Experts are warning that hackers have yet to activate the payload of the Conficker virus.
The worm is spreading through low security networks, memory sticks, and PCs without current security updates.
The malicious program – also known as Downadup or Kido – was first discovered in October 2008.
Although the spread of the worm appears to be levelling off, there are fears someone could easily take control of any and all of the 9.5m infected PCs.
Speaking to the BBC, F-Secure’s chief research officer, Mikko Hypponen, said there was still a real risk to users.
“Total infections appear to be peaking. That said, a full count is hard, because we also don’t know how many machines are being cleaned. But we estimate there are still more than 9m infected PCs world wide.
“It is scary thinking about how much control they [a hacker] could have over all these computers. They would have access to millions of machines with full administrator rights.
“But they haven’t done that yet, maybe they’re scared. That’s good news. But there is also the scenario that someone else figures out how to activate this worm. That is a worrying prospect.”
Experts say users should have up-to-date anti-virus software and install Microsoft’s MS08-067 patch. The patch is known as KB958644.
Speaking to the BBC, Graham Cluley, senior technology consultant with anti-virus firm Sophos, said the outbreak was of a scale they had not seen for some time.
“Microsoft did a good job of updating people’s home computers, but the virus continues to infect business who have ignored the patch update.
“A shortage of IT staff during the holiday break didn’t help and rolling out a patch over a large number of computers isn’t easy.
“What’s more, if your users are using weak passwords – 12345, QWERTY, etc – then the virus can crack them in short order,” he added.
“But as the virus can be spread with USB memory sticks, even having the Windows patch won’t keep you safe. You need anti-virus software for that.”
Method
According to Microsoft, the worm works by searching for a Windows executable file called “services.exe” and then becomes part of that code.
It then copies itself into the Windows system folder as a random file of a type known as a “dll”. It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.
Once the worm is up and running, it creates an HTTP server, resets a machine’s System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker’s web site.
Most malware uses one of a handful of sites to download files from, making them fairly easy to locate, target, and shut down.
But Conficker does things differently.
Anti-virus firm F-Secure says that the worm uses a complicated algorithm to generate hundreds of different domain names every day, such as mphtfrxs.net, imctaef.cc, and hcweu.org. Only one of these will actually be the site used to download the hackers’ files. On the face of it, tracing this one site is almost impossible.
Variant
Speaking to the BBC, Kaspersky Lab’s security analyst Eddy Willems said that a new strain of the worm was complicating matters.
“There was a new variant released less than two weeks ago and that’s the one causing most of the problems,” said Mr Willems
“The replication methods are quite good. It’s using multiple mechanisms, including USB sticks, so if someone got an infection from one company and then takes his USB stick to another firm, it could infect that network too. It also downloads lots of content and creating new variants though this mechanism.
“Of course, the real problem is that people haven’t patched their software,” he added.
Microsoft says that the malware has infected computers in many different parts of the world, with machines in China, Brazil, Russia, and India having the highest number of victims.
Read the rest of this entry »
Posted in Hardware, Internet, Security | 1 Comment »
The Nintendo Wii took the #1 spot in eBay’s 2008 tech toys and gadgets top list, with over 2 million related items sold on the site. The Xbox360 was next at 1.3 million, followed by the Sony PSP and iPod touch.
The full list is below.
1. Nintendo Wii: 2,056,866 related items sold
2. Microsoft Xbox360: 1,297,903 related items sold
3. Sony PSP: 350,591 related items sold
4. iPod Touch: 281,361 related items sold
5. Nintendo Wii Fit: 266,584 related items sold
6. Apple iPhone 3G: 212,837 related items sold
7. BlackBerry Pearl: 207,688 related items sold
8. BlackBerry Curve: 193,788 related items sold
9. Sony Playstation 3: 103,333 related items sold
10. Guitar Hero III: 98,159 related items sold
11. Halo 3: 91,067 related items sold
12. Grand Theft Auto IV: 43,005 related items sold
13. MacBook Air: 12,423 related items sold
14. Guitar Hero Aerosmith: 3,749 related items sold
15. Rock Band 2’s: 1,650 related items sold
Read the rest of this entry »
Posted in Gaming, Hardware | No Comments »
To its fiercest devotees, one of the best things about the BlackBerry is its carefully designed physical keyboard, which the skilled BlackBerry addict can play like a violin. These folks scorn Apple’s popular iPhone, whose keyboard is virtual and must be operated by tapping on the screen.
But, on Friday, Verizon Wireless and Research in Motion, the BlackBerry’s maker, will do the unthinkable: They will introduce a BlackBerry model without a physical keyboard, one where typing and navigating require tapping on glass, just as users do on the iPhone. This new model is called the BlackBerry Storm, and will sell for $250 with a two-year contract, though a $50 mail-in rebate can bring the price down close to the $199 that Apple charges for the base model of the iPhone.
Despite its lack of a keyboard, the Storm is a real BlackBerry in every other respect, with push email, corporate features and the familiar BlackBerry menus. In many respects, the Storm is a touch-based, large-screen version of the recently released BlackBerry Bold, which is the most polished version of a traditional BlackBerry. It is also the latest member of the new class of hand-held computers, the super-smart phone category kicked off by the iPhone last year and joined by the Google G1 earlier this year.
The Storm sports a large, high-resolution touch screen that fills most of its surface and automatically switches from portrait to landscape mode when the phone is turned. There’s also a forthcoming souped-up download store for third-party software, meant to be similar to the ones on the iPhone and the Google phone. And the Storm can even be used in European and other countries where most Verizon phones don’t work.
However, the biggest innovation in the Storm is a clever feature RIM hopes will give it a big advantage over the iPhone. When you strike a key or icon on the Storm’s screen, you feel a physical sensation, as if you were pressing down on a real key or button. That’s because you are, in fact, pressing a real button. The entire glass display is one large button, mounted on a mechanical substructure that allows it to be depressed when pressure is applied.
The idea behind this feature is to make typing on glass feel much more like typing on a real keyboard, and thus to make the virtual keyboard, and the touch interface, more acceptable to people used to physical keyboards and buttons. This push-down screen also replaces the side-mounted scroll wheel or track ball on other BlackBerrys for activating menu choices and icons.
But, in my tests, this physical feedback feature, which RIM calls SurePress, didn’t magically turn the Storm’s touch interface and virtual keyboard into their physical counterparts. The feature does provide a more reassuring confirmation that a key has been struck or an icon has been clicked than the mere visual feedback one receives from the iPhone. But neither I, nor any of the several BlackBerry addicts I asked to try it out, considered typing on the Storm’s keyboard to be very similar to using the keyboard of a traditional full-sized BlackBerry.
In my opinion, using the Storm’s keyboard is much more like using the iPhone’s keyboard than a traditional BlackBerry’s. I found that I could type quite well on the Storm after awhile, but that a greater adjustment, and more practice, were required than with a physical keyboard.
The Storm also has a keyboard oddity that I found annoying, and that may put off others. It presents you with a full virtual keyboard only when you are holding it horizontally. When you hold the Storm vertically, you get a mashed-up keyboard, like the one on the narrower BlackBerry Pearl, which has multiple letters on each key. This keyboard design relies on software to guess which letter you meant to press. You can also switch to a virtual cellphone-style keypad that requires you to hit each key multiple times.
This is a curious design decision. Once a company ditches a physical keyboard for a virtual one, it can create all kinds of keyboard variations. RIM could have offered a full, vertically oriented keyboard, even if it would have had smaller, more closely spaced keys.
RIM also failed to customize the Storm’s virtual keyboard for some common, specific tasks. For instance, on the iPhone, when you are typing in a Web address in the browser, the keyboard morphs to offer a convenient key that automatically enters “.com”. Not so on the Storm.
There’s another glaring deficit in the Storm: It lacks Wi-Fi capability. This means that, unlike on the Bold, the iPhone or the Google G1, if high-speed cellphone data service is absent or pokey, you can’t fall back on speedy Wi-Fi connections in public places. And, at home or in the office, you can’t take advantage of Wi-Fi connections that are often much faster than cellphone data networks.
The Storm has some important advantages over the iPhone. Its screen, while 7% smaller physically, offers about 13% higher resolution. Photos and videos look beautiful on it. It has much better battery life for phone calls than either the iPhone or the Google G1. While the latter two phones deliver just under their claimed five hours of talk time, in my tests, the Storm lasted a bit over six hours, which is actually half an hour more than its claimed 5.5 hours of talk time. And the Storm has a removable battery, unlike its Apple rival.
This new BlackBerry comes with more memory than the similarly priced base model of the iPhone — nine gigabytes versus eight gigabytes. And, unlike the iPhone’s memory, the Storm’s is expandable, via larger flash cards.
The Storm’s camera is much better than the iPhone’s, at 3.2 megapixels, versus just 2 megapixels for the Apple device. It also has zoom and flash, features the iPhone’s camera lacks. And, unlike the iPhone or the Google G1, the Storm can record videos. In my tests, all of these camera features worked well.
Also, the Storm has copy and paste functionality; MMS (a service for sending photos directly to other phones without using email); voice dialing; and the ability to act as a modem for your laptop. It also allows you to edit, and not just to view, Microsoft Office documents. All of these features are missing from the iPhone out of the box.
The Storm also has a better speaker than the iPhone, and a noise-canceling microphone system. Phone calls, even on speaker phone, were crisp, clear and plenty loud. Physically, the Storm is attractive but hardly svelte. While it’s about the same length and width as the iPhone, it is 15% thicker and 17% heavier — almost as heavy as the chunky G1.
The Verizon high-speed network on which the Storm runs is older and better-established than either the T-Mobile high-speed system the G1 uses or the AT&T 3G network used by the current iPhone. Where Verizon’s high-speed data coverage is strong, the Storm flies.
But, because it lacks Wi-Fi, the Storm can be much slower at Web access than its main competitors. I tested these Web speeds in two hotels in Silicon Valley. In the first, where Verizon reception was strong, the Storm trounced the iPhone on cellphone data speeds, averaging over 800 kilobits per second to the iPhone’s 621 kbps over AT&T. But, when I switched the iPhone to use the hotel’s Wi-Fi network, it beat the Storm by 100 kbps or so.
At the second hotel, barely a mile away, the Storm’s lack of Wi-Fi hurt much more. There, Verizon’s signal was poor, and data speeds on the Storm averaged a horrible 96 kbps. But the iPhone on AT&T averaged 459 kbps, and on Wi-Fi the iPhone averaged 785 kbps.
My test Storm, which was a near-final model missing only a few minor software tweaks, was also sluggish at some tasks. It took noticeably longer than the iPhone to flip the first photo from landscape to portrait orientation, or to start the process of flipping through a series of photos by swiping them with a finger. And some other tasks were also slow. It’s possible that production models will be quicker.
BlackBerry Storm’s touch screen switches from portrait to landscape mode when turned, and aims to make typing on glass feel more like typing on a real keyboard.
Rim has tweaked the familiar BlackBerry user interface for the touch screen, and in general these changes worked well. You select the menu item or icon you want with a light touch, then press down on the screen to activate or confirm your choice. There are even a couple of cool new touch features. For instance, in a list of emails, if you lightly touch and hold one entry, the Storm shows you all messages in that thread.
But this combination of a light touch followed by a hard press on the large screen took some practice, just like typing did. It befuddled several BlackBerry veterans at first.
And some common tasks took more steps than on the iPhone. For instance, emailing a link from a Web page required four steps on the Storm, versus two on the Apple device. The Storm’s email system will be familiar to every BlackBerry user. It has the same corporate email features as other BlackBerrys, and I was easily able as well to use a BlackBerry Internet email account and to set up several personal email accounts, including Gmail.
The Web browser is much improved over the one in older BlackBerry models, and offers multiple ways to view and navigate pages, including one in which a finger moves a cursor, just as on a PC. But I found that panning and zooming in the browser was a bit slower and more awkward than on the iPhone. And, to make some Web sites work properly, I had to dig through menus to change options.
Using the BlackBerry desktop software, I was easily able to synchronize my calendar and contact data over a cable from a Windows PC. (There’s also Mac software for the same task.) But, unlike the iPhone or the G1, the Storm doesn’t offer wireless synchronization from consumer services, only from corporate servers.
The Storm’s multimedia software isn’t as fancy as the iPhone’s, but it’s better than the G1’s, and worked very well in my tests.
Overall, the Storm is a very capable handheld computer that will appeal to BlackBerry users who have been pining for a touch-controlled device with a larger screen. And it offers yet another good option for anyone who is looking to buy one of the new, more powerful, pocket computers.
Read the rest of this entry »
Posted in Apple, Google, Hardware, Software | No Comments »
