CVG is running an interview with Kevin Cloud, executive producer at id, and Eric Biessman, who leads Raven Software's programmers and artists, about the upcoming installment to the Wolfenstein series. They provide some detail about what kind of weapons will be available, what those crazy Nazis are up to this time, and BJ Blazkowicz's new ability to "shroud" himself. "Press a single button, at any time, and you'll see the other side of reality: a green and violent dimension that's filled with strange creatures and whirling tornadoes of energy. Just being in the shroud gives you options: floating above the ground are 'collectors' - fleshy heavy metal album cover worms that are scavenging electrical energy. Pop them, with a single rifle round, and they'll blast apart, damaging enemies in the real world. They are essentially exploding, hidden, organic barrels. ...In shroud mode, too, occult symbols etched into the masonry are transformed into holes in walls that BJ can simply step, shoot, or lob a grenade through."

rsiles writes "Honeynet solutions were seen just as a research technology a couple of years ago. It is not the case anymore. Due to the inherent constraints and limitations of the current and widely deployed intrusion detection solutions, like IDS/IPS and antivirus, it is time to extended our detection arsenal and capabilities with new tools: virtual honeypots. Do not get confused about the book title, specially about the "virtual" term. The main reason to mention virtual honeypots, although the book covers all kind of honeynet/honeypot technologies, is because during the last few years virtualization has been a key element in the deployment of honeynets. It has offered us a significant cost reduction, more flexibility, reusability and multiple benefits. The main drawback of this solution is the detection of virtual environments by some malware specimens." Read below for the rest of Raul's review.

Albert writes "Storm shows several key characteristics, some new and advanced. It uses cunning social engineering techniques — such as tying spam campaigns to a current event or site of interest — as well as a blend of email and the Web to spread. It is highly coordinated, yet decentralized — and with Storm using the latest generation of P2P technology, it cannot be disabled by simply 'cutting off its head.' In addition, Storm is self-propagating — once infected, computers send out massive amounts of Storm spam to keep recruiting new nodes."

BaCa writes "Kaspersky Lab found a new variant of Gpcode which encrypts files with various extensions using an RSA encryption algorithm with a 1024-bit key. After Gpcode.ak encrypts files on the victim machine, it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor. Is this a look into the future where the majority of malware will function based on extortion?"

coondoggie writes "Can Internet worms be thwarted within minutes of their infection? Researchers at Ohio State University believe they can. The key, researchers found, is for software to monitor the number of scans that machines on a network send out. When a machine starts sending out too many scans — a sign that it has been infected — administrators should take it off line and check it for viruses. In a nutshell, the researchers developed a model that calculated the probability that a virus would spread, depending on the maximum number of scans allowed before a machine was taken off line.'The difficulty was figuring out how many scans were too many,' researchers said."

Kotaku is reporting that the new Penny Arcade game is showing record breaking numbers, earning $330,000 in the first three days, surpassing previous record holder Worms HD. Penny Arcade's Mike Krahulik was very pleased with the result saying: "Given that our price point was double the other games on that list I'm pretty f***ing happy. We fully expected some people to complain about the $20 price tag but we honestly felt like our game was worth it. Pricing something like this is tricky. Obviously you have to look at the length of time it will take someone to complete the game but you also need to factor in the quality of the experience."

mernil writes with an excerpt that kicks off a story at ZDNet Australia: "Companies are wasting money on security processes — such as applying patches and using antivirus software — which just don't work, according to Cisco's chief security officer John Stewart. Speaking at the AusCERT 2008 conference in the Gold Coast yesterday, Stewart said the malware industry is moving faster than the security industry, making it impossible for users to remain secure."

jcatcw writes "Steven J. Vaughan-Nichols considers the dissimilarities between malware of yore and current infiltrations as we approach the 20th anniversary of the Robert Morris worm. Modern malware apps curl up and make themselves at home in your system, where they wait for a chance to snatch an important password or a credit card number. Welcome to the era of capitalist hacking. Any self-respecting malware program today is polymorphic, making signature-based antivirus approaches difficult. Heuristics and virtual sandboxes offer alternatives, but all such methods are reactive. Unfortunately, monitoring lists and networks is about the only current alternative."

According to an article at Science Daily, "Native, possibly giant, earthworm science in the Pacific Northwest is advancing with the discovery of two new specimens from opposite sides of the interior Columbia River basin. University of Idaho soil scientist Jodi Johnson-Maynard, an associate professor in the College of Agricultural and Life Sciences, said an earthworm that was most likely a giant Palouse earthworm was found in early March near Moscow [Idaho]." I have trouble with the idea that worms of merely a foot long have trouble meeting the designation "giant" outside of Tremors or Arrakis. Update: 05/06 17:44 GMT by T : Correction: That's Moscow, Idaho, rather than Washington. Thanks to the alert reader who spotted this.

bergkamp writes "Hewlett-Packard has been selling USB-based hybrid flash-floppy drives that were pre-infected with malware, the company said last week in a security bulletin. Dubbed "HP USB Floppy Drive Key," the device is a combination flash drive and compact floppy drive, and is designed to work with various models of HP's ProLiant Server line. HP sells two versions of the drive, one with 256MB of flash capacity, the other with 1GB of storage space. A security analyst with the SANS Institute's Internet Storm Center (ISC) suspects that the infection originated at the factory, and was meant to target ProLiant servers. "I think it's naive to assume that these are not targeted attacks," said John Bambenek, who is also a researcher at the University of Illinois. Both versions of the flash-floppy drive, confirmed HP in an April 3 advisory, may come with a pair of worms, although the company offered few details. It did not, for instance, say how many of the drives were infected, where in the supply chain the infections occurred or even when they were discovered."

narramissic writes "In a recent ITworld article, Security researcher Brent Huston ponders how it is that versions of SQL worms dating back to 2002 represent nearly 70% of all malicious traffic on the Internet today. 'I have made a few attempts to backtrack hosts that perform the scans and at first blush many show the signs of common botnet infections. Most are not running exposed SQL themselves, so that means that the code has likely been implemented into many bot-net exploitation frameworks. Perhaps the bot masters have the idea that when they infiltrate a commercial network, the SQL exploits will be available and useful to them? My assessment team says this is pretty true. Even today, they find blank "sa" passwords and other age-old SQL issues inside major corporate clients. So perhaps, that is why these old exploits continue to thrive."

An anonymous reader writes "Microsoft researchers are working out the perfect strategies for worms to spread through networks. Their goal is to distribute software patches and other friendly information via virus, reducing load on servers. This raises the prospect of worm races — deploying a whitehat worm to spread a fix faster than a new attacking worm can reach vulnerable machines."

r3lody writes "There are many households that have high-speed Internet connections, yet most people are simply not doing enough to protect themselves from the many exploits that exist. The Symantec Guide to Home Internet Security by Andrew Conry-Murray and Vincent Weafer was written to speak to those people. Symantec Press is the publisher, yet it remains reasonably vendor-neutral. This book is for non-technical people. Its ten chapters cover a relatively slim 240 pages, so it should not intimidate someone who is not a computer professional. Also, you do not really have to read the book front-to-back, but you can focus in on the chapter or chapters that interest you and have fairly complete information." Read on for the rest of Ray's review.

Boggle Addict writes "Rather than participating in the online gaming market, Hasbro is suppressing it with litigation. Scrabulous, a Scrabble imitation, is already fighting to prevent being shut down. Today, Hasbro sent out DMCA notices to other apps on Facebook, including Bogglific, a Boggle imitation. Copyright law has has always held very limited protections for games. This may be opening a can of worms for Hasbro.

climber writes "Just days after the first scareware for OSX, researchers are pondering the problems of an iPhone exploit that could lead to larger issues. The Trojan pulls legitimate apps off the phone if you try to remove it, but it only infects iPhones that have 'been modified or opened through a security hole in the system.' Though this worm is more of an annoyance than anything else, it could be a proof of concept for a more serious attack. 'The fear is hackers may be experimenting and gathering research that will increase the dangers of a more malicious attack in the near future. It is clear at least one writer -- the author of this piece at Web Worker Daily -- thinks that the iPhone should be left on the dresser in the morning. She offers several reasons that the device isn't a good corporate tool.'"

alphadogg writes with a link to a NetworkWorld article about a troubling security scenario. Indiana University IT researchers are now saying that a WiFi attack intended to piggyback across unsecured access points could do serious damage in a city like Chicago or New York. By essentially brute-forcing the passwords on insecure routers, a worm-like firmware agent could be introduced to an estimated 20,000 networks in New York City alone. "Although the researchers did not develop any attack code that would be used to carry out this infection, they believe it would be possible to write code that guessed default passwords by first entering the default administrative passwords that shipped with the router, and then by trying a list of one million commonly used passwords, one after the other. They believe that 36% of passwords can be guessed using this technique."

Microsoft is gearing up for another big update to Xbox Live, and soon they'll be offering a friend of a friend feature that will allow users to peruse their friends' friend lists. It's a voluntary service, and is gated by your age to avoid any parental fears. If you'd rather turn it off ahead of time, they already have a dedicated site set up for that purpose. (Gamertag login required.) That update will be dropping on December 4th. Relatedly, they're also rolling out a whole bunch of new backwards compatability options for your old Xbox games. Highlights include support for: Baldurs Gate: Dark Alliance, Burnout 2: Point of Impact, Forgotten Realms: Demon Stone, Indiana Jones And The Emperors Tomb, Star Wars: Jedi Starfighter, Syberia II, The Bard's Tale, Worms 3D. There's also support for a slew of sports titles going all the way back to 2003.

Rumours of financial schemes surrounding the botnet aside, PC World has an article that should lower the blood pressure of some SysAdmins. The Storm Worm botnet is apparently shrinking. A researcher out of UC San Diego who has been tracking the network has published a report indicating it is now only 10% of its former size. "Some estimates have put Storm at 50 million computers, a number that would give its controllers access to more processing power than the world's most powerful supercomputer. But Enright said that the real story is significantly less terrifying. In July, for example, he said that Storm appeared to have infected about 1.5 million PCs, about 200,000 of which were accessible at any given time. Enright guessed that a total of about 15 million PCs have been infected by Storm in the nine months it has been around, although the vast majority of those have been cleaned up and are no longer part of the Storm network."

The Washington Post has an article detailing what is known of the workings of the Russian Business Network, a shadowy entity based in St. Petersburg that hosts a good fraction of the world's spammers, identity thieves, bot herders, and phishers. RBN is not incorporated anywhere and may not technically even be violating Russian law. It provides "bulletproof hosting" for about $600 a month to a wide range of bad guys.The author of the Post story, Brian Krebs, supplements it with two blog posts. One provides more detail and back story including a look at one ISP's security admin who decided last summer to ban all RBN traffic from his network, with outstanding results. The other post maps some of the RBN's upstream suppliers and details the extent of the RBN's involvement in recent cyber-attacks: "Nearly every major advancement in computer viruses or worms over the past two years has emanated from or sent stolen consumer data back to servers" in the RBN.

SkiifGeek writes "A survey carried out by McAfee and the NCSA found that while more than 90% of users believed that they were protected by antivirus or antimalware products that were updated at least once a week, only 51% actually were. 'Even with significantly growing awareness by everyday users of the need for efficient and effective antivirus / antimalware software, and the increasing market penetration achieved by the security industry, the nature of rapidly evolving Information Security threats means that the baseline of protection is outstripping the ability of users to keep up (without some form of extra help).' The study is available online in PDF format. What sort of an effect does this sort of thinking, and practice, have on the overall security of your systems, networks, and efforts to educate?"