a malicious attack, with 38% of those under 20 and 30% of under-20s admitting to experiencing virus problems on their computers.

“People need to be more aware of security threats than ever before,” said James Parker, manager of broadband at moneysupermarket.com.

“Most people use some of their personal details online – whether through internet banking or online shopping – and it’s vital that people take appropriate steps to protect this information and themselves.”

The company recommended that users take greater care over their personal details and email attachments, as well as ensuring that their antivirus software is kept up-to-date.

The latest form of the virus, which has infected an estimated 15 million users worldwide, contains an instruction to perform a particular action on April 1, although nobody is yet sure as to what, if anything, that action is.

There are also suggestions that, given the hype over the worm, we could be about to witness the internet’s biggest ever April Fool’s Day joke.

The Conficker virus, also known as Downadup or Kido, has gained notoriety in recent months due to the rate at which it has spread as well as the number of high-profile organisations that have fallen prey to it. To date, several government, military and health systems are known to have been affected by the worm including the British Houses of Parliament IT system.

The virus buries itself deep inside the Windows operating system where it can then be used to steal users’ passwords and personal information, including bank details. It sets up files and starts downloading information from a controlling server, creating a “botnet” of infected PCs.

Many security experts believe that from midnight on April 1, the Conficker program will start scanning thousands of websites for a new set of instructions telling it what to do next.

Microsoft, which has released several security updates and urged customers to update their antivirus software, has offered a $250,000 reward for information that leads to the capture and conviction of the authors of the virus.

If you feel that you have been infected by the worm, download the free Conficker removal tool.

Expect plenty of spoilers as we, in no particular order, run through our top five films in which firewalls and antivirus software we definitely not on the props list.

Tron (1982)

Hailed as one of the great innovators for computer generated imagery in film, Tron tells the story of Kevin Flynn, a talented computer programmer and budding game developer who created games in his spare time.

His ideas however, were stolen by co-worker Ed Dillinger and whilst Dillinger earned a series of promotions off the back of them, Flynn was left to work in a video arcade surrounded by the games that he himself had created. In an attempt to find evidence of Dillinger’s actions, Flynn tries to hack into the company system but is knocked back by the MCP (Master Computer Program).

It emerges that the MCP is appropriating all other computer programs in order to become the controlling system in the world.

Flynn is warned that his hacking attempts have been noticed by a former co-worker Alan Bradley but the determined hacker merely adopts a different approach. To regain access to the computer Flynn again sneaks into the system, this time through another security group, but gets himself digitized. Stuck inside the system, he pretends himself to be a program and manages to help another program, Tron, free the machine from the control of the MCP.

After the MCP is destroyed, Tron prints the evidence that Flynn needs to prove Dillinger’s wrong-doing.

Hackers (1995)

The name more-or-less gives it away with this one. Rafael Moreu’s screenplay take’s inspiration from cyber-criminal subcultures, with many elements and names used in the film taking inspiration from real-life hacking examples.

In the film, a youngster from Seattle, Dade “Zero Cool” Murphy, is arrested and charged with crashing 1,507 computer systems in one day and causing a single-day 7-point drop in the New York Stock Exchange. That results in the eleven-year-old being banned from using a computer until his 18^th birthday.

Soon after he turns 18, Dade is back into the hacking community, duping a local television station and altering their schedules. After enrolling at high school in New York, Dade joins up with a group of misfits and rich kids who share his passion for hacking into computer systems, purely on the grounds of fun.

The story turns when one of the group, as part of a plan to prove himself to the others, hacks into the supercomputer of a major oil company, stealing what turns out to be a major virus and inadvertently uncovering Eugene “The Plague” Belford (the name Eugene is thought to have been inspired by controversial computer security expert Eugene Spafford); a corporate hacker disguised as a security officer intent on causing ecological disaster.

Office Space (1999)

Whilst not a major hit at the box office, the film Office Space quickly became a cult classic when it hit video shops and, many argue, became the inspiration for the UK and US television sit-com ‘The Office’.

Fed up with their jobs, inane procedures and bullying management, Y2K bug programmers Peter Gibbons, Samir Nagheenanajar and Michael Bolton fear for the worst when a team of consultants are called in to make the their company Initech more efficient. It is only through a stroke of luck in a hypnotherapy session that Peter manages to impress the consultants enough to keep his job. Michael and Samir on the other hand, aren’t as fortunate.

To get back at the company, Michael creates a computer virus that, when installed into the company’s banking software, will divert fractions of pennies, left over from some of the millions of financial transactions that their software handles, into a bank account they control. The idea being that the amounts diverted into their account each day would be so small that they would be untraceable by the company’s management.

The problems emerge when Peter checks the bank balance just a day later and it emerges that a misplaced decimal point leads to more $300,000 being diverted in less than 24 hours.

Peter decided to return the money, secretly placing $300,000 worth of traveller’s cheques under the office door of company vice president Bill Lumberg. Expecting to be arrested the following morning, Peter is saved by Milton, the meek, mumbling collator who, after years of bullying from management and the loss of his treasured red Swingline stapler, finally snaps and sets fire to the office building – after running away with the $300,000 found in Lumberg’s office.

Swordfish (2001)

Whilst getting a largely negative critical reception, Swordfish’s all-star cast and huge press profile ensured that the title secured $147m in box office receipts.

Stanley Jobson was regarded as one of the best hackers in the business – that was before he was jailed for infecting the FBI’s Carnivore program with a malicious virus that put back the software’s deployment by several years. Jobson is released after two years but as a condition his release, he is forbidden from touching a computer.

Whilst back at home in rural Texas a woman named Ginger Knowles shows up to solicit his hacking skills for her boss Gabriel Shear. Ginger offers Stanley $100,000 to meet up with Gabriel in a Los Angeles nightclub where Gabriel then forces him at gunpoint to hack into a government system within just 60 seconds. Stanley succeeds, much to the surprise of Gabriel, and is hired to take on a much bigger task – write a worm that will steal $9.5bn from the Federal Reserve.

Goldeneye (1995)

No Bond film has really had a computer virus as its main theme – that’s nowhere near as glamorous as a Monte Carlo Casino or the Monsoon Palace, but Goldeneye goes close.

Boris Ivanovich Grishenko is the Bond comedy villain in this piece; a talented hacker who has infiltrated, amongst other things, the US State Department of Justice. His confidence and constant claims of being “invincible” do little to help him win over his co-workers and it’s difficult to take him seriously.

Boris’ target becomes the GoldenEye weapons satellite but, as is the case with many Bond characters, he meets a typically comedic and ironic end.

While attempting to crack the access codes for the GoldenEye satellite, Boris inadvertently activates a grenade disguised as a pen. That leads to an explosion in the control room and results in huge vats of liquid nitrogen emptying onto Boris, killing him while victoriously grinning.

Do you agree or disagree with our list? Add your suggestions below.

Online banking fraud increased to £52.5m last year, a huge jump from £22.6m in 2007, said UK payments association Apacs.

Total fraud losses on UK debit and credit cards rose by 14% to £609m.

The increase has been blamed largely on the increased sophistication of various forms of spyware and keylogging software which captures information stored and entered into a computer, particularly when entering sensitive details such as passwords or credit card numbers.

Under UK’s Banking Code, customers are not liable for any fraudulent activity on their account unless the bank can prove a customer acted “without reasonable care”. However, a technicality in the code could see such a clause could apply to any customer who does not have antivirus software installed on a PC on which they make financial transactions.

“The industry continues to remind customers to ensure that they have their computer’s firewall switched on and anti-virus software up to date,” said an Apacs spokeswoman.

UK Credit card fraud in general has been falling in recent years following the introduction of a Chip & Pin system, which has seen a customer PIN number replacing the signature system, although those figures have also risen in the past year

As in previous years, the biggest area of card fraud was with goods bought over the internet, phone or by mail order – where chip-and-pin was not used. Fraud levels in these instances rose 13% to £328m.

The most significant rise in 2008 was when criminals took over other people’s accounts, known as card ID theft, with losses up by 39% to £47.4m.