An anonymous reader writes "Engadget reports about 3700 Creative Zen "Neeons" shipped with a virus. The virus in question was the W32.Wullik.B@mm worm. Creative released a statement today to help consumers pinpoint the possibly effected devices."

An anonymous reader writes "Washingtonpost.com has an excerpt of an online interview with "Diabl0", the 18-year-old that Moroccan authorities arrested on suspicion of writing the Zotob and Mytob worms, as well as the Rbot trojan. In the back-and-forth, Diabl0 says his worms "spread only for money" and hints that the motive was receiving commissions from installing spyware on infected computers."

An anonymous reader writes "The Washingtonpost.com is reporting that two men have been arrested for allegedly authoring and releasing the "Zotob" and "Mytob" worms. The first Zotob, released Aug 14 - just 4 days after Microsoft released a fix for the hole it exploited, infected systems at many major news outlets. Mytob remains one of the most pervasive worms on the 'Net today." From the article: "Moroccan authorities, working with the FBI, arrested Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker 'Diabl0.' Arrested in Turkey was Atilla Ekici, aka 'Coder,' age 21. Both individuals will be subject to local prosecutions, the FBI said." Update: 08/26 20:56 GMT by Z : Nana Mous wrote to mention an eWeek blow by blow account of Microsoft's response to the worm. Very interesting read.

Danse writes "ZDNet reports that future worms could evade a network of early-warning sensors hidden across the Internet unless countermeasures are taken. According to papers presented at the Usenix Security Symposium, just as surveillance cameras are sometimes hidden the locations of the Internet sensors are kept secret. From the article: 'If the set of sensors is known, a malicious attacker could avoid the sensors entirely or could overwhelm the sensors with errant data.' A team of computer scientists from the University of Wisconsin wrote up the background in their award-winning paper titled 'Mapping Internet Sensors with Probe Response Attacks.'"

dMill writes "There has been a lot of discussion about Microsoft's decision to bake RSS into Longhorn (see previous Slashdot coverage) but the obvious security implications seem to be on the back burner. eWeek has a story discussing the risks and Don Park is also warning about the potential for abuse and exploitation. For example, the primary mechanism behind podcast, RSS enclosure, can be used to deliver worms and worse to the desktops. If there are any vulnerabilities in iPod (or any MP3 player hooked up to podcast sync client) codec, then podcasting is a good way to deliver overflow inducing content."

nazarijo writes "I think by now we're all familiar with viruses and worms. It may have been a term paper diskette chewed up by a virus back in college, a family member's computer infected with the latest worm, or your email inbox clogged with a mass mailer of the week. But how do AV researchers dissect such malware, especially when virus writers have devoted so much time to avoiding detection and perfecting their craft with self-decrypting viruses, polymorphic shellcode, and obfuscated loops. Haven't you wanted a peek into how that's done, and how you would analyze such a monster that landed in your computer? Well, Peter Szor's book The Art of Computer Virus Research and Defense (TAOCVRD) has been gaining lots of critical acclaim lately for filling that gap, and rightfully so. (Before we begin, however, I should make one thing perfectly clear: I was a technical reviewer of this book. I enjoyed it when I read it originally, and I'm even more pleased with the final result. And now on to your regularly scheduled review.)" Read on for the rest.

Gary W. Longsine writes "Bruce Schneier has posted an interesting entry on expected attack trends to his blog. Of particular interest is the increasing sophistication of automated worm-based attacks. He cites the developing W32.spybot.KEG worm -- once inside a network it scans for several vulnerabilities and reports its findings via IRC. Trend Micro also has information on a scanning-capable version of this worm, which they call: WORM_SPYBOT.ID"

destuxor writes "The grave insecurity of the day is the Sober.P worm which is currently pushing nearly 5% of all email traffic at the moment. Unlike previous worms, Sober can disable the Windows Firewall and Symantec Antivirus. Interestingly, patched machines are not vulnerable to the exploits used by this worm. What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?" update percentage corrected.

norburym (Mary Norbury-Glaser) writes "Firefox and Thunderbird Garage, written by Chris Hofmann, Director of Engineering at the Mozilla Foundation; Marcia Knous, Mozilla Foundation Project Manager; and John Hedtke, president of JVH Communications (and an accomplished technical writer) is published by Prentice Hall PTR. This is the most recent addition to their Garage Series of books, which aims to bring the newest topics in technology to print in an engaging and readable manner. Firefox and Thunderbird Garage does not disappoint: the authors have covered all the bases on these two popular apps with a combined writing style that keeps the subject matter alive and interesting." Read on for the rest of Norbury-Glaser's review.

Ant writes "Broadband Reports posted a CRN article about researcher saying mass-mailed worms have reached their peak. Six years ago, on March 26, 1999, Melissa, the first virus that spread by mailing copies of itself to e-mail addresses it found on infected machines, swept the Internet. Today, the researcher who led authorities to the hacker who wrote Melissa, says that mass-mailed worms have reached their peak."

We passed on your requested questions for Martin Taylor, Microsoft's global general manager of platform strategy, and we got a slew of them. Instead of emailing your questions to Martin, we did this interview by phone and added in a few follow-up questions. You can listen to an MP3 of the call, read the transcript (below), or both.

thejuggler writes "Excite News is reporting that Microsoft is planning to buy Sybari Software Inc., which makes programs designed to protect business computer networks from viruses, worms and other threats. This is Microsoft's second purchase of an anti-virus company. The article states that Microsoft is thinking about charging for their anti-virus and anti-spyware software."

RatBastard writes "SF Gate's Mark Morford asks: Why Does Windows Still Suck? After wtaching his significant other's Windows PC drown in a sea of viruses and worms after only 4 minutes on her new DSL connection, Mark Morford wonders why the masses have not stormed Redmond waving torches and scythes in anger over the never-ending security flaws in Windows. Why haven't they jetisoned the foul beast from Redmond and migrated en mass to the Macintosh or even Linux?"

gurps_npc writes "An article at CNN discusses the how Phishers have moved beyond the typical email scam. Last month, Secunia (Danish security firm) documented a case where a phisher somehow modified a windows host file so that when you type in the correct url in the address, it redirects you to the phisher site. Worms and spyware are being built for the purpose of phishing, and it is also believed that phishers are attempting to compromise domain name servers. If one of these go down millions could lose their security instantly, even if they themselves have maintened the security of their computers."

norburym (Mary Norbury-Glaser) writes "If you own the first edition of this book, then it's probably dog-eared and well thumbed-through, so now's a good time to upgrade to this extensive volume, Practical Guide to Red Hat Linux: Fedora Core and Red Hat Enterprise Linux, second edition. This book covers Fedora Core 2 (2.6 kernel) and Red Hat Enterprise Linux version 3 (2.4 fork version with 2.6 kernel features) and includes Fedora Core on four CDs, which comprises the complete release. Mark G. Sobell accomplishes what many fail at: he has successfully crammed a huge amount of information into one volume in a compact, perfectly readable manner. This second edition serves two audiences, the end user and the administrator, and consequently combines two topics that easily could have filled separate books: Fedora Core and Enterprise Linux." Read on for the rest of Norbury-Glaser's review.

Adam Jenkins writes "I have had a fair bit of experience with malware, from removing DOS viruses to removing rootkits on Windows servers. Currently I am working in desktop support at a university -- exactly where many of the anti-malware battles occur." With that background, he provides a review of the reprinted Malware: Fighting Malicious Code, writing "As with many things computer-related, this book might age quickly, but it has lots of sound theory that will stay relevant for a long time, even if it doesn't discuss the latest worm by name. I haven't read the author's earlier book (Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses) but he is well known as both the author of that and also for the SANS lectures he runs." Read on for the rest of Jenkins' review, or revisit Matt Linton's review.

Robin "Roblimo" Miller is well-known in the open-source world for advocating cheap, user-friendly Linux computing and demonstrating that it's not only possible but available, right now. (He's also a writer and editor at NewsForge, and the editor in chief of OSTG, of which Slashdot is a part, and therefore one of my bosses; take that for what it's worth.) Roblimo's new book Point and Click Linux really consists of three things: the book itself, an included copy on CD of the Debian-based SimplyMepis Linux distribution, and a DVD featuring Roblimo's multi-part narrated video guide for getting started with Linux, Mepis and KDE. "Getting started" is key; this book is for the interested beginner, not the power user. Read on for the rest of my review.

krozinov writes "The goal of this paper is to try to answer the following three questions: How do you reverse engineer a virus? Can reverse engineering a virus lead to better ways of detecting, preventing, and recovering from a virus and its future variants? Can reverse engineering be done more efficiently? The paper is organized into five sections and two appendixes. Section 1 is the introduction. Section 2 reviews basic x86 concepts, including registers, assembly, runtime data structures, and the stack. Section 3 gives a brief introduction to viruses, their history, and their types. Section 4 delves into the Beagle virus disassembly, including describing the techniques and resources used in this process as well as presenting a high level functional flow of the virus. Section 5 presents the conclusions of this research. Appendix A provides a detailed disassembly of the Beagle worm, while Appendix B presents the derived source code of the Beagle virus, as a result of this research."

An anonymous submitter writes "Following last week's release of security configuration guidance for Mac OS X, the National Security Agency has released a paper on Internet worms and how to stop new worms using layered defenses (pdf). A good read - your US tax dollars at work."

jnazario writes "As a computer security professional, one of the things I notice is that for our proposals to be effective, they often require the participation of the vast majority of computer users out there. Almost all of them are not computer security professionals, so it's imperative that our methods be usable by the non-professionals. What makes this even worse is that most computer users are not terribly savvy about what they're using. Terms like hard drives and memory don't mean anything to them, and a browser is just a window to the internet. A computer is a tool for information use, not an end in itself. So, a book like Security Alert: Stories of Real People Protecting Themselves from Identity Theft, Scams and Viruses sounded like it had real promise." Read on for Nazario's review of the book.