Facebook, Google Vie for Connect Services

One hour after Google did a public launch of Google Friend Connect, Facebook launched Facebook Connect. The simultaneous launch is not a coincidence -- the two competing services are battling for mindshare as they strive to be the frontrunners in data portability.

The companies want users to be able to use their Google and Facebook logins to enter third-party sites. It benefits users and third-party sites and allows Facebook and Google to collect more information about what users are doing online.

There are some key differences between the services. Google's service uses OpenSocial. This means sites using Google Friend Connect can use OpenSocial's open-source applications, such as message boards and ratings gadgets. Google also lets users sign in with their Yahoo!, AOL and MSN usernames.

It's also easier for site owners to use. Google requires adding a few "snippets of code to your site," Stan Schroeder at Mashable reported. However, "adding Facebook Connect apps is a much more convoluted process," he said.

However, Facebook has an advantage in terms of partnering with large third-party services. Facebook Connect is already working with Digg, StumbleUpon and Loopt. Google Friend Connect's partners seem to be smaller sites run by individuals, such as Billboard for the People and Qloud.

It's too early to say how either service will fare, but the Internet is already buzzing with early feedback from site owners.

Loopt, a company with a social-mapping service that lets mobile phone users see whether their friends are in close proximity to them, was one of Facebook Connect's first partners. Evan Tana, the Director of Product Management & Marketing of Loopt, is optimistic about the service.

"Working with Facebook Connect widens the circle of friends Loopt users can interact with, combining the power of Loopt's social-mapping service with an established network of Facebook friends," he said in a press release. "Loopt users will be able to receive an alert whenever Facebook friends are nearby, discover restaurants and bars recommended by their Facebook friends, and integrate their location into their Facebook feed," he added.

Google Friend Connect has also garnered some positive feedback.

Hyperact Design Group is using Google Friend Connect to attract more users to one of its sites - Billboard for the People. The group is trying to raise US$25,000 to create a large billboard in Manhattan to congratulate President-elect Barack Obama.

Danny Peraza, one of the creative directors of Hyperact Design Group, told The Industry Standard that more than 1,000 users signed up for the site through Friend Connect within a few days. He added that hundreds of users have invited their friends to visit Billboard for the People through Google Friend Connect, and that the service has also enabled users to easily add comments to the site.

"There are a few other things I'd like to see," he said. "Like now we've got all these users, and I'd like to have a way to message them, and have a way for them to message each other."

Orli Yakuel, who uses Google Friend Connect on her site GO2WEB20.net would also like to see messaging.

"I think this is a must have feature and needless to say, it's the real way to communicate with someone," she wrote on her blog.

Peraza is hopeful that those additions will come soon. Meanwhile he is happy with what he has.

"It's a step in a right direction," he said. "It means we don't have to set up an online group elsewhere."

source:pcworld.com

Read More!

Facebook Virus Turns Your Computer into a Zombie

Hey, I have this hilarious video of you dancing. Your face is so red. You should check it out.

If you've received a message like that through Facebook or MySpace, you may have been exposed to the "Koobface" virus. "Koobface" comes through an e-mail sent by one of your social networking site friends inviting you to scope out a video.

Once the URL is clicked, "Koobface" prompts you to update your Flash player before the video can be displayed. Therein lies the virus, cloaked in a "flash_player.exe" file. According to the Kaspersky Lab, an antivirus organization working closely with Facebook, "the worms transform victim machines into zombie computers to form botnets."

The McAfee Security Blog explains that when "Koobface" infects your computer, it prompts a downloaded service named Security Accounts Manager (SamSs) to load on start-up. SamSs then proxies all HTTP traffic, stealing results from popular search engines and hijacking them to lesser-known search sites.

A clear eye for fraud will help you avoid this mess. You can usually spot phony e-mails by their titles. Kaspersky found the following: Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments. My own "Koobface" attack came in an e-mail entitled, lool, yoour blushingg afce is so funny! Checkk out. Obviously, Paris Hilton never threw dwarves, and in all likelihood, my 26-year-old friend knows how to spell more than two words. These are clear indicators you're being attacked.

Facebook has posted instructions about how to remove the "Koobface" virus: give your computer an antivirus scrub-down and change your Facebook password.

This attack on the world's most popular social networking site and its 120 million users comes just weeks after Facebook won an $873 million lawsuit against several people accused of hacking user accounts and spreading spam.

source:pcworld.com Read More!

Adobe Admits New PDF Password Protection Is Weaker

Adobe made a critical change to the algorithm used to password-protect PDF documents in Acrobat 9, making it much easier to recover a password and raising concern over the safety of documents, according to Russian security firm Elcomsoft.


Elcomsoft specializes in making software that can recover the passwords for Adobe documents. The software is used by companies to open documents after employees have forgotten their passwords, and by law enforcement services in their investigations.

For its Reader 9 and Acrobat 9 products, Adobe implemented 256-bit AES (Advanced Encryption Standard) encryption, up from the 128-bit AES encryption used in previous Acrobat products.

The original 128-bit encryption is strong, and in some cases it would take years to test all possible keys to uncover a password, said Dmitry Sklyarov, information security analyst with Elcomsoft.

But Elcomsoft said the change in the underlying algorithm for Acrobat 9 makes cracking a weak password -- especially a short one with only upper and lower case letters -- up to 100 times faster than in Acrobat 8, Sklyarov said. Despite using 256-bit encryption, the change to the algorithm still undermines a document's security.

Adobe acknowledged the encryption algorithm change on its security blog. The company said brute-force attempts -- where tens of millions of password combinations are tried in hopes of unlocking the document -- could end up figuring out passwords more rapidly using fewer processor cycles.

The changes were made to increase performance, Adobe said. But Sklyarov said that even with the 128-bit encryption algorithm used in Acrobat 8, the application responds quickly to both correct and incorrect password entries.

"There is no rational reason why they did that," Sklyarov said.

Despite the change, there is a way to keep documents secure: When setting a password, people should use a combination of upper and lower case letters and other special characters, such as quotations marks, Sklyarov said. If special characters are used, the password should be no less than eight characters. If only letters are used, it should be at least 10 to 12 characters, he said.

Adobe imparted the same advice. "With a longer phrase and more diversity of characters, there are many more permutations to guess," according to the blog. The company also recommended that the security of documents can also be enhanced by additional access controls such as smart cards and biometric tools.

source:pcworld.com

Read More!

PC Sales Expected to Drop

The faltering economy is now projected to claim another victim - the global PC market.

Industry analyst firm IDC Wednesday said it is projecting that worldwide PC sales will quickly drop off because the sagging economy is causing people to hold onto their savings while credit is unavailable. IDC noted that it expects PC shipments to inch upward by 3.8% in all of 2009, but added that the valus of those shipments will drop by 5.3%.


Analysts at IDC, though, are expecting the worldwide market to rebound in the second quarter next year, projecting that PC shipments will increase by 13.7% over the sale period this year.

Here in the United States, expectations are a bit bleaker. IDC predicts that U.S. shipments are expected to decline by almost 3% in 2009 with low single-digit increases in the next few years.

"Declining shipment growth in the consumer market, along with the relatively stagnant commercial market will lead to fewer opportunities and more intense competition in the U.S. PC market," said Richard Shim , personal computing research manager at IDC, in a written statement. "Consolidation is expected as PC makers tough out the competitive climate amid lower than expected volumes and thinner margins."

Just a few weeks ago, analyst firm iSuppli Corp. slashed its 2009 growth forecast for worldwide PC shipments by nearly two-thirds because of the deteriorating economy. The firm is now projecting that worldwide PC shipments will rise by 4.3% in 2009, down from its previous forecast of 11.9% growth. The firm also adjusted its expectations for 2010, dropping its initial prediction of 9.4% growth to 7.1%.

ISuppli's adjustment to its PC forecast came just one day after the firm downgraded its estimates for global semiconductor revenue for this year. The researcher projected that 2008 semiconductor sales will decline by 2% to $266.6 billion, from about $272 billion in 2007. In October, iSuppli had predicted that 2008 semiconductor sales would grow by 3.5% over last year's. Analysts also predicted that the negative momentum will continue into the fourth quarter of this year, with the overall market expected to drop by 10.9% compared with the same quarter last year.

Not every market has dropped, though. Early in November, IDC reported that the worldwide microprocessor market hit a new shipment record in the third quarter, largely boosted by Intel Corp.'s new Atom processor. The chips, designed for the increasingly popular netbook computers, boosted the market despite the turbulent economic times, growing by 8.3% from the second quarter to the third.

source:pcworld.com


Read More!

Gmail Gadget for Windows

Google has unveiled a new gadget that allows Google Desktop for Windows users to check their Gmail accounts without having to leave leaving the vendor's desktop search application.

The new gadget will allow users to read, search and send Gmail messages while in Google Desktop, Google noted. Users can also star messages and use keyboard shortcuts.


"It doesn't take up much space in your sidebar or desktop, and you can also resize it to show as few or as many messages as you'd like," noted James Yum, developer programs engineer for Google Desktop, in a blog post Monday. "When I'm at work, I keep two instances of the gadget open: one logged into my personal Gmail account and the other set to my Google Apps account for work related stuff. Instead of getting lost in a sea of tabs or browser windows, I can bring up the gadgets in an instant."


Google released Google Desktop in 2004. The application promises to make searching a PC as easy as searching the Web. It provides full-text search over email, files, music, photos, chats, Gmail and Web pages viewed, according to Google. The application includes other gadgets that allows users to be shown new email, weather updates, photos and personalized news.


Yum noted that Google's gadgets team has received countless requests for a Gmail gadget for Google Desktop, and users posting comments to the page for downloading the new gadget had mostly positive comments.


A user posting as "Brett" said that he liked the gadget a lot but would like to have it play a sound when he receives new mail.


"I am still forced to use GMail icon due to the fact of it not playing a sound when I receive new mail," he added. "I have an MP3 file that I have the other gadget play whenever it detects new mail. If this did that I would be able to get rid of the other gadget."

Another user, "Ashok," said that the gadget has a "nice and intuitive interface" but still is missing the ability to apply labels, support for downloading attachments directly, support for uploading attachments in new mail and the ability to browse through labels.


"Once I've got these, I'm going to replace my Thunderbird client," Ashok added.

soirce:pcworld.com

Read More!

Firefox 3.0 Update Coming This Week

Mozilla will take another stab this week at convincing users running older versions of its Firefox browser to update to version 3.0, the company said Tuesday.


On Thursday, Mozilla plans to offer Firefox 3.0.5, the most-up-to-date edition, to users of Firefox 2.0.0.18, the latest version of the company's 2006 browser. The offer will be the second so-called "Major Update" presented to users since Mozilla launched Firefox 3.0 in June.


The first offer was triggered in late August, and was accepted by more than 50% of the people using the older Firefox 2.0 at the time, Mozilla said.


Currently, three-fourths of Mozilla's users are running Firefox 3.0, according to data released Monday by Web metrics firm Net Applications Inc. During November, Firefox 2.0 accounted for 4.8% of all browsers used, while the newer Firefox 3.0 held a 15.6% market share.


Mozilla will repeat the original offer, which let users choose between accepting the update, postponing it 24 hours or declining it. In August, declining the offer meant that Mozilla might repeat it at some later date, something still possible after Thursday's offer.


"Right now, we're planning on doing one additional Major Update offer in early 2009, with slightly modified text that explains to users that (at that time) Firefox 2 will no longer be supported," said Mike Beltzner, director of Firefox, in an e-mail Tuesday.


As Beltzner noted, Mozilla plans to drop support for Firefox 2.0 after it releases a final set of security patches for the older browser; that update, Firefox 2.0.0.19, is now slated to appear two weeks from today, on Dec. 16. The last two security updates -- Firefox 2.0.0.17 and 2.0.0.18 -- patched a total of 26 vulnerabilities in October and November, respectively.

Some users reported problems with several Symantec Corp. consumer security products, including Norton 360, after updating to Firefox 3.0 in August. At the time, Symantec urged users to update their Norton-branded software on Windows PCs before trying to upgrade to Firefox 3.0.


Users who decide Thursday that they would rather return to the older version will still be able to download Firefox 2.0 from Mozilla's Web site and reinstall it.

source:pcworld.com

Read More!

Vista SP2 Beta out This Week, Final Release by June

Starting on Thursday, anyone can download the Service Pack 2 beta for Windows Vista and Windows Server 2008, Microsoft said on Tuesday.

Any Vista user interested in trying out the update will be able to do so through a Customer Preview Program on Microsoft's TechNet Web site, said Mike Nash, corporate vice president of Windows product management, in a blog post.


He encouraged most Vista users to wait until the final release of the service pack, scheduled for the first half of 2009. But technology enthusiasts, developers and IT pros might want to try out the software and offer feedback, he said.


Microsoft also began offering the beta to subscribers of Microsoft Developer Network (MSDN) and TechNet, both organizations for developers and IT professionals, on Tuesday.


Vista SP2 includes previously released fixes and is expected to be compatible with applications that run on Windows Vista and SP1. It will also include a couple of other new features, including Windows Search 4.0 for improved search, the most recent Bluetooth 2.1 Feature Pack, the ability to record data on Blu-Ray media natively, Windows Connect Now for easier Wi-Fi configuration, and support for UTC timestamps for file synchronization across time zones.


Microsoft distributed SP2 to a small group of beta testers in October at its Professional Developers Conference.

The second update for Vista comes as Microsoft continues to work on the operating system's successor, Windows 7. Microsoft offered its first pre-beta version of Windows 7 to developers at PDC.

source:pcworld.com


Read More!

Microsoft Releases Next Wave of Windows Live Services

Microsoft has released a new wave of Windows Live services that adds more social-networking qualities to its set of online services.

The company unveiled last month a plan to add Facebook-like qualities to its set of online services, which include e-mail, calendaring, instant-messaging, photo-storage and sharing and collaboration services, among others. At the time, the company said the new services would be available to users before the end of the year.


Microsoft first revealed the Windows Live brand for its online services and a plan for a major overhaul and to add new services in November 2005. The services are aimed at competing with Google by making Windows Live Web users' entry point into the Web and ultimately allow Microsoft to sell more online advertising.


The new version of Windows Live services lets people users have designated as "friends" see activities they are doing in other Web applications through Windows Live Hotmail, Windows Live Messenger and other Live applications and services. The capabilities will be similar to the way Facebook allows users to be notified via e-mail or on its Web site about what their friends have been doing in the applications they use on Facebook, a feature called the "news feed."


To provide the new "activities" feature, Microsoft has partnered with popular third-party Web sites to link their applications with Windows Live, including Flickr, iLike, LinkedIn, Yelp, Flixster, Pandora, Twitter, Photobucket and Tripit.


In addition to updates to existing services, such as Windows Live Messenger and Windows Live Spaces, there also are several new services available to users with Tuesday's release.

They include Windows Live Groups, a service for letting teams, clubs or other groups of people collaborate and engage in online discussions; Windows Live Photos, a new photo-storage and sharing service; Windows Live Profile, a way for people to share information about themselves with more than 50 partner sites; and Windows Live People, which allows users to store and manage Windows Live contacts.

Users can access the new services online now.

source:pcworld.com

Read More!

Browse Web Sites Via E-Mail

Rediff has started a new 'Web-in-Mail' service that lets its users access websites through the comfort of an e-mail client like MS Outlook, Outlook Express and your Blackberry device. That's right, it doesn't require the use of a Web browser.


Webinmail should allow people at work or school, behind Web block filters, to surf websites that are out of bounds. All you need is an email account to get started. Here's what you should do:

Click on the compose new mail button of your email client, and in the addressed 'To' field type 'browse@webinmail.com'. The URL you want to visit should be mentioned in the subject line; for eg, http://www.pcworld.in

An HTML page of the website (in the subject line) requested will be emailed back to you within a few seconds, the service claims. Clicking on any links in the reply mail will automatically fill it up in the subject line. From here, just repeat the procedure to access further links.

But that's not all. Webinmail can also provide search results through popular search engines. Just type the search keywords (eg, stereo headphones) in the subject line and email it to the same address: browse@webinmail.com. The search results are subsequently emailed.

Webinmail is still in beta, and didn't quite work consistently when we gave it a shot. Email requests from Gmail worked, while Rediffmail accounts couldn't fetch results even close to half an hour after sending the query mail.

source:pcworld.com


Read More!

Watch for a Vista Update in April

Microsoft Corp. will deliver Windows Vista Service Pack 2 (SP2) to manufacturing in April 2009, two months after it issues a final test version to users, according to a Web site that accurately predicted several Windows ship dates in 2008.

TechARP.com, a Malaysian Web site that nailed the release-to-manufacturing (RTM) dates for Vista SP1 and XP SP3 earlier this year, said that Microsoft will post a release candidate -- the final test version -- of Vista SP2 in February 2009, finish the service pack next April and offer it to users via download from the Web at some point afterward.

The last was necessarily vague, if only because Microsoft has had trouble this year synchronizing service pack RTM dates with availability on Windows Update. It took six weeks last winter to get Vista SP1 in the hands of most users -- and then only after a ruckus when Microsoft initially denied access to subscribers of its for-pay developer services -- and a week to issue Windows XP SP3 in the spring. XP SP3 was delayed because of a data-corrupting compatibility bug with Microsoft's own point-of-sale software.

Although Microsoft issued the beta of Vista SP2 to a limited number of testers a month ago, company officials have so far only committed to shipping the update sometime in the first half of next year.

According to Microsoft, Vista SP2 will include Windows Search 4, Bluetooth 2.1 wireless support, faster resume from sleep when a wireless connection has been broken and support for Blu-ray. Some of those features, including Windows Search and the Bluetooth support, have been available to Vista users for months through individual updates.

The service pack will update both Vista, the client version of Windows, and Windows Server 2008, the company's corresponding server software.

Vista SP2 will require SP1 as a prerequisite, a factor that played to Microsoft's ongoing recommendation that users deploy the first service pack as soon as possible.

SOURCE:pcworld.com

Read More!

Intel, HP Describe Green Strategy

Reaffirming their commitment to green computing, technology giants Intel and HP recently announced their respective planet-saving initiatives at the "Greenergy" forum, a slight twist from the traditional Synergy event that the two firms have been jointly organizing in the Philippines since 1997.

"There's been a lot of talk about efforts (that) everybody's doing, steps they are undertaking in terms of greening," said Ricky Banaag, Intel Technology Philippines Inc. country manager, who explained that Intel's approach to "eco-technology" is driven through four pillars: sustainable manufacturing, energy-efficient performance, design for the environment, and policy and industry.

According to Banaag, Intel has long been working on reducing the environmental impact of the company's operations through various initiatives like: solid waste and consumer recycling to reduce e-waste, packaging reductions of 16-40% which decreased number of shipments and fuel consumption, and the pursuit of LEED (Leadership in Energy and Environmental Design) certification for fabrication plants and buildings, among many others.

In the next five years, Banaag said Intel has the following environmental goals: to reduce absolute global warming gas footprint by 2012 from 2007 levels; reduce energy consumption per chip 5% per year from 2007 through 2012; ensure that Intel products maintain energy efficiency for the next two product generations; reduce water use per chip by 2012 from 2007 levels; reduce generation of chemical waste per chip by 10% by 2012 from 2007 levels; and recycle 80% of chemical and solid waste generated per year.

In terms of the products they will be releasing, Banaag says the company will continue to focus on delivering performance without compromising energy efficiency. The official said this is why the company has been generating better power by adding or improving cores on the CPU instead of just increasing processor core speed. Intel's newest 45nm processors are, likewise, lead- and halogen-free, the official said. Banaag likewise touted the use of solid-state drives in the future since, according to him, the requirements for cooling an SSD are much less. "Expect to have greater than a 5x reduction in power with the transition to SSDs," he said.

Banaag also shared that Intel, along with Google and the World Wildlife Fund, has been actively promoting the Climate Savers Computing Initiative which aims to improve computing energy efficiency by 50% (by collectively saving $5.5 billion in energy costs) as well as to reduce global carbon dioxide emissions by 54 million tons per year.

Meanwhile, HP has been just as busy with similar greening initiatives both internally and in the products that they come up with as they see more customers, especially enterprise consumers, are actually also beginning to look at what companies like HP are currently doing to promote greening.

Aside from its reduced energy consumption and recycling initiatives, HP has been coming up with flat panel displays instead of cathode ray tube (CRT) screens since the former are said to use less material and energy. The company has also been renewing its inkjet packaging and pouring in investments on energy-efficient product lines like the HP server processors, desk jet printers, laser jet printers, blade PCs, xw6400 workstation, and its servers and storage.

HP Philippines managing director David Tan shared that HP has collaborated with Dreamworks Animation in coming up with the Halo studio--a network of rooms that lets HP employees meet with colleagues from across the globe by providing life-size, real-time, eye-to-eye conferencing with no delay. According to Tan, use of the Halo studio in global HP offices has led to productivity gains and huge travel cost savings. Asked whether the HP office in the Philippines shall have a Halo studio set up as well, Tan said the Philippines is one of the countries recommended to install Halo, most likely by next year.

HP has also embarked on the "Planet Partners Program" which offers to take back end-of-life HP and non-HP computing equipment like PCs, handhelds, notebooks, servers, printers, etc., for recycling. According to Tan, HP has, in fact, recycled more than 250 million HP print cartridges worldwide since the inception of the Planet Partners program in 1991.

In the future, Tan says HP will continue to "green" its operations by reducing their combined product and operations energy use and associated greenhouse gases (GHGs) by 25% in 2010 and recover 2 billion pounds of computing and printing equipment by 2010.

Citing data from an International Data Corporation (IDC) study Tan said 80% of HP's global customers today evaluate environmental practices as part of purchasing and 55% actually give preferred status to vendors who address environmental issues. "We see this more from corporate clients and global customers coming here who ask about our CSR (corporate social responsibility) initiatives. In the Philippines, questions are coming more from corporate clients but we are increasingly seeing interest from customers about our green initiatives," Tan said.

source:pcworld.com

Read More!

Fujitsu 'Kill Pill' Protects Data on Stolen Laptops

Fujitsu Siemens Computers (FSC) is to offer a security bundle for its customers that will allow them to locate their laptops, as well as protect confidential data, in case of theft.

FSC is offering SystemTrack (tracking software) and DataProtect (data protection software), which will be available from the first quarter of 2009 in selected Lifebook models, and in all business line models of the Esprimo mobile series.

Illustration: Randy Lyhus

FSC said these products feature technology by Intel and Computrace, but later told Techworld in an e-mail that both products were bespoke FSC technology. Exact details of these products are still very thin on the ground, with FSC reluctant to expand beyond the official release, but it says it will be able to provide a greater level of detail in mid-December.

What we do know is that when a business or consumer buys either one of the selected laptops, they will be offered the security products as an optional extra. Users simply need to register their laptops with the Computrace Customer Centre, and if their machines are stolen, they can report the theft (online or via telephone) in a similar manner as reporting the loss of a credit or banking card.

According to FSC, SystemTrack then tracks the stolen machine in real-time and detects its location as soon as the device is connected to the Internet or intranet. The device can even be recovered in this way, as three baggage handlers at Tampa International Airport found out to their cost back in April this year.

The theft of laptops (FSC estimates that laptop thefts rose by 84 percent in 2006 compared to the prior year) has rapidly become a headache for IT managers, who are already contending with securing their email systems and other organisational weak points, where confidential data can leave the company.

With DataProtect, FSC says that confidential data on a laptop can be protected, because if a machine is stolen, the support desk can access the system and save the confidential data centrally in the system -- or, if necessary, completely delete such data.

Indeed, the help desk can also render the hardware useless via a so-called "kill pill." Again, exact details are hard to come by at the moment, but it seems that this kill pill does not entail a low level disk format to wipe the data. "After the system is blocked, the BIOS expects a password, but nothing happens to the data," FSC told Techworld in an email.

If the device is returned to the customer after the kill pill has been activated, users can remove the protection and boot the system again using a special password.

"Dialogue with our customers and our own research have all shown us that data security is one of the major concerns for company IT managers, especially when it comes to implementing a mobility strategy. That is why the reliable protection of sensitive data has topped the list of features for us to add to our business notebooks," said Paul Hoey, Head of Products and Marketing at FSC in a statement.

"The anti-theft protection solution provides us with an advanced and reliable protection mechanism against theft and data loss," he added.

There is no word on pricing as of yet on SystemTrack and DataProtect, although it is thought it will be in the 120 euros (£100) region, but this has yet to be confirmed.

Earlier this month, Fujitsu agreed to acquire Siemens' stake in their European computer joint-venture, Fujitsu-Siemens Computers.

source:pcworld.com/techworld.com

Read More!

Microsoft Warns of Worm Attack on Windows

Security researchers at Microsoft Corp. last week warned of a significant climb in exploits of a Windows bug it patched with an emergency fix last month, confirming earlier reports by Symantec Corp.

Microsoft again urged users to apply the MS08-067 patch if they have not already done so.

The new attacks, which Microsoft's Malware Protection Center said began last weekend but spiked in the past week, use the same worm Symantec first spotted Nov. 21.

Dubbed "Conficker.a" by Microsoft and "Downadup" by Symantec, the worm exploits the vulnerability in the Windows Server service, used by all versions of the operating system to connect to file and print servers on a network. Microsoft patched the bug in an out-of-cycle update five weeks ago after it discovered a small number of infected PCs, most of them in Southeast Asia .

According to Ziv Mador, a researcher with the Malware Protection Center, the new wave of attacks has spread in corporations and hit "several hundred" home users. Most of the infection reports have come from U.S. users, said Mador in a post to the center's blog , but his team has received calls from users in several other countries too. The worm avoids infecting Ukrainian computers, Mador said, which may indicate the malware was written by a Ukrainian; hackers often purposefully skip systems in the country where they live, hoping that will postpone or eliminate any reaction by local authorities.

"It is also interesting to note that the worm patches the vulnerable API in memory so the machine will not be vulnerable anymore," said Mador. "It is not that the malware authors care so much about the computer as they want to make sure that other malware will not take it over too."

The worm also resets the machine's system restore point, said Microsoft in its technical write-up , which may make it difficult or impossible to "roll back" Windows to a pre-infection state.

PCs that have been patched with the MS08-067 fix are protected, Mador stressed.

Last week, Symantec bumped up its ThreatCon security alert status from "1" to "2" in response to attacks it had tracked hitting its customers and honeypots. Others security vendors, however, disputed the uptick.

source:pcworld.com

Read More!