The worm exploiting a critical Windows bug that Microsoft Corp. patched with an emergency fix in late October is being used to build a new botnet, a security researcher said today.

Ivan Macalintal, a senior research engineer with Trend Micro Inc., said that the worm, which his company has dubbed "Downad.a" -- it's called "Conficker.a" by Microsoft and "Downadup" by Symantec Corp. -- is a key component in a new botnet that criminals are creating.

"We think 500,000 is a ball park figure," said Macalintal when asked the size of the new botnet. "That's not as large as some, such as [the] Kraken [botnet], or Storm earlier, but it's still starting to grow."

Facebook's 120 million users are being targeted by a virus dubbed "Koobface" that uses the social network's messaging system to infect PCs, then tries to gather sensitive information such as credit card numbers.

It is the latest attack by hackers increasingly looking to prey on users of social networking sites.

"A few other viruses have tried to use Facebook in similar ways to propagate themselves," Facebook spokesman Barry Schnitt said in an e-mail. He said a "very small percentage of users" had been affected by these viruses.

The DNA records of about 850,000 people could be wiped from the U.K.'s national database after the European Union ruled it breached human rights.

The European Court of Human Rights decision on Thursday means that the DNA details and possibly fingerprints of people suspected of a crime, but later cleared, could be removed.

The court found that in keeping the DNA details of people suspected of a crime the "state had overstepped any acceptable margin of appreciation."

Firefox's broad support for plug-ins and extensions has always been a major feature of the browser, particularly back in the days of IE6. The the browser's enduring popularity has finally caught the eye of malware authors, as a trojan is now targeting Firefox specifically

BitDefender has identified this new bit of holiday cheer as Trojan.PWS.ChromeInject.A." The ChromeInject suffix is a bit puzzling, since this attack is supposedly Firefox-only, but we weren't able to find clarification on what it refers to. The trojan installs itself into Firefox's add-on directory, registers itself as Greasemonkey, and begins searching your hard drive for passwords, login details, your World of WarCraft account information, and your library card number.

With the French revving up their "graduated response" plan and the UK government leaning on rightsholders and ISPs to hash something out before 10 Downing Street gets involved, it's important to remember that the European Parliament has some strong opinions on the issue as well. Unfortunately for consumers, no one wants to hear them.

The EU is in the midst of major overhaul of telecom law. The so-called Telecom Packet passed Parliament a few months back, complete with amendments that tried to rein in some of the graduated response proposals. The big concern is that rightsholders and ISPs could become judge, jury, and executioner over someone's 'Net connection without proper avenues for appeal or solid standards of evidence. That concern led to the introduction of amendment 138, which required judicial oversight of the process.

It's tough being a government these days; who has the energy to clean up the Internet after a hard day's work bailing out the financial sector? Not the Australian government, it seems. Rather than actually doing something about illegal content, they just make a list of it and tell ISPs to filter everything that's on the list. Sidestepping the murky political details and—for the moment—the civil liberties problems inherent in this approach, let's take a closer look at the technical aspects of such a plan.

In the Internet Service Provider Content Filtering Pilot Technical Testing Framework document, the Australian Government Department of Broadband Communications and the Digital Economy provides some details about what it wants ISPs to do in a pilot project. The main part is that ISPs who are interested in participating in the pilot will test solutions for filtering a list of at most 10,000 URLs on a blacklist maintained by the Australian Communications and Media Authority, a regulator not unlike the FCC. "Prohibited online content" includes what you would imagine, but also your garden variety porn (yes, the stuff they broadcast over the air on public TV in the Netherlands), and under special circumstances even R-rated movies. Filtering URLs on the ACMA blacklist is a mandatory part of the pilot, though additional filters that aren't clearly specified are optional.

A new front has opened in the ongoing arms race between Apple and iPhone hackers, with one hacker group making the iPhone boot with a Linux 2.6 kernel.

The announcement of the successful kernel porting was made on the Linux on the iPhone blog, complete with instructions and source code.

Earlier this year, AT&T began laying the political and public relations groundwork for a shift toward metered billing, throwing comments to the press about how such a shift was "inevitable," while company lobbyists began dropping vague hints that a billing shift was coming. Last summer, executives at the company announced that the telco would be conducting a metered billing trial this fall. The time for that trial has arrived, and Broadband Reports has learned that Reno, Nevada will be the lucky first market. Last Friday, AT&T filed [a] ... notice with the FCC that confirms the nation's largest ISP will be conducting a metered billing trial in Reno.

Called .tel, the domain is intended to act as a universal contact point rather than as a hook on which to hang websites.

Owners of .tel domains will be encouraged to populate it with details about how they can be contacted.

The domain is designed to work on the web and with mobile phones such as the Apple iPhone and Blackberry.

A travel industry group has called on the US government to halt its use of new machinery that remotely reads government issued identification cards at border crossings until the safety of the new system can be better understood.

Monday's call by the Association of Corporate Travel Executives (ACTE) follows similar requests by a chorus of civil liberties and computer researchers. They warn that use of the new long-range radio frequency identification (RFID) scanners could jeopardize the privacy and security of people who pass through US borders.

Online payment service CheckFree lost control of at least two of its domains on Tuesday in an attack that sent customers to servers run by a notorious crime gang believed to be based in Eastern Europe.

Reg reader Richard D. reported receiving a bogus secure sockets layer certificate when attempting to log in to his Mycheckfree.com account early Tuesday morning. On further examination, he discovered the site was mapping to 91.203.92.63. To confirm the redirection was an internet-wide problem, he checked the site using a server in another part of the US and got the same result.

MSL was scheduled to fly next year, but the mission has been dogged by testing and hardware problems.

The rover's launch would now be postponed until late 2011, agency officials said.

The mission is using innovative technologies to explore whether microbial life could ever have existed on the Red Planet.

It's a topic that has long been debated by video game aficionados all over the world: which features make for a better system: the pristine graphics of the Sony PlayStation 3 or the motion-sensitive game play of the Nintendo Wii? If Sony is successful in patenting their new controller concept, they just may be able to sway undecided consumers towards the PS3.

If you can't beat them, join them!

The idea will be to stray away from the traditional "Dual Shock" solid controller, opting instead to introduce a controller that resembles two ice-cream cones attached side-by-side. The controllers would be able to break-apart to maximize the look and feel of what is quickly becoming the next generation of game play control.