In a rating of twenty most widespread harmful programs worm Conficker known also as Downadup and Kido continues to the the leading position. By some estimations, Conficker could infect up to 20 million computers worldwide. The last days this worm has started to form the infected computers in a botnet for distribution of spam emails and spyware.

The second string of “charts”, as well as one month ago, holds the virus Sality with spyware functionality. This harmful program intercepts the information entered by means of the keyboard, and sends gathered information to malefactors.

It is remarkable that the harmful code CodeBaseExec which first versions have been detected in 2004 has returned to April virus “twenty”. The program gets on the PC of a victim through old “hole” in a browser of Internet Explorer of versions 5.01, 5.5 and 6.0.

The complete rating of harmful programs for April under the version «Kaspersky’s Laboratory» looks like this:

1. Net-Worm.Win32.Kido.ih
2. Virus.Win32.Sality.aa
3. Trojan-Dropper.Win32.Flystud.ko
4. Trojan.Win32.Chifrax.a
5. Trojan.Win32.Autoit.ci
6. Trojan-Downloader.Win32.VB.eql
7. Packed.Win32.Krap.b
8. Worm.Win32.AutoRun.dui
9. Exploit.HTML.CodeBaseExec
10. Packed.Win32.Black.a
11. Virus.Win32.Sality.z
12. Virus.Win32.Virut.ce
13. Trojan.JS.Agent.xy
14. Worm.Win32.Mabezat.b
15. Virus.Win32.Alman.b
16. Packed.Win32.Krap.g
17. Packed.Win32.Klone.bj
18. Worm.Win32.AutoIt.ar
19. Exploit.JS.Agent.agc
20. Email-Worm.Win32.Brontok.q

As it is informed, the problem is related to processing of JavaScript code. With help of the document generated in special way malefactors theoretically can organise DoS-attack, provoke emergency end of work of the program or execute any operations on the remote computer.

Adobe has confirmed the existence of the problem, having underlined, that it mentions all delivered versions of Reader and Acrobat packages , including 9.1, 8.1.4, 7.1.1 and earlier updatings. The situation is aggravated with that there were examples of the harmful code on the Internet, allowing to involve vulnerability.

Employees of Trend Micro underline that the network of zombie computers, formed by Conficker, probably, is one of the most difficult and thought over the history of botnets. The creation of this network proceeds rather slowly, however experts do not eliminate possibility of application the botnet in the organisation of massed attacks and distribution of millions undesirable emails.

Conficker has been detected in November of last year, however the peak of its activity was on the beginning of January. By various estimations, for today the harmful program could infect up to 20 million computers worldwide. For a trustworthy information about authors of worm Conficker the award at a rate of 250 thousand dollars is offered.

The database currently contains over 90 thousand of autorun items, and is constantly being updated.

Visit CESAM Startup files database

F-35 Lightning II is being developed by companies Lockheed Martin, Northrop Grumman and BAE Systems within the limits of program Joint Strike Fighter. Project cost is estimated in 300 billion dollars.

As network sources inform, malefactors managed to penetrate into a computer network of one of participants of the Joint Strike Fighter program and copied several terabytes of information about electronic components and the plane construction. Theoretically this data can simplify development of protection against American fighter of fifth generation.

Attack, presumably, has been carried out from territory of China. It is marked that cybercriminals did not manage to reach the most important information on a fighter as it is stored on computers which are not connected to the Internet. Nevertheless the damage put to program Joint Strike Fighter, can be calculated by millions dollars.

Let’s notice that computer networks of the governmental departments of the USA regularly are exposed to cyberattacks. Last year the president George Bush even has signed the decree which assumes the essential extension of powers of Agency of national safety of the USA for the purpose of preventing of hacker’s attacks.

The trojan was named Winlock.19. The program extends through the Internet under the pretext of counterfeit codecs and suggests to enter the special code ostensibly necessary for registration of a counterfeit copy of the operating system of Windows. To receive this code, it is necessary to send the text message from a mobile phone on a paid number.

It is remarkable that Winlock it is supplied by function of self-destruction and deletes itself in two hours after start. The Doctor Web company does not recommend to users to follow the malefactors and to send SMS anywhere. For those who does not wish to wait two hours to an automatic uninstall, Doctor Web has prepared the special form into which it is possible to enter the text of the prospective short message and to receive an unblocking code.

Conficker has been detected in November of last year, however the peak of its activity has been on the beginning of January: for a few days the worm has infected about ten millions computers worldwide.

New variant of Conficker has started to extend in the end of last week: the infected computers, co-operating with each other through P2P-connections, have given the command to other infected computers on loading of upgrades and two files — FraudTool. Win32.SpywareProtect2009.s and Email-Worm. Win32.Iksmas.atz. The first of these units represents a counterfeit antivirus which is placed on the servers allocated in territory of Ukraine. At start the program suggests «to delete the found viruses», demanding for it about 50 dollars. The second file — a mail worm possessing a functional of theft of the data and a spam sending.

«Kaspersky’s labs» marks that for 12 hours one bot infected with the new version of Conficker has sent over 42 thousand spam emails. If to assume that the total amount of infected computers is about 5 million it turns out that the Conficker botnet is capable to dispatch approximately 400 billions spam messages daily.

Different sources also inform that in the end of last week the Conficker has penetrated into computer network of University of Utah (USA), having infected about 700 computers at medical school, medical nursing care college and so forth the Primary analysis of a code of new variant Conficker allows to say that it will function till May, 3rd.

Conficker has been detected in November of last year, however the peak of its activity was on the beginning of January: for few days the worm infected about ten millions computers worldwide. The malicious program, capable to extend in the various ways, including through removable disk drives, allows malefactors to inspect the infected computers far off.

Computer security experts warn that on April 1st Conficker will receive a certain upgrade. Experts believe that the malicious program can be used for the purpose of the organisation of DDoS-attacks, and also for realisation of a mass spam sending or the infected letters.

Microsoft with support of some the organisations (including OpenDNS) has already launched campaign for struggle against a worm, providing locking of domain names which can be used by the worm.

According to the research, a worm under the name psyb0t is responsible for the creation of the botnet. Network devices on the basis of Mipsel platform — variant of Debian Linux for processors MIPS are the subject of infection. Attack is made by exhaustive search of combinations of a login and the password under the list; after successful breaking psyb0t closes access to a router for other users and incorporates with the botnet.

DroneBL experts mark that they have detected the malicious program during reflexion of the DDoS-attack routed on their servers. The worm, presumably, is unique and extends in the Network from the beginning of the year. At a rough guess, the botnet, organised with the help psyb0t, can consist of more than 100 thousand network devices.

It is informed also that some days ago the botnet has ceased to show activity. However the given information is not confirmed yet.