If you follow online security news, there’s little chance that you haven’t heard about Conficker – a new worm that has received extensive media coverage in the past weeks, due in part to Microsoft’s offer of a $250,000 bounty in return for information leading to the arrest of the malware’s perpetrators.

How much does identity theft cost?

$56.6 billion.

Those located in the US will likely have tax preparation on their minds in the coming weeks…and, likewise, that topic will also be of major interest to spammers and scammers looking to exploit the upcoming April 15 filing deadline. Recent reports are already confirming a rise in phishing messages purporting to come from the U.S. Internal Revenue Service, aimed at tricking taxpayers into falling for a scam.

Waledac, a new threat currently being seen, is believed by many researchers to be the replacement for the notorious Storm Worm; similarities have been noted in both its technique and behavior. As Lavasoft researchers have reported, you may have seen Waledac's work first hand through an assortment of spammed messages (holiday greeting cards, messages exploiting the inauguration of U.S. President Barack Obama and, more recently, love-related notes taking advantage of Valentine's Day) - all of which bait the user into executing the malware.

[Visualization of Waledac courtesy of Sudosecure.net]

We took some commonly asked user questions about this threat to Jeremy Conway, an independent security researcher at Sudosecure.net who has been closely tracking Waledac. Read our Q & A below to learn more.

In case you missed this bit of security news last week, according to Heise Security -

"A team of researchers from Bonn University and RWTH Aachen University have analysed the notorious Storm Worm botnet, and concluded it certainly isn't as invulnerable as it once seemed."

Analysts attempting to traverse the Storm botnet without being detected has proven it to be complex - discovery usually leads to a DDOS attack on the researcher. Having carried out such research covertly and claiming that the botnet can be rapidly taken down is highly significant in terms of the resultant reduction in spam levels and ability to carry out DDOS attacks.

Microsoft's attempts to disrupt the botnet with the Malicious Software Removal Tool, while not definitive, are proving successful. Malware analysts and observers far and wide welcome the news that these researchers have gone one step further by announcing it is theoretically possible to fatally damage the Storm botnet with a single strike.

But, the researchers have noted that there are legal concerns involved in the solution. It's ironic that a single strike that has the potential to take the Storm botnet down from the inside is punishable under German law (and the same may be true in other parts of the world, as well). The Storm botnet is so significant that most people would agree that, when it comes to permanently disrupting it, the end justifies the means. This particular situation gives rise to an ethical dilemma but, ultimately, using illegal methods is not acceptable, however frustrating it may be. Still, even if the researchers are not able to deploy this solution, the data gathered from this research will take us a significant step towards combating and defeating Storm.