What started out as a mostly harmless annoyance coded by a young Australian lad to mess with his friends has turned ugly [Insert your own Rick Astley joke here].

Intego reports that the exploit used by the ikee worm - which only swapped out users' iPhone wallpaper for a mugshot of the ginger king of the 80s - is being used to steal personal data from affected devices.

The worms are only a concern for those running jailbroken iPhone and iPod touches, of course. Still, even at Intego's estimate of 6-8% of those devices being jailbroken that puts the number at risk at well over 2 million.

It's simple enough to protect yourself - all you have to do is change your root password to something other than the default 'alpine.' Our friends at TUAW posted the following instructions:

Type: ssh root@(iPhone IP address)
When prompted for the password type: alpine
Now you're connected the phone...
type: passwd
It should then prompt your for a new password -- type one that you'll remember. There's no easy way to reset it if you forget it.

Turning off SSH is an option, too, but you should still change the password as well.

The update, which is around 160MB if you're upgrading from 10.6.1, corrects a few nagging issues in the Finder: Exchange contacts not showing up in Spotlight, flaky menu extras, wonky VPN connections and - this one was a personal peeve of mine - not being able to add photos to Address Book. Also, the problem with opening multiple downloaded files at once (a problem Apple never actually acknowledged) is now fixed. Hooray! The whole list is pretty long, and there's also an extensive list of potential exploits addressed by 10.6.2's security update.

Facebook is under attack! Okay, maybe that's a little too dramatic.

Recently, however, hundreds of Facebook groups were exploited by a group of attackers known as "Control Your Info". The hackers promise they aren't doing this for any malicious purpose though. The purpose of the mass hacking is to point out a major problem with the way Facebook handles groups management.

So what's the problem? The guys that did this said the problem has to do with group admins. When someone decides they don't want to be an admin any longer, virtually anyone can take over the group and make changes to members, group information, and pictures.

Unlike completely malicious hackers, the group says it wants to raise awareness and make sure people think about security. The groups that were hacked had their names changed to "Control Your Info" and profile images modified. A message appeared on many of the groups that said "Hello, we hereby announce that we have officially hijacked your Facebook group. If we wanted, we could make you appear in a bad way which could damage your image severely."

The group promised not to "mess anything up" and will return the groups to their original state by the end of the week.

Panda Cloud Antivirus is one of the more talked about releases of 2009. Its new spin on the traditional antivirus model -- like many new programs which embrace cloud computing -- has been met with both praise and criticism. Panda themselves are bullish on Cloud AV, and I was fortunate enough to speak about it with CEO Juan Santana and Senior Research Advisor Pedro Bustamante.

To Santana and Bustamante, Panda's beta testing period was huge success. One way they measured is by taking a look at what Collective Intelligence -- the remote muscle powering Cloud AV -- has processed so far. "Right now, there is about 25 terabytes of data in the Collective Intelligence database," said Santana.

"About 60% of that," he continued, "is malware. We're receiving about 120,000 new files a day, of which 60-70,000 are malicious." In total, Collective Intelligence has processed more than 80 million files so far and generates about 150 gigabytes of log files per day.

On top of that, Cloud AV scored an impressive 99.4% detection rate in a recent round of testing. That figure put it ahead of free favorites like Avira, Avast, AVG, and even Microsoft's new Security Essentials.

Basically, Microsoft went ahead and reacted to the public outcry regarding the Vista security confirmations. I think we can all agree that they were really annoying (and most power-users turn UAC off because of how irritating they are). As a result, there are significantly fewer UAC warnings in a default Windows 7 installation -- hooray! The problem is that the new default setting in Windows 7 leads you to falsely believe that you have a secure installation right out of the box. Sadly, this is not the case.

It's no surprise then that 8 out of 10 malware applications defeated the default Windows 7 UAC setting in tests.

So practice safe surfing (duh!) or go and hoik your UAC settings up to the most secure -- and annoying -- setting. Ars Technica has a great guide on patching up your UAC for new Windows 7 users -- or even an experienced user like myself that falsely believed the default setting to be secure.

[via ZDNet]

If the possibility of having your jailbroken iPod Touch or iPhone held ransom for 5 Euros wasn't enough of a scare to make you change your root password, maybe this will. Users on an Australian forum site are reporting a new attack - one that's no stranger to love.

You guessed it, the newest attack on jailbroken devices is a wallpaper Rickroll. Along with Rick Astley's devilishly handsome headshot, the image also includes the message "ikee is never gonna give you up."

It's actually a pretty tame attack. There are no reports in the forum of sounds being replaced with that all-to-familiar opening verse or repeated, mind-numbing video assaults.

At least one variation has also popped up. In addition to Astley, one user commented that his image had been changed to a New England Patriots logo.

The moral of the story?

If you jailbreak your iPhone or iPod Touch, make sure you change the root password to something other than alpine so you can avoid the shenanigans.

Do you hate having to remember different passwords for every site you sign up for? Google sympathizes. They're working on a way to let you keep far fewer passwords in your life on the web. It's actually something that sites like Plaxo and Facebook already do: allowing you to register for a site by sharing information from an existing account (like your Gmail, for example).

The information never gets stored by the new site you're signing up for, so using your existing credentials is both convenient and secure. Plus, you don't get one of those annoying email messages asking you to confirm your account. (Is it just me, or do those things get marked as spam most of the time, anyway?)

Google's working on some code that will let companies offer this service - it's called "hybrid onboarding," technically - to their users. It's not going to have an immediate impact, but I hope this will cause more sites to get on board with hybrid onboarding and ditch the annoying signup processes and endless passwords.

[via AppScout]

These days, cybercriminals seem to have one thing on their mind: your money. Gone are the days where a virus would simply infect your .exe files and make your system hard - or damn near impossible - to use.

It's bad enough that the bulk of the malware and malicious web scripting we're confronted with on daily basis wants to trick us into installing rogue antivirus software - which tries to trick users into paying to register the useless scareware. Now, they're moving up to hostage taking.

Yep. Digital hostages could be the next big thing in cybercrime, whether it be your iPhone or your important .DOC files.

Ars Technica reported recently about one hacker who exploited vulnerabilities in jailbroken iPhones to gain access, alter the lockscreen to display the warning in the screenshot, and ask for €5 to leave users alone. He also promised to provide a link to instructions on how to prevent this particular hack.

In this particular case, the hacker had a change of heart and has now posted said removal instructions at no charge. If we hear about one, chances are good there are dozens more - many of whom won't show this kind of courtesy after-the-fact.

iPhone aren't the only thing under attack. Computer Associates have discovered a new ransomware variant called LoroBot which targets a PC user's data - specifically doc, xls, zip, mp3, txt, docx, xlsx, and others. Once a system has been infected, the malware then goes to work encrypting those files so you can no longer access them.

The only way to gain access again? Why, to pay the piper, of course. $100 will get you the necessary file to undo the encryption. Fortunately, CA has also provided a tool to do it for free (download here) if you've been victimized. Rogue antivirus apps were once fairly uncommon and now they're everywhere. Could ransomware be the next big thing?

One thing is for sure: if you're running Windows you're using the most popular OS in the world - and because of its massive market share, it's the number one target for malware. Make sure your system is fully updated and you're running a good antivirus app.

I make no bones about the fact that I'm a fan of Malwarebytes. It's easily the best free malware removal app in my toolkit, and it's the first program I turn to when cleaning up an infected system. The Malwarebytes team has worked incredibly hard since their application burst onto the scene, and countless technicians and PC users appreciate the phenomenal work they've done.

Now, for the past few weeks I've been reading numerous blog posts about how IOBit is giving away their security software for free. The offer was timed to coincide with the launch of Windows 7, and has popped up in my Google Reader several times since.

How do the two relate?

A few weeks ago, Malwarebytes staffers came across an interesting post on the IOBit forums. The post detailed a keygen for Malwarebytes and reported it using the same name MBAM reports. The crew dug further and found more evidence of copycat detections.

To confirm their suspicions, a fake signature implanted in the Malwarebytes database.

"The final confirmation of IOBit's theft occurred when we added fake definitions to our database for a fake rogue application we called Rogue.AVCleanSweepPro. This "malware" does not actually exist: we made it up. We even manufactured fake files to match the fake definitions. Within two weeks IOBit was detecting these fake files under almost exactly these fake names."

If this is proven to be true, I certainly hope that Malwarebytes is successful in prosecuting IOBit. For another company to use a tactic as underhanded as this - let's face it, it's outright theft - to build a product and label it as their own is appalling.

IOBit are, of course, defending themselves in their forums. They respond:

"We have never used the database of any other companies. And hope Malwarebytes stop spreading malicious rumors for hyping itself[...]A legal letter will be released later, which will prove that there is no problem with Intellectual Property Rights.

For the sake of avoiding dispute and possible problems, we have deleted all disputed items in our database temporarily, and have updated IObit Security 360's database."

Nevertheless, IOBit's reputation is taking a beating now on WebOfTrust - Malwarebytes supporters have been all too happy to head over and vote down IOBit's trust, privacy, and vendor reliability ratings.

WordPress has become a victim of its own popularity. The blogging-based content management system powers a huge amount of websites, and has become a target for hackers. Site hacks have been around for a long time, but recently they seem to have evolved.

In the past hackers would gain control of a site just to prove that could, then typically post a quasi-incoherent message on the site to prove their hacking prowess and illiteracy. Now hackers have become more advanced, and hacking has become financially motivated. Hacks include embedding links (some hidden, some not) for the purposes of gaming search engines, and instead of crowing about their conquest, hackers are now trying to hide and cover their tracks as much as possible.

This means that site owners are losing their confidence that their sites have not been compromised. With recent highly publicized exploits that allowed hackers to take control of out-of-date WordPress installations, it became even more important to make sure your site is clean.

If you're running a WordPress site on your own server, one step you can take to make sure that it is clean is to install and run the WordPress Exploit Scanner plugin. Beware, the exploit scanner is very thorough, and it will likely report a lot (and I mean a LOT) of false positives. It essentially reports any hiding behavior, which some of the plugins on your site might be doing for very normal reasons.

Even with the false-positives, the WordPress Exploit Scanner is a useful tool in any blogger's toolbox.

In AV Comparative's most recent report on malware removal, MSE was the only free antivirus rated Advanced+. That ranking placed it alongside big names like Norton, Kaspersky, and F-Secure. Security Essentials also beat out technician favorite ESET, which managed only an Advanced rating.

It's also worth noting that only three antivirus apps - Norton 2010, eScan, and Security Essentials - scored marks of good or better in removal of malware and removal of leftovers. So not only has MSE beaten free competitors like AVG (version 8.5 tested, not 9.0), Avira, and Avast, it also posted test scores equal to or better than a dozen antivirus programs you'd have to pay for.

Well done, Microsoft!

[via Ars Technica]

Warning! There's a Twitter phish-fest going on at the moment. Hopefully you'll read this before you become an ill-fated Twit...!

If you receive a DM that looks something like this:

hi. this you on here? http://blogger.djh****.com

Do not use the link!

It will redirect you to a copycat Twitter log-in page, and then forward you to a fake fail whale -- and then later, when you least expect it, your account will have its avatar replaced with a naked girl that seems to be enjoying a deliciously unsymbolic and in-your-face penis. You will then, unwittingly, tell your friends all about fantastic dating websites that you've had a lot of success with recently. I think you'll all agree that's a fate even worse than a celebrity not responding to your well-thought-out and poignant tweet.

[via Sophos]

If you didn't ask to have your Facebook password reset, think twice before opening an email that looks like it's from Facebook's support team. A lot of these fake password-reset emails have been going out lately, and the attachments they contain can take over your computer and add it to the Bredolab botnet, according to ZDnet.

Your first clue that these emails are sketchy is that they contain a zipped .exe file, which is a horribly insecure and inefficient way to send an account password. Although the mail looks like it comes from support@facebook.com, the address is just spoofed to fool you. The botnet behind this attack, Bredolab, is reportedly involved in some large-scale spamming and identity theft activities, so don't risk letting your computer become part of it.

[via ZDNet]