According to Time Magazine, This is just the “people’s choice” list, not the official list picked by Time’s editors, It seems they know what happen and just didn’t do anything about it, probably think it’s harmless, but if this can happen, How credible would be it’s “people choice lists” if it can be manipulated.

Time Magazine Throws Up Its Hands As It Gets Pwned By 4Chan

The army of Conficker-infected machines, known as a “botnet,” could be one of the greatest cybercrime tools ever assembled. Conficker’s authors just need to figure out a way to reliably communicate with it.

Infected Machines need commands to come alive. So far, Conficker-infected PC’s have been trying to connect each day to 250 Internet domains. The hackers needs to get just one of those sites under their control to send their commands to the botnet. (The name Conficker comes from rearranging letters in the name of one of the original sites the worm was connecting to.)

Conficker has been a victim of its success, however, because its rapid spread across the Internet drew the notice of computer security companies. They have been able to work with domain name registrars, which administer Web site addresses, to block the botnet from dialing in.

Now those efforts will get much harder. On April 1, many Conficker-infected machines will generate a list of 50,000 new domains a day that they could try. Of that group, the botnet will randomly select 500 for the machines to actually query.

Microsoft recently issued a patch for the flaw targeted by the Conficker worm, and suggested the use of strong password to prevent much of the spread.

Damballa, a company focused on botnet detection, said Conficker was far from being a major problem in the typical enterprise.

“We do see Conficker compromises in enterprises, but they comprise a minority of the total number of compromises we see in these environments,” said Tripp Cox, vice president of engineering for Damballa. “The majority is the long tail of smaller botnets.”

According to virus researcher and anti-virus maker F-Secure Corp. The Conflicker worm does not affect Apple computers.

Mahalo hired John Schiefer without being aware of his cyber crimes, and regretted seeing him sentenced on Wednesday to four years in prison, founder Jason Calacanis said in a message posted online.

Schiefer used “botnets,” armies of computers hijacked by using malicious software, to steal people’s identities and snoop on electronic communications, according to Los Angeles US attorney’s office spokesman Thom Mrozek.

Schiefer, 27, pleaded guilty in US federal court last year to breaking into computers to commit fraud and steal information sent during online financial transactions, prosecutors said.

Using the online name “acidstorm,” Schiefer admitted that he illegally got into hundreds of thousands of computers and remotely controlled the compromised “zombie” machines, according to Mrozek.

In an unprecedented turn, the hacker was convicted of wiretapping charges for mining online financial account and password information from infected machines and then making unauthorized transactions.

Schiefer is accused of also giving stolen usernames and passwords to cohorts.

Part of the criminal case involved Schiefer duping a Dutch Internet advertising company into paying more than 19,000 dollars to install its software on people’s computers, supposedly with their consent.

Instead, Schiefer and accomplices secretly slipped the Dutch firm’s software onto approximately 150,000 “zombie” computers, according to Mrozek.

US district judge Howard Matz sentenced Schiefer to four years in prison and a 2,500-dollar fine. Schiefer reportedly agreed when he entered his guilty pleas to pay back the Dutch firm.

Schiefer will start his prison sentence June 1 and his stint behind bars could be shortened if he behaves well, wrote Calacanis, who attended the sentencing hearing.

“I wish in my heart of hearts that judge had given John a sentence from home, where we could have supervised him,” Calacanis wrote.

“Almost all talented developers push the envelope when they’re young. Anyone in technology knows this dark, dirty little secret.”

Calacanis said that Mahalo’s vice president of operations didn’t know about the hacker case when he hired Schiefer, and that by the time executives found out he was convinced that Schiefer had shed the “angry, stupid” ways of his youth.

“I’m hoping that the time he’s spent being a productive member of the Mahalo team inspires him to keep his head down in jail,” Calacanis wrote.

“When he comes out, I hope to be able to offer him a job … Life is short, we all make mistakes and I’m glad we’ve been given the opportunity to work with someone who needs the help and guidance.”

Calacanis added a note assuring Mahalo users that Schiefer’s work was well supervised and that the website does not store sensitive data, so little harm could be done “even if one of our employees did go off the deep end.”

The 38-year-old Internet entrepreneur started Mahalo in May of 2007. Mahalo is in a beta test phase and distinguishes itself from other Internet search engines by having editors review websites and create results pages.

The search engine’s name is derived from a Hawaiian word with a variety of meanings along the lines of thanks and regards.

Mahalo vouches for criminal hacker in its midst

The problem became very public when Google’s malware warning system kicked in as people tried to browse the site, saying Auctiva was infected with malware. Google will display an interstitial page warning people of certain Web sites known to contain malware.

“It appears the reason these virus alert warnings started showing up on our site is because some of our machines were injected with malware originating in China,” according to a post on Auctiva’s community forum. “The malware we believe to be at fault has also hit a number of other high-profile Websites over the past six months.”

It appears that the malware targeted Microsoft’s Internet Explorer browser. Auctiva recommended using Firefox, as that browser is “less susceptible to this sort of malware than Internet Explorer.”

ebay malware”Found eight Trojans on my system that seemed to have snuck through my on-access protection, or maybe because, like a fool, I clicked ‘ignore the warning’ to get to Auctiva’s front page,” wrote one user on Auctiva’s forum.

If Google displays a warning about a dangerous Web site, it still gives people the option of browsing to the site. Auctiva said it was working with Google to ensure the warning is not displayed now that it has cleaned up its servers.

However, people who browsed Auctiva between Thursday and Saturday afternoon until 2 p.m. Pacific time should ensure their machines are not infected. Auctiva recommends clearing the browser cache and deleting all temporary files. Also, Windows PCs should be up to date on patches, and antivirus software should be used, Auctiva said.

eBay Auction Tool Web Site Infected With Malware

Close-up, ground-level imagery of US military sites posed a “potential threat” to security, it said.

The move follows the discovery of images of the Fort Sam Houston army base in Texas on Google Maps.

A Google spokesman said that where the US military had expressed concerns, images had been removed.

Google has now been barred from filming and conducting detailed studies of bases, following the discovery of detailed, three-dimensional panoramas online – and in particular, views of the Texan base.

“Images include 360-degree views of the covered area to include access control points, barriers, headquarters, facilities and community areas,” said the defence department in a statement quoted by AFP news agency.

It said such detailed mapping could pose a threat.

Google spokesman Larry Yu said the decision by a Google team to enter the Texas base, which is in San Antonio, and undertake a detailed survey, had been “a mistake”.

He told the BBC that it was “not our policy to request access to military installations, but in this instance the operator of the vehicle with the camera on top – which is how we go about capturing imagery for Street-View – requested permission to access a military installation, was given access, and after learning of the incident we quickly removed the imagery”.

Individuals and governments

Military officials are currently looking into exactly what imagery is available – though it may not be able to order its removal if images are taken from public streets.

Among the popular mapping services offered by Google are Street View, which allows web users to “drive” along virtual US landscapes with ground-level views, and Google Earth, which offers detailed satellite and 3D images of locations around the world.

In this case, it was imagery offered on Street View that caused the concern.

But both have provoked complaints – from individuals depicted in the images and from governments concerned that satellite images could compromise security.

Gary Ross, a spokesman for the US Northern Command, told AFP that although such services could be useful, “there has to be a balance”.

But Mr Yu said Google would listen to concerns about privacy and security.

“We try to have a compliant image removal policy – not only relative to the military but to consumers also,” said Mr Yu.

“If people have concerns, they should contact us.”

Pentagon bans Google map-makers

Hackers have begun actively targeting a vulnerability in Internet Explorer 7 that was patched earlier this month by Microsoft.

The bug cyber-criminals are looking to exploit is a remote code execution vulnerability that lies in the way Internet Explorer 7 handles errors when attempting to access deleted objects. According to Trend Micro, attackers are spamming a malicious .DOC file detected as X M L_DLOADR.A in a bid to infect unprotected users.

“This file has a very limited distribution script, suggesting it may be a targeted attack,” wrote Trend Micro’s Jake Soriano, on the company’s Malware Blog. “It contains an ActiveX object that automatically accesses a site rigged with a malicious HTML detected by the Trend Micro Smart Protection Network as HTML_DLOADER.AS.”

On an unpatched system, successful exploitation by HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS. The backdoor in turn installs a .DLL file that steals data and sends it to another URL via Port 443, Soriano wrote.

During this month’s Patch Tuesday, Microsoft also addressed a vulnerability in the way Internet Explorer handles CSS (Cascading Style Sheets). When IE displays a Web page that contains certain CSS styles, memory may be corrupted in such a way that an attacker could execute arbitrary code with the same rights as the logged-on user.

There was no word from Trend Micro as to whether this second issue was also being exploited.

Even with the rising popularity of rivals such as Firefox and Google Chrome, IE remains the most widely used—and targeted—Web browser. In December, Microsoft was forced to issue an out-of-band patch to ward off attempts by hackers to compromise users.

“Although the install base of the IE family is slowly eaten up by stiff competition such as Firefox and Chrome, IE7 is used by about one in every four Web users, a much larger share than previous versions of IE,” Soriano wrote. “This could explain why cyber-criminals seem to be eagerly searching for more bugs. … Users meanwhile are advised to patch now.”

Hackers Target Patched Microsoft Internet Explorer 7 Vulnerability